Heightened Discipline for Wire Fraud

August 24, 2021

In a recent LinkedIn post Patrick Brown, director of information security at Lawyers Mutual, noted that the Fall 2021 North Carolina State Bar Journal has an all-caps message on page 24 from the Grievance Committee stating “… that lawyers who fail to take adequate precautions to protect against wire fraud scams can expect imposition of more serious professional discipline.” Why? Despite six years of resources and education on avoiding wire fraud, the State Bar continues to receive reports of lawyers who did not heed the advice. Here is a recap of resources and best practice for wire fraud prevention.

Ethics Opinions

• Lawyer’s Professional Responsibility When Third Party Steals Funds from Trust Account 2015 Formal Ethics Opinion 6 | North Carolina State Bar
• A Lawyer’s Responsibility in Avoiding Fraudulent Attempts to Obtain Entrusted Client Funds 2020 Formal Ethics Opinion 5 | North Carolina State Bar (ncbar.gov)
• A Lawyer’s Professional Responsibility in Identifying and Avoiding Counterfeit Checks 2021 Formal Ethics Opinion 2 | North Carolina State Bar (ncbar.gov)

Examples from Real Life

What kind of frauds are being perpetrated? Here are some examples of real-life scams. The more familiar you are with how these scams play out the more you may be able to recognize one.

• Wire Instruction Fraud Continues to Plague NC Lawyers
• Fake Wiring Instruction Scam
• New Developments in Fraud – Forged Directives, Fake Notaries and Payoff Fax Compromises – Lawyers Mutual Insurance Company
• What Happens in a Wire Fraud Scenario – Lawyers Mutual Insurance Company
• In narrow ruling, law firm escapes liability for not thwarting real estate cyber-scam

Prevention

There are several ways law firms can protect themselves and their clients.

Recognize and Guard Against Business Email Compromise

Business Email Compromise is not “simply” clicking on a link in an email that leads to hacking, malware, or ransomware. It is even more insidious, as it is targeted and specific, often with a live person looking to manipulate one or multiple parties and dupe them into providing information. They leverage spoofed email, may infiltrate an email system, and other methods to be very convincing. Read the resources below to find out how to prevent Business Email Compromise:

• • Business Email Compromise (BEC) Threat Identified as the Most Common Threat Vector | Sensei Enterprises, Inc.
  • Tips to Prevent Business Email Compromise (BEC) | Sensei Enterprises, Inc.
  • Business Email Compromise — FBI

Follow Protocols

The following resources provide guidance on what lawyers and their teams can do, along with their clients, to reduce risks by following protocols including what should go in the engagement letter.

• • Best Practices to Prevent Interception of Incoming Wires – Lawyers Mutual Insurance Company (lawyersmutualnc.com)
  • Wire Fraud Scams on the Rise: 5 Tips to Reduce Your Risk – practicePRO
  • How to Prevent Wire Transfer Fraud at Your Law Firm: New Printable Resource for Florida Lawyers | Florida Lawyers Mutual Insurance Company (flmic.com)
  • Gone Phishing? Wire Fraud Scams Continue Unabated Throughout 2021 So Far | Goodwin – JDSupra

Establish Security Best Practices

All law firms should use best security practices, including keeping technology up to date and patched, using password managers, staff training, multi-factor authentication, principle of least privilege, hard drive encryption, written policies, and mobile device protections. Additional steps to consider:

• Encrypt Email

If you have Microsoft 365 Business Premium and above and use the hosted Exchange server you have email encryption built in. Other options for solos and small firms for email encryption include a host of add-ons for Gmail and Outlook including Delivery Trust, Trustifi, Virtru, EchoWorx, and many others. Or work with an IT vendor to add encryption on an email server. This ethics opinion from Texas is quite good at illustrating the varied reasons and hypotheticals to consider when encrypting email.

• Password Protect Documents

If you have a paid version of Adobe Acrobat or an alternative product, or Microsoft Word, you can password protect documents. You can establish a password at the beginning of representation that is unique to the client to add an extra layer of protection.

• Use A Client Portal

If you are using a web-based practice management application many come with a secure client portal. You can use them to communicate with clients, share documents, receive documents, and make invoices available. If you do not have a practice management application there are stand-alone portals, or you can use secure file sharing via MS OneDrive, Dropbox for Business, Citrix ShareFile (which also comes with an email encryption plugin for Outlook), or many other options

• Verify Identity

Always get and use the client’s preferred phone number and email address and use that. If you receive an email or voicemail purporting to be the client using a different number, you should immediately question the veracity of that message. Explain this to the client at the beginning of representation during intake. One of the wonderful things about video conferencing, and the fact that many people are quite accustomed to Zoom, Teams, and Webex, is that you can see who you are talking to – but you want to make sure that there is no one else in the room who could overhear the conversation. You could have the client get on a video conference and hold her driver’s license up to the camera for additional verification.

• Don’t Use Free Email

Many of the resources from the State Bar, Lawyers Mutual and others suggest that free email is difficult to secure and easy to spoof. For that reason, you should consider getting your own domain and using a paid email program like MS Outlook (through MS 365 for Business), Google Workspace, Zoho Premium or Proton Mail (Plus or Pro).

Incident Response

If you realize that you or your client has been a victim of wire fraud, see this checklist on what to do next:

• NC Bar.gov CEO & Wire Transfer Fraud Checklist

Continuing Legal Education

If you want to learn more and get CLE credit the following two NCBA CLE programs are available on demand:

• Trust Accounting and Wire Fraud | NCBA CLE (ncbar.org)
• Hacked and the Money is Gone! What’s My Liability? Why and How Do You Guard Against Wire Fraud Schemes | NCBA CLE (ncbar.org)

Conclusion

The notice in the Bar Journal was to those lawyers who have not yet established best practices and protocols for fighting against wire fraud. Patrick Brown generously supplied many of the links above to help you get started. Educate yourself, your team, and your clients.  Because security is an ever-moving target make sure to stay up to date on the latest threats and follow Mad Eye Moody’s advice: “Constant Vigilance”!