Cybersecurity Awareness Month- Week #2

When thinking about a cyber-breach, lawyers may envision a sudden lock-down and takeover of the lawyer’s computer with a demand for ransom. While those attacks certainly occur, more often we receive reports of attacks that involve an attacker silently monitoring or hijacking an email account while the lawyer is oblivious to the breach. This Week #2 installment of our Cybersecurity Month series describes two policyholders’ experiences.

The Scams

Two separate, unrelated scams demonstrate how lawyers can be vulnerable to wire fraud. In the first scam, a small law firm located in rural Ohio discovered that an unauthorized third party had gained access to email accounts and set up email filtering rules that forwarded to an unfamiliar email account any email that contained the words “wire” or “transfer” or the phrase “bank funds.”  The firm specialized in residential and commercial real estate and had a related title agency that handled disbursement of sale proceeds and loan payoffs as part of their closing services. Luckily, the unauthorized email rules were discovered before any wire transfers were misdirected.

In the second scam, a solo practitioner with a real estate practice and related title agency was victimized by wire fraud. The lawyer handled a real estate closing and was responsible for disbursing the sale proceeds to the seller. The lawyer brought a check to the closing and provided it to the seller. Shortly thereafter, the lawyer’s staff received an email that appeared to be from the seller requesting that the payment be re-issued by wire transfer. According to the email, the check would be destroyed. The staff fulfilled the request and made the wire transfer. The email was a fraud. The true seller cashed the check that he received at the closing. As a result, the lawyer’s account was debited twice for the amount due to the seller.

Lessons Learned

Although these incidents are unconnected, considering them together is helpful to understand how wire transfer frauds may be carried out and where lawyers may be vulnerable. In both scenarios, the success of the attack depended on:

• breach of an email account (either the lawyer’s or the recipient’s)
• the victim’s ignorance of the breach; and
• the lawyer’s reliance upon email as the sole method of communication with the intended recipient of the wire transfer

If a lawyer or staff member makes an error and clicks on a questionable attachment or link and does not see an immediate impact in the performance of the device, it may seem that the person got lucky, and the device was not compromised. That is not always the case. If an attacker is targeting the victim’s email account, the infection may be designed to go unnoticed.

How to Apply the Lessons Learned

Law firms can protect themselves against this type of attack by:

• educating lawyers and staff how to protect email accounts from breach and guard against phishing attacks
• regularly running anti-virus scans to look for evidence of compromise
• periodically checking email accounts for unauthorized filtering rules
• creating a contact list with verified telephone numbers that can be used to confirm information received via email
• establishing a policy that wire transfer instructions and changes will not be accepted by email or will require voice confirmation using a verified telephone number

We recommend that lawyers advise clients, at the beginning of each engagement, that the lawyer will never send the client an email asking a client to make a wire transfer of funds – and if funds were ever needed by wire, such would be discussed in person or by phone (between the client and a known, recognized person at the firm) to avoid the risk of a breach or fraudulent transaction.

Policyholders can use OBLIC’s Cyber Toolbox to help educate lawyers and staff. On the Training Courses page, the Cyber Toolbox has a 10-minute video training course on phishing and a 7-minute video training course on wire fraud. These videos provide a good explanation of the risks and how to protect against them.

For more information, we recommend:

• Best Practices: Preventing Wire Fraud, May 10, 2022
• Cyber Scams Again and Again, August 6, 2020
• What is Business Email Compromise (BEC)? By Tokio Marine

As always, if you have any questions, please contact us. We are here to help!