WTF is Going On with Lawyers Falling for Wire Fraud?

In the last couple of years, I have seen several instances where an attorney receives an email from a hacker pretending to be opposing counsel providing wiring instructions. Assuming the email is legitimate, the attorney authorizes the wire transfer. Usually within a few days, opposing counsel will ask where the money is and the fraud is discovered. Unfortunately, after the transfer is made the money is removed instantly and is unrecoverable which leaves the parties pointing the finger at each other.

A forensic investigation later reveals that the hacker had been monitoring the attorney’s or a client’s email and knew that a wire transfer would be being made in the near future, usually as part of a settlement or some type of closing. The hacker can then do one of two things. First, he or she will essentially “hijack” an attorney’s email account and create special rules which will divert all emails concerning the settlement or closing to a separate account which prevents the attorney from knowing that someone is sending emails in his or her name and which further prevents him or her from seeing any reply emails seeking to confirm the wiring instructions. If that is not possible, the hacker will create an email domain that looks very similar to the attorney’s (e.g janesdoelaw.com rather than janedoelaw.com) and then use an alias with the attorney’s name to send wiring instructions.

How a hacker is able to monitor email conversations to know when a settlement or closing is imminent is the subject of dozens of articles online, but in the situations I have seen, the “what happened” is easily determined while the “how it happened” is never fully known. It could be that someone in the attorney’s office clicked a phishing link or maybe one of the clients had his or her emails hacked. Regardless, for purposes of this article, an attorney should assume that any time there are email conversations regarding closings or settlements there is a hacker able to monitor those conversations.

So, how to avoid being scammed: First off, despite all the warnings and trainings about phishing and security measures, anyone can get hacked. Relying on security measures alone is not enough. Given that, here are two suggestions based on the situations I have seen.

First, do not do wire transfers. A hacker could still ask that a check be made out to a different party or sent to an incorrect address but most attorneys will catch that scam because it will be so unusual – versus a series of bank and account numbers which will usually not raise a red flag. Also, if a check is sent to the wrong person or is stolen, there is a better chance to recover the money by canceling the check. Obviously, that creates a bit of a time delay versus a wire transfer but generally speaking there is no need for a wire transfer. If a case has been pending for some time, a few extra days or weeks to wait for a check to clear is not an issue.

Second, if a wire transfer is absolutely necessary, do not authorize a transfer without first calling opposing counsel and speaking to him or her in person and asking him or her to verify the wiring instructions over the phone. As a corollary to that, if you are the attorney receiving the funds, be sure to tell opposing counsel that he or she must call you before the funds are transferred so you can verify the wiring instructions. In every situation I have seen, a phone call would have prevented the fraudulent wire transfer.

An additional caveat to my second piece of advice is that you should do some research on opposing counsel early in the case so you know who you are dealing with and that you meet with or at least speak to opposing counsel well before the time comes to authorize a wire transfer. In this age of electronic communication, I can envision a situation where a hacker creates a fictitious identity and website which would negate the value of calling to verify wiring instructions.

In summary, you should assume that any time a transfer of money is imminent there is a hacker who is also aware of that fact. If you operate under that assumption and act accordingly, hopefully you can avoid the unenviable situation where a significant amount of money is stolen and everyone is looking at each other to see who is going to come up with that money.