There are several new social engineering fraud alerts courtesy of our fellow insurers across the country for which you should be aware.
The first comes from Saskatchewan via CLIA “Hacked Email Fraud Alert” (March 6th, 2024), where a hacked email from a lawyer in the firm provided instructions for funds to be paid to a bank in another jurisdiction rather than the local financial institution on file. “The real estate assistant checked to make sure that this was a real bank but did not confirm the change in payment instructions with the lawyer handling the matter or with the client. The real estate assistant and the hacker posing as the lawyer had a brief email exchange. The real estate assistant made arrangements to wire the money to this account. It took a few days for everyone to realize that the client had not received the funds in his account and it was at that time that everyone realized that a fraud had occurred. We ask that you share this post with your members and ask them to follow our blog, Not So Risky Business, to receive fraud alerts and loss prevention tips directly to their inbox by subscribing here.”
The next piece comes from the Director of Insurance for the Law Society of Manitoba from their January 2024 Communiqué newsletter “Moving Money on Emailed Instructions” (page 16), where a local lawyer was “acting for a client who had a transaction closing. The law firm informed the client of the amount required to close the transaction and told the client to get a bank draft or a certified cheque to the lawyer before the closing date. The client called the lawyer from her bank branch at the suggestion of the bank teller. The client had received an email, purportedly from the lawyer, telling the client to wire the funds to certain coordinates. The client had gone into the bank to arrange for the wire transfer and an alert teller had suggested that she call her lawyer before wiring the funds. Sure enough, the client’s email had been hacked. The fraudster had sent an email that appeared to come from the lawyer’s firm giving her instructions to send the money to the fraudster’s account.”
And finally, a notice from the Lawyers Indemnity Fund (a division of the Law Society of British Columbia) from January 19th, 2024 “Funds transfer frauds: A scary new twist“, where a BC lawyer “received an email request from his executor client to pay funds to an estate beneficiary. Payment was to be made by direct deposit. There was some back and forth by email to get the details correct. They then emailed his assistant directing her to make a secondary verification by telephone using the number on file. However, the fraudster, having hacked into the firm’s system and gained access to their email, was watching the email traffic and inserted himself at the opportune moment. The fraudster then sent his own reply to the lawyer using the assistant’s email confirming that the secondary verification had been made and payment instructions were valid. Confident that confirmation had been obtained from the client, the lawyer paid out the funds to the fraudster and the money was lost.”
Remember that if you decide to proceed in any matter, you must always confirm a prospective client’s identification in accordance with the Client ID Regulations of the Nova Scotia Barristers’ Society. Perform all searches as thoroughly as possible, be vigilant and take your time – and beware of any aggressive urgency on behalf of the other parties to complete the transaction. Be cautious with all cheques received, especially if they exceed an agreed upon amount. If you decide to proceed with a transaction, be sure to go to the bank website to verify branch transit number, address and phone number on the cheque. Wait until the bank confirms that the funds are legitimate and are safe to withdraw from the deposit. You may also choose to use the Bank of Canada’s Lynx system, an electronic funds transfer system in which settlement occurs after the clearing of each individual payment, resulting in the transfer of funds in central bank money from one participant to another. Once settled, a payment is final and irrevocable.