July 2014 • Volume 102 • Number 7 • Page 314
Thank you for viewing this Illinois Bar Journal article. Please join the ISBA to access all of our IBJ articles and archives.
More cyberscams looking for lawyer-victims
Beware out-of-country residential real estate clients bearing cashier's checks.
Electronic financial fraud is burgeoning on almost every front, but attorneys in particular have been the focus of expensive scams that have prompted the Attorney's Title Guaranty Fund to broadcast a warning on its website.
Beware the email-only relationship
Rob Trubiana, the chief financial officer at the ATG, said the types of scams are numerous, and recently two real estate attorneys were bitten badly. The scheme involved a potential new client, claiming to be from Canada or another country, interested in retaining a lawyer for a real estate purchase in Naperville.
The phony client contacted the attorney by email and then sent a large cashier's check to cover the cost of the property, which didn't exist, and the attorney's fees. The check was either stolen or counterfeit and did not contain Magnetic Ink Character Recognition (MICR), a characteristic on all real checks. The lawyer took the check, put it in his escrow account, and was then contacted again by the client, asking that some of the money be sent back to a friend or relative in yet another country.
Believing that he had a hefty cashier's check that would soon clear their account - it takes nine days for a foreign check to clear - the attorney dipped into his escrow and sent the money as directed only to learn that the original cashier's check was a fake and failed to clear due to insufficient funds.
"When the money leaves the country there's practically no hope in getting it back," Trubiana said. Similar scams have also occurred in divorce cases, Trubiana said.
"There are many ways lawyers get scammed. But the number one way is by taking on a new client via email," Trubiana said. "What I advise lawyers is that if you can't talk to a client on the phone or face to face, if everything is being done by email, it's probably fraudulent. The minute you ask for a phone number, [the fraudster is] gone."
Wire transfer scams
Another scam involves email wire fraud schemes. These scams are on the rise as more and more attorneys use electronic banking to wire funds to a divorce litigant or a property seller. In these scams, the cyberthief places a virus on the lawyer's computer and the virus intercepts the wire transfers.
"The virus is programmed to watch whenever you enter your [bank's website] and send an electronic wire transfer," Trubiana explained. "It takes over and sends the money somewhere else."
It's a bad idea to conduct wire transfers on a computer that is open to the Internet, Trubiana said. Attorneys need to have a dedicated system and a business website that blocks employees' access to social networking sites. "Social media sites are the number one source of viruses," he said.
In addition, the ATG advises, all wire transfers should require the approval of two people at the firm, noting that banks are sometimes now requiring a two-party check and balance system.
"I tell our attorneys, you've got to use electronic banking today but you have to guard against having your information and funds stolen," Trubiana said. "Having your system dedicated and making sure it takes two people to approve a wire transfer is a way to guard against fraud.
"These bad guys know where the money is. They know the majority of law firms have sizeable escrows," Trubiana said. "I've seen the same situation with a divorce where the attorneys are engaged to collect a divorce settlement from a spouse. They get it, but it comes in as a foreign cashier's check. And then the [person pretending to be the] divorcee says 'would you do me a favor and send half the proceeds to an account overseas.' In that case, you're at the mercy of a benevolent banker to get the money back."
The ATG website explains that several ATG agents have been targeted and describes the typical wire fraud scenarios: Typically, the con artist intercepts email messages containing wire instructions that are sent to public domain accounts, such as Gmail, Yahoo, and Hotmail. After intercepting the email, the fraudster changes the content of the email and attached wire transfer instructions, but the recipient cannot tell that the email has been tampered with. In fact, the instructions have been changed to a bank account of the fraudster or someone affiliated with him/her. The best protection: send wire instructions in encrypted email or by fax.
For instructions on creating a business website and encrypting email, visit the ATG's website at http://www.atgf.com/underwriting/news/email-wire-fraud-scheme-warning.