Phishing for your firm’s money

June 15, 2016

Working from your phone, you get what looks like a legitimate check to deposit in a client’s trust account. It has their name and the name of a legitimate bank, so it’s deposited. Later, you find money is missing from the account. That check was a copy, not an original check, and you just deposited three others like that.

Abramowitz Abromowitz

Jerry Abramowitz, office manager at Cohen & Malad LLP, told that story about a law firm he knows that had that happen to them. The firm’s bank caught the fraud a few days later and the money was reimbursed to them, but it served as a reminder that anyone can be scammed and new scams are out there all the time.

“Most financial institutions don’t pay much attention to potential fraud under $5,000 and that’s what this was, a series of checks under that,” Abramowitz said. “(The scammer) changed the check numbers, whited out the payee and because it was on the phone, it was hard to tell what had been done to the check. That’s why I don’t deposit from phones and that’s why you need to be careful with checks.”

That’s just one scam among many targeting lawyers. Dan Pinnington, who runs Lawyers’ Professional Indemnity Co. in Toronto, monitors scams targeting lawyers in North America and worldwide. He knows of 80 check-fraud scams around the United States right now, and that’s not counting bogus representation, malware, ransomware and other email scams. Other attorneys reported getting two or three scam emails a day, so the problem is not going away.

In fact, according to Pinnington, the problem is becoming bigger as scammers get better. The easy-to-spot scams with poor grammar and a foreign-sounding name are being replaced by more legitimate-sounding messages.

“Some of these are fantastic. They have supporting documentation, and that’s not all. Some of them have phone lines. The person answering the phone used to have a really bad accent, but they’re getting better at that as well.”

green-kassandra-mug.jpg Green

Kassandra Green, an attorney at Hocker and Associates LLC in Indianapolis, said she knows of another firm that deposited an earnest money check 30 days before finding it was fraudulent. The scammer had duped an innocent real estate agent to help in the scheme.

There have been other fraudulent document scams as well.

“I have had more than one where someone wants me to enforce a foreign judgment with documents from Texas, with an attorney from Texas on the documents. They offer to deposit money, that whole scheme. I called the attorney in Texas and asked about the legitimacy of the documents and he said, no, bogus,” Green said.

waldron-ann-marie-mug.jpg Waldron

So how can attorneys avoid these schemes? Abramowitz reiterated not depositing checks from your phone. Ann Marie Waldron, an attorney at Waldron Law in Indianapolis, said when she doesn’t know or have an established relationship with the person who sent the check, she double checks on the money clearing and waits longer than normal to see if the funds are available.

“If it’s too good to be true, it probably is,” she said.

But check fraud, although common, isn’t the only type of scam.

brand-kim-mug.jpg Brand

Kim Brand, founder and president of Server Partners LLC, an Indiana company that provides IT services to small businesses, warned of ransomware. Here someone clicks on a link they’ve been sent and software downloads that locks up all the files on computers. The only way to access them is through a password. The only way to get the password is to pay the company that locked up the files.

“A lot of companies are willing to pay a lot of money to get that back. It’s actually been very successful,” Brand said. “It’s usually a pop-up vendor that does this.”

Brand said to be “doubly vigilant” when clicking on email links and to be “triply vigilant” as he called it, in keeping backups of files.

See a scam email Kassandra Green received on her work account. She provided it as an example of what to watch out for.

Brand said many companies will pay the ransom just to avoid the embarrassment and liability, and fraudsters know this.

Pinnington also warned of spearphishing, where an unexpected email comes from someone, usually a leader within your organization, asking you to verify information or claiming to have sensitive client information you should look at. When you click, malware invades the computer.

There aren’t many places that gather email scams specific to lawyers, so being aware of scams can be challenging. The Indiana Attorney General’s Office did not have any data on scams specifically targeting lawyers, and neither did the FBI when contacted.

Waldron said she has asked members of a forum for solo and small firm lawyers on the Indiana State Bar Association website about scams, and most of the time a member there has run across one that she’s encountered.

Green relies on Google for most verifications, as does Abramowitz. He also uses snopes.com, but both wish there was a place where scams were aggregated in order to keep on top of what the latest trends are.

“Of course, the scammers would be aware of that site and would probably try to hack it,” Abramowitz said. “So it might not be safe.”

“One misstep and you’re in trouble,” Green said. “Everyone needs to be so careful.”•


Recent Articles by Scott Roberts