3 Safety Measures Your Firm Should Implement to Avoid Wire Transfer Scams

We have received a steadily increasing number of notices from our insureds relating to fraudulent wire transfers. This increase in wire scams is seemingly a product of the increased remote interactions between parties occurring as the new normal as we continue to progress through this pandemic. Whatever the cause, the typical wire fraud notice begins with our insureds wiring funds per another party’s email instructions. Usually, within a few days, our insureds will then receive that ominous communication from the other party’s counsel inquiring on the status of the funds or asking why payment has not been made. In almost every case, our insureds immediately contact their bank or the receiving bank and notify the bank of the fraud. But by this time, it is usually too late for those funds to be recovered and our insureds are faced with the unnerving realization of a large, and most likely uncovered, loss of wired funds. These losses are specifically devastating, especially to smaller firms because the amount of the wire is usually six figures or larger and as mentioned above, the loss is almost always uncovered.

The wire funds very likely are not covered under either your malpractice or cyber insurance policies. Under the malpractice policy, this is due to an exclusion relating to “Any conversion, misappropriation, wrongful disbursement, improper commingling, or negligent supervision by any person of client or trust account funds or property, or funds or property of any other person, held or controlled at any time by the Insured in any capacity or under any authority, including any loss or reduction in value of such funds or property.” This exclusion is very broad and strong. We have not seen too many instances where coverage of a fraudulent wire transfer under this exclusion needed to be litigated but, in the few cases where it has, courts have upheld the exclusion, finding no coverage. A brief Google search reveals this is almost always the conclusion of courts when analyzing a wire fraud claim under an LPL policy. There is no coverage.

The same is true under your typical cyber insurance policy. The wire funds are specifically excluded from coverage in a similar way and courts are readily upholding the exclusion to coverage as applicable in wire fraud cases.

The most brutal aspect about these situations is if the law firm cannot recover the funds through working with the banks and local/federal authorities, that loss must be eaten by the parties. No one wants to be in this position and there are some very basic safety measures our insureds can institute to minimize this risk. First, do not use wire transfers as a method of payment. We know this is an obvious and oversimplified answer but, it may be better than the alternative. While we understand wiring funds has its benefits, namely speed and ease, the increased risk wire transfers present, coupled with the potential for large losses, may outweigh any benefit. Outside of the realm of real estate, wire transfers are less common and typically not necessary. Unless the parties need funds immediately, which is usually not the case, a check is a safer alternative. Usually, these cases have been pending for years and a few more days or weeks of waiting for payment is preferable to losing the funds.

Second, when there is no other alternative and wiring funds is required, over confirm the payment details with the other party. This means calling the other party on the phone after receiving the wire instructions and separately confirming those details. The typical wire scam is kicked off by someone in the insureds’ office being hacked. It usually is not known how the hack occurs and, once the money is gone, it does not matter how it occurred, just that it did. Whether someone clicked on a malicious link or the bad actors were able to gain access through an outside means, such as a linked personal electronic device, the money is gone either way. Confirming the wire details via telephone may be the single best tool to avoid being the victim of a wire scam. A confirming phone call is much more difficult to “hack”, even while hackers are utilizing ever-evolving and more creative ways of accessing our electronic devices.

Third, while anyone can be hacked, electronic security training for insureds and their staff is a must. This measure may not completely negate the possibility but, when insureds and their staff can identify malicious electronic communications, it greatly reduces the risk that someone in your office will click on that malicious link and kick off the wire scam chain. Electronic security training is a good idea for the entire firm even if you are not using wire transfers. We are working in an environment where electronic interactions are more and more common. These electronic communications will only increase and arming your firm with the tools to safely enter that world will help avoid an electronic breach.

Finally, take a step back from the urgency. Hackers thrive on situations where a sense of urgency exists, and the funds need to be wired “right now.” Take time to confirm the wire payment details and ensure the safety of those funds. No time crunch is worth a large uncovered loss.

In summary, it is always better to be safe than sorry, especially when dealing with large amounts of money, the loss of which is excluded from malpractice and cyber insurance coverage. Instituting these simple safety measures on the front end can save you a massive headache on the back end.