When the history of 2020 is written, socially engineered cyber scams will be among the many things that will define the period.
Due to forced social distancing and an increased reliance on technology to engage with the world, scammers have found ample opportunity to leverage the fallout around COVID-19. A recent article in CIO magazine points to the phenomena and how criminals have used phishing emails and texts, among other social engineering tools, to prey on people’s fears and concerns about the pandemic to commit crimes. These schemes have only become more sophisticated and hard to spot in recent years.
This type of criminal activity leaves law firms vulnerable on several fronts, most especially where electronic or wire transfer of funds are concerned.
Cyber criminals often use emails or texts that suggest changes to wiring instructions, new account numbers or other details to lure well-intentioned assistants and even attorneys into costly mistakes. This is most acute in real estate transactions. These scammers are experts at eroding one’s initial skepticism by including seemingly unknowable details about a transaction. In some cases, these criminals may even include information that suggests intimate knowledge of the firm or staff that “assures” those involved the sender is who he or she claims to be. That false sense of legitimacy is what these criminals strive for and convince others to make grave errors.
Scammers often glean this information from holes in the firm’s technology infrastructure. In some cases, they place undetected malware on a laptop or the firm’s server which gathers information on the firm for months to better inform a potential scam.
Another area of particular vulnerability is mortgage refinancing. With interest rates at all-time historic lows, and banks and attorneys involved in these processes working remotely, the risk of fraud is considerable. And because home Internet service and virtual private networks likely lack the security sophistication of an office environment, the potential exposure to scammers is increased.
To protect the firm’s practice and those transactions involving its clients, attorneys must be vigilant in employing verifiable call-back procedures. What this means is establishing a two-factor authentication protocol where any requested changes, however minor, to a pending transaction automatically triggers a process by which a phone conversation or text message is warranted. This verification is the best defense against scammers in situations where a face-to-face interaction with clients is not possible.
In addition to ensuring a firm’s professional liability policy includes fidelity coverage, law firms would be well advised to avoid serving as both the functionary of account reconciliation as well as the administrator of funds. Such a scenario substantially increases the risk of potential exposure to criminal activity by employees as well as nefarious outside parties.
Once funds are transferred electronically, these cyber criminals are adept at making the money completely disappear. Innumerable digital transfers can take place within seconds of an electronic transfer of funds, making it nearly impossible to trace the funds. Therefore, the best defense is making sure everyone in the firm involved in any type of financial transaction is trained to spot a potential crime via social engineering. Regular trainings and stress tests are strongly advised to keep the firm, its clients and its employees safe – not to mention ensuring all funds in the care of the firm remain secure.