LAW FIRM CYBER RISK WIRE TRANSFER FRAUD

Law Firm Cyber Risk Wire Transfer Fraud

 

I. Law Firm Cyber Risk Wire Transfer Fraud – Explained

Wire fraud is financial fraud involving the use of telecommunications or information technology.

Example: the New Jersey Law Journal recently reported that a law firm lost $119,000 in an alleged Nigerian internet scam:

The firm “received an email from someone calling himself Miguel Francisco, who was seeking help with an employment dispute over severance pay.”

He stated that “he wanted to bring a claim against his former employer, LabCorp, for $119,000 in unpaid severance. The firm also received emails from someone purporting to be a LabCorp employee, who confirmed the company’s purposed debt to Francisco. Contrary to its usual procedures, the firm did not meet Francisco in person but spoke to him by phone…It’s unclear whether Francisco is a real person.”

10 days later, “the firm received a check for $119,000, made out to Francisco, and deposited it in the firm trust account.” The next day, “Francisco called the firm’s bookkeeper and gave instructions for wiring the funds to him”. The firm then wired the funds to a Citibank account. Four days later, “the firm learned that the check it received was fraudulent.”

It tried “to recall the wire transfer from Citibank, but received no response to its request.”

II. Law Firm Cyber Risk Wire Transfer Fraud – How to Prevent It

Great Western Bank offers eight tips to prevent wire transfer fraud:

  1. Verbal Confirmation
    Verbally confirm that the request to initiate the wire is from an authorized person within the company.
  2. Verify Changes
    Anytime you receive new wire instructions or a change to existing wire instructions verbally verify with your wire transfer vendor.
  3. Investigate Unique Requests
    If you receive a request for a payment that is out of your ordinary payment arrangement, confirm by phone with your vendor.
  4. Double Check Email Addresses
    A common trick is to slightly modify an email address. For example, john.smith@abc.com might be changed to jon.smith@abc.com
  5. FWD Instead of Reply
    Rather than reply to an email, forward the email to the address that you have on file.
  6. Establish Dual Controls
    For Great Western Bank Treasury Banking Suite (TBS) customers, this could mean having one TBS user who initiates the wires and another TBS user who approves the wires.
  7. Be Alert
    Be on alert for fraud anytime the wire transfer instructions include tight deadlines or pressure you to act quickly.
  8. Be Suspicious of Confidentiality
    Whenever wire transfer instructions specify keeping the transaction a secret – verbally verify with an executive or the person requesting the transaction.

An important 9th control for law firms, is ‘know your client’, i.e., meet with a potential client before accepting an engagement.

The best defenses against wire fraud include internal procedures and training team members to recognize the signs of suspicious activity.

A former FBI official advises:

You need to tell employees, particularly in financial areas, that the movement of money should never be generated by an incoming communication, but to always confirm it with you directly, Figliuzzi says. Tell your employees point blank: “‘It’s going to take your picking up the phone and going, ‘I’m sorry to bother you, but did you just tell me to move a million dollars or not?

III. Law Firm Cyber Risk Wire Transfer Fraud – The Role of Insurance

Wire fraud and other ‘social engineering’ losses, i.e., phishing, are best covered under a commercial crime policy, not a cyber policy. Most cyber policies either exclude coverage for claims arising out of wire fraud, phishing, etc., or offer a small limit, i.e., $25,000.

Crime policies will cover these losses up to $1,000,000 or more, if a law firm has good risk controls in place, like those mentioned above, especially “out-of-band” verification, wherein a phone call is placed to double-check any email instructions, before funds are disbursed.

V. Further Reading

What Is Phishing?

Social Engineering Explained

A Typical Wire Fraud Scam Scenario Faced By Lawyers

Wire Fraud in Real Estate Transactions

How to Prevent Wire Transfer Fraud at Your Law Firm

Identifying Social Engineering Red Flags

Best Practices to Avoid Wire Fraud

Cyber Security Best Practices for Law Firms

FBI Internet Crime Complaint Center

Wire Transfer Fraud Litigation – Who’s To Blame?