Similar to the warnings we have circulated of late, the following is an excerpt from a fraud alert recently posted to the Alberta Lawyers Indemnity Association (a division of the Law Society of Alberta), for social engineering scams that could also threaten Nova Scotia lawyers:
“Business Email Compromise Tricks Calgary Law Firm” (August 10, 2022)
“ALIA is cautioning Subscribers to be alert to Business Email Compromise (“BEC”), a form of social engineering, after a Calgary firm sent more than $200,000 of client funds to fraudulent bank accounts. BEC is a cybercrime designed to gain access to critical business information and/or to extract money through email-based fraud.
The scam involved a criminal impersonating a home builder through a slightly modified email address (also known as email spoofing), convincing the firm to redirect payments to be made to the builder.
The fraudulent instructions were emailed to the firm less than half an hour after the firm received initial payment instructions from the real builder. The criminal requested the builder’s “international account” be used because the initial bank account was unavailable. When the firm indicated it could not wire the funds, instructions for another bank account were provided. The bank advised that this account was not in the name of the builder, but the criminal convinced the firm it was the builder’s subsidiary.
A couple of days later, the criminal, again impersonating the builder through email, instructed that another client’s funds be sent to a second account at a different bank. This time, the account was in the name of a logistics company.
The fraud came to light when the builder contacted the firm to inquire about the missing funds.
ALIA strongly recommends that Subscribers discourage or eliminate accepting banking details or wire transfer instructions via email. Subscribers should confirm with their clients that email should not be used to communicate banking instructions or changes unless they are confirmed by telephone via a known number, video conference, or, if possible, in person. Payment instructions from other parties should also be verified with them (or their counsel, as appropriate) using similar verification processes. Taking these steps is an effective tool to prevent BEC.
Changes in banking instructions should be an immediate and major red flag. Other red flags, in this case, include the fact that multiple bank accounts were involved, one with a different name and an international account.
In the first email to the law firm, the criminal contacted a firm employee. Training to recognize red flags and detect scams is important not only for Subscribers, but also for legal assistants, paralegals, and other employees, who are often on the frontline in receiving initial contact from clients and fraudsters.
For lawyers here in Nova Scotia:
- Review the NSBS Regulations made pursuant to the Legal Profession Act, S.N.S 2004, c.28, including 4.12: Cash Transactions; 4.13: Client Identification; and Part 10: Trust Accounts.
- Remember that you must always confirm a prospective client’s identification in accordance with the Anti-Money Laundering (Client ID) Regulations of the Nova Scotia Barristers’ Society.
- In order to avoid fraud in real estate transactions, perform all searches as thoroughly as possible, be vigilant and take your time – and beware of any aggressive urgency on behalf of the other parties to complete the transaction. Be cautious with all cheques received, especially if they exceed an agreed upon amount. If you decide to proceed with a transaction, be sure to go to the bank website to verify the branch transit number, address and phone number on the cheque. Wait until the bank confirms that the funds are legitimate and are safe to withdraw from the deposit. Where possible, use the Bank of Canada’s Lynx system (formerly the Large Value Transfer System (LVTS)), an electronic funds transfer system that allows large payments to be exchanged securely and immediately.
For tips to avoid being victimized, and to report or seek advice on dealing with fraud and scam attempts, contact Cynthia Nield at [email protected] or 902 423 1300, x346.