Whether posing as a client, a trusted vendor or even the law firm itself, these scammers assume the identity of a known agent or party familiar to the firm, including firm administrators. Using a trusted person’s email, the scammer will contact someone within the firm and provide information that generally appears legitimate. These scammers will send emails that include wire instructions or changes to wire instructions, directing the recipient to transfer funds to a noted account. Once those funds have transferred, the scammers will typically begin moving the money around, making it difficult if not impossible to trace and recoup lost funds.
In addition to plying these schemes through email, some criminals will be so bold as to call the law firm directly with wiring instructions, again posing as representatives of trusted business organizations or parties to a transaction. Some have gone even further, sending imposters physically to law firm offices to conduct the fraud. Once there, they pose convincingly as parties to a business transaction or even as someone working for the law firm. They also can pose as someone working for a law firm representing other parties to a transaction and provide seemingly legitimate instructions for the electronic distribution of funds. When the dollars are substantial enough, these fraudsters do not lack for gumption.
Steps You Can Take
As instances of wire fraud continue to grow, law firms must be more vigilant to ensure they do not become victims to these schemes.
Every law firm should have documented, verifiable call-back procedures in place to substantially reduce the risk of fraudulent transaction activity. Employing comprehensive data encryption and use of safe pass programs for financial transactions are additional, standard steps law firms should take to protect themselves and their clients. Regular updates to all firm software is also a basic but critical recommendation. Often software updates include patches related to known data security issues – issues scammers look for when hacking into law firm computer systems and email programs.
In addition, law firm leaders should not only have a solid understanding of their own wire fraud prevention measures, but those of third-parties with whom they work. This includes banks, title companies and so forth. Quarterly screening and review of the firm’s wire fraud protection efforts, and those of their third-party vendors, is strongly recommended.
And because these fraudsters don’t simply avail themselves of attorney vulnerabilities, law firms have a duty to educate their clients involved in any financial transaction the firm is handling. Following similar advice as above, firms should caution clients to update their software and verbally verify any transaction requests directly with their attorney before they take any action. Clients should also be on the lookout for red flags such as outside parties directing them to take certain actions or receiving changes to previously agreed upon account numbers for wire transfer agreements, etc. And while not completely fool-proof themselves, sometimes something as simple as using a standard bank draft or check rather than a wire transfer is just the sort of thing that can derail the well-laid plans of these wire fraud schemers.
We’ve Got You Covered
While wire transfer fraud can be a significant exposure for law firms, to date many insurers have kept quiet on the issue as they evaluate the exposure itself.
First Indemnity Insurance Group takes a different approach. Working directly with law firms and attorneys, our philosophy is that your defense is our focus. As such, our broad definition of attorney/covered services contains a larger scope of covered parties and coverage limits, and this often includes wire transfer fraud coverage.
From the moment a First Indemnity client reports a wire fraud transaction, we deploy an entire team to come to the defense of the firm.
A remediation team is typically deployed within the first 8 hours of the report of a fraudulent transaction in an effort to track the funds and, if possible, recoup the finances in question. Timely reporting of the fraud is critical to the viability of this effort.
Next, and often in tandem with the remediation team, our forensic team begins the task of identifying where the breach in your firm’s security took place. The forensic team will identify the breach, patch or repair the breach and conduct a system-wide threat analysis to determine any other additional vulnerabilities that need to be addressed.
Often, our coverage includes access to a crisis coach who can best advise law firms on client notification, needed changes to operational procedures and other general post-fraud business operations advice. First Indemnity’s wire fraud policy protection also often includes coverage for the hiring of a public relations agency to mitigate any reputation damage to your firm caused by related media coverage, as well as coverage for legal fees should the firm find itself threatened by resulting legal action. These latter options are typically bundled in with our cyber liability coverage.
Ensure You’re Insured
The American Bar Association advises attorneys seeking to better protect themselves and their firms from fraudulent financial transactions “review their business-related insurance policies … to determine what, if any, insurance options might be available to provide coverage (indemnity or defense) relating to claims arising from Internet related scam activities.”
By contacting First Indemnity, you can remove the middleman and speak directly to underwriters who intimately understand the coverage we provide, taking the guess work out of what is in your policy. Moreover, buying direct from First Indemnity removes third-party broker fees, ensuring the coverage provided is not only fully explained by experts, but more affordable as well.
For more information about protecting your firm, your attorneys and your clients, please call or email Andrew A. Biggio, Program Manager at First Indemnity at (781)581-2508) or abiggio@firstindemnity.net.