< Back
Post on August 6th, 2020

If you diligently read these OBLICAlerts, you may be incredulous that we are sending yet another warning about third-party initiated cyber and wire fraud scams. OBLIC has sent out alerts on this topic several times this year as well as multiple times a year over the past several years. Despite these alerts, we are seeing these sorts of scams becoming even more frequent. In the past thirty days, we have responded to six data breach or cyber/wire fraud scams targeting solo attorneys, small firms, and even large firms with resources that one would expect would not fall victim to these scams. So – we are renewing our warnings and giving you some tools and information to enhance training to try to prevent losses due to third-party initiated cyber and wire fraud scams (as contrasted to internal fraud, a completely different subject).

Third-party initiated wire fraud scams can occur any time there are funds being electronically transferred. These scams often involve a third party injecting himself into a transaction through a spoofed email account, or an email account that looks like a legitimate email account involved in the transaction. The first element of these sort of scams is a data breach, whereby the fraudster gains access to an email account – either yours, your client’s, or that of another party or their counsel. This third party fraudster monitors emails looking for an opportunity to intervene in a transaction involving the conveyance of money, such as a real estate transaction, business transaction, or a settlement. At a critical point in the transaction, the fraudster enters the scene with a spoofed email, or perhaps through one of the parties’ legitimate email addresses, to provide fraudulent wire instructions or changes to how the transaction was to close. If not detected and avoided, the unaware paying party then wires the funds to the fraudster’s account rather to that of the intended party and often by the time the fraud is discovered, the funds have been withdrawn and the fraudster is long gone.

Social engineering is a common method that cyber criminals use to gain access to your email and monitor communications. Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. This attack is commonly launched via phishing emails that include a link for you (or someone in your office) to “click.” This link may either launch software allowing the fraudster to access your system or email account, or it may go further and seek log in credentials or passwords in what might seem to be a legitimate exercise. Once “clicked,” the fraudster can then gain access to your email account, or perhaps even broader access to your entire network. Rules in your email software that forward emails to a third-party, saves them to a separate folder, or immediately deletes emails can be a signal that your email account has been compromised.

One way to guard against third-party initiated fraudulent wire scams is to independently verify with a known party to the transaction, via a verified telephone number, all payment instructions and purported changes thereto, BEFORE initiating payment. Do not rely on any contact information provided in any email purporting to convey or change payment instructions. Additionally, we highly recommend that you follow OBLIC’s Wiring Instructions: Do’s & Don’ts to limit your exposure to these potential scams.

The companion to wire fraud scams is the fraudulent client scam. These scams often begin with a generic email from a “prospective client” (a/k/a “fraudster”) purportedly seeking representation in your area of practice, and ends with you wiring the fraudster an often six-figure amount out of your IOLTA. These scams can arise in all areas of practice but generally follow the same or similar series of events:

    • The prospective client (fraudster) contacts you via email and/or phone with an inquiry about representation.
    • After providing additional facts that suggests a six-figure recovery, you request a signed fee agreement and initial retainer to start the representation (assuming you are following best practices)
    • Shortly after the fraudster sends back the signed fee agreement, one of two things often occurs: (1) a check (fraudulent) shows up at your office unsolicited from the opposing party; or (2) the fraudster copies you on an email to a third party (think “opposing party”) who purportedly owes fraudster money, informing the third party that you are fraudster’s attorney.
      • Shockingly, the third-party email scenario often results in an immediate admission from the third-party (think “accomplice”) that the money is owed and that payment is on its way. Then miraculously, a check (fraudulent) arrives from third-party (accomplice).
    • The fraudster instructs you to take your fee from the funds you just received (via the fraudulent check), rather than paying your initial retainer.
    • You deposit the fraudulent check into your IOLTA.
    • The client informs you that they have a limited opportunity or short window in which to get the funds that requires you to wire the funds immediately.
    • You wire the funds after the funds are made available by the bank, assuming you waited any time at all. This is not the same thing as confirming that the funds are actually received by your bank from the issuing institution.
    • Once your bank discovers that the check deposited was actually fraudulent, you and your firm become personally liable for the overdraft to your IOLTA, resulting in potential large losses of client and personal funds.

There are many red flags throughout this process but as one insured commented, you want to believe the purported client – and the money looks tempting!

The crux of the fraudulent client scam is that banks are required by the Expedited Funds Availability Act to make the funds available after a certain number of days REGARDLESS of whether the check clears by that time. The only surefire way to avoid being a victim to this scam is to wait until the check is fully negotiated and funds from the payor’s bank are transferred to your account.

Bank tellers are often in the dark as much as the attorney when it comes to determining fund availability under the Expedited Funds Availability Act. Here is a link to a sample letter that would help you and the Bank identify when the funds are actually received by your bank from the issuing institution.

If you encounter any scenario described above, or you see other red flags, STOP, and call us – we are here to help. As always, if you have comments or questions about this or any loss prevention questions, please do not hesitate to contact me.


Gretchen K Mote, Esq.,
Director of Loss Prevention