Reprinted with permission from CentricPro.
Email has become one of the most convenient and efficient ways of communicating. Unfortunately, it has now also become one of the most convenient and efficient ways for scammers to fool us, especially with regard to wire transfer schemes. Even the best-managed law firms could fall victim to scams that intentionally mislead unsuspecting employees into sending money or diverting payments to fraudsters who are impersonating clients, attorneys, lenders and Realtors.
These schemes are commonly referred to as social engineering scams where your employees are tricked with fake information received generally by email. The email appears to be legitimate, but it is not. It is a fraudster looking to get you to send money without realizing you are sending it to an imposter.
In the past week we were informed by a couple of CATIC Agents of fraudulent wire requests. One agent noted that as buyer’s counsel he received an email from seller’s attorney on a matter that would be closing soon requesting wiring of additional funds. References to the parties and the transaction appeared accurate, but there were some grammatical errors in the body of the email. In addition, in reviewing the email more closely the agent noticed that the email addresses of some of the parties were changed by one letter. This situation thankfully has a happy ending, with the attempted scam being prevented due to the vigilance of the attorney.
But unfortunately we are contacted by others and the results are devastating. Because the emails look so legitimate, at times the clues are not detected. At the CATIC Agent Forum, a representative of the FBI showed that it can come down to merely a change in an email address with the rest of the email appearing to be legitimate. It could simply be the changing of an “l” to a “1” in an email address which is very difficult to detect. Further, when responding you would not get an invalid email response back because the scammers are smart enough to pay the nominal cost for buying the scam domain name.
Lessons to be learned: Carefully examine all aspects of your emails. Do not automatically trust what you are receiving. Also set up email policies in your law firm and educate everyone on the dangers. In addition, make sure your law firm is properly covered by insurance in the event someone in your firm falls victim to a social engineering scam.
To learn more, contact ">Colleen M. Capossela, Esq., President of CentricPro Management Services, Inc.