Do you know about the email wire fraud scam affecting lawyers and law firms?

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

This week we wanted to talk about wire fraud.  Despite the fact that wire fraud scams target a wide range of professionals, attorneys who handle real estate transactions and/or wire money are particularly at risk.

Lawyers should be aware of any fraud schemes that could cost them and/or their clients hundreds of thousands of dollars if they transfer money to or on behalf of clients. The Federal Bureau of Investigation (FBI) estimates that scammers have stolen up to $1.33 billion just in the United States.

Here’s how the scheme normally works:

  • The scammer will gain control of an email account from at least one of the parties in a transaction.  Typically that transaction will be in real estate.  They will use this access to gain details.
  • The scammer will send a set of emails that appear to be legitimate discussing the details of the deal to build trust
  • Then, the scammer will send wire instructions OR make changes to a previously supplied set of instructions
  • The scammer will say this matter is “urgent” and that everything “needs to be done today”.  This is so the normal set of checks and balances will be bypassed, thus eliminating the normal scrutiny requests like these should get
  • Then, the attorney would unknowingly wire the money to the scammer’s account and the scammer will typically move that money immediately to an overseas account so it cannot be stopped

There are a few ways that attorneys can prevent wire fraud – 

#1 – Be hyper-vigilant

First, attorneys should be on the lookout for wire fraud scams and be skeptical whenever money is being wired to finish any kind of transaction. Wire fraud scams that use emails can involve anyone in a transaction, from someone the attorney has worked with for 40 years to someone they have only met briefly for one transaction. Because of how email works, it is much easier to hide a person’s true name through email than over the phone or in person.

#2 – Use a second authentication factor

Use a phone call as the second authentication factor to easily check on all wire transfer requests.

Before any money is moved out of the law firm for a transaction, an attorney can find out about most possible fraud scams by calling the person who is supposedly sending the email. Attorneys should always use the contact information they already have for the person instead of the information in the email, which could be fake. Lawyers can also call someone else at the company. The main point is to do something outside of the email chain that could be hacked.

#3 – Be skeptical of last minute changes

Be careful when a party in a deal suddenly changes how they usually do things. This could mean moving money to a different account, using a personal email address instead of a work one, or talking to someone else at the company. All of these things could be signs of a possible scam. 

Questions about risk mitigation for this exposure?  Call us at 412.563.2106

Stay tuned for next week where we will send you a website where you can check to see if your email/password combination has been exposed in any major hack.

How To Identify Malicious Email Attachments

Malicious email alert

Do you know that more than 50% of cyber attacks are due to employee error and negligence, and part of that negligence and errors are due to the opening of malicious attachments, and the employee’s inability to identify a malicious attachment? Well, I’m here today to give you a few tips on how you and your employees can identify those malicious attachments. 

One, always listen to your malware alert. If your email service or your antivirus software tells you not to open the attachment, don’t open the attachment, listen to it! 

Two, check out the message. Do you know who actually sent you the attachment? If you don’t know who sent you the attachment, maybe it’s best not to open the attachment. Does the email content actually look normal? Or look like most of the emails that you get? Is it jumbled? Are there misspellings? Is your name misspelled in it? Those are pretty good signs that the attachment is in fact malware. 

Check out the attachment file extension. If it is a .exe, don’t open it. That’s an executable file and you do not want to open it in your email. Other attachment file extensions that are most likely malware are the .docm extension, the .xlsm extension and the .pptm extension. If you see those, I wouldn’t open the attachment. Just be careful and think twice before you open any attachment. 

And lastly, always, always make sure that your antivirus software is up to date and current.