New instances of an old identity and/or website spoofing scam continue to reported by Nova Scotia lawyers. The basics are these: individuals are contacted by email or paper mail by what appears to be lawyer looking to complete a transaction or notice of inheritance, who provides a seemingly legitimate website and contact information for their “firm”. These letters will often feature logos or other legitimate information in order to appear to be an authentic communication. After “proving” their existence, the scammer from the bogus firm then begins a fraudulent trust cheque, certified cheque, bank draft, “administration fee”, or other transaction looking to debit the lawyer’s trust account; or simply to have them download a virus to their system.

At times, the fraudster will simply represent themselves as a lawyer from a legitimate firm. Other times, they will go to the effort of making a duplicate or recreation of a website for a legitimate law firm, which will even feature actual lawyers’ names and photos.

In the latter instance, the email addresses and/or telephone numbers featured on the mirrored website are phony, and will connect with the scammers – not with the legitimate lawyer(s). For example, if the actual lawyer’s email address is johndoe@lawfirm.com, the bogus email address might be johndoe@lawfirmhalifax.com or johndoe@lawfirm.biz. We’ve reported on these types of scams before, the most recent/relevant being:

If you have been targeted in a similar scenario, reach out to Lawrence Rubin, LIANS’ Director of Insurance lrubin@lians.ca and the NSBS Legal Services Support team at lss@nsbs.org.

If you discover that a website has co-opted your site and/or firm information, you can report it to the web host as a fraudulent representation of your identity. To find out who hosts the website, go to who.is and enter the URL. As the hosting company is listed under the registrar info, run a simple search on the company name to find contact details. Filing a complaint with Competition Bureau Canada for deceptive marketing is also an option. You may also want to report this to the federal Canadian Anti-Fraud Centre for statistical purposes. You may choose to contact the RCMP, but often they will only accept a fraud report if a crime has been committed (e.g., money has exchanged hands).

You may also want to update the contact information for your firm with Google, as that information is more reliably verified, while a spoofed website/phony contact information can be posted through any platform. You can begin that process here: Google: Update your Business Information. Essentially, if anyone else has received a similar email or letter, it would be easier for them to cross-reference the phony information from the letter with your verified Google business listing, and therefore prevent them from falling for the scam.

As always, sensitive personal data and/or banking information should never be shared because of an unsolicited communication. It is best to contact the company, firm or person directly (without responding to that email), in order to independently verify the sender. Use the NSBS Lawyer Directory (or relevant law society directory) to verify a lawyer’s identity and obtain their contact information to ensure that you are not speaking with an identity thief or scammer. Overall, where possible in transactions, use the Bank of Canada’s Lynx system (formerly the Large Value Transfer System (LVTS)), an electronic funds transfer system that allows large payments to be exchanged securely and immediately.

Finally, remember that links and attachments in unsolicited or unanticipated emails should also not be accessed unless the sender can be positively verified, as they may contain viruses. If a bogus attachment is opened and the user does not have anti-virus software or firewall programs on their computer, their system could be infected.