email scam

SC dirt lawyers sued for email funds diversion by a third-party criminal

Standard

This is the first suit of this type I’ve seen. I’m confident it won’t be the last!

A dirt lawyer friend sent a copy to me of a hot-off-presses lawsuit filed in a circuit court in South Carolina against a closing law firm because the purchaser’s $50,000 in closing funds were diverted by a third-party criminal posing in an email exchange as the transaction’s real estate agent. My friend said he sent the case for my information. I think he sent it so I wouldn’t sleep!

Here are the facts as recited in the complaint. The names are being changed to protect all parties.

Paul and Penny Purchaser signed an Attorney Preference Form on March 28, 2017, selecting Ready and Able, LLC as their legal counsel for the purchase of a residential home and the closing of a purchase money mortgage with Remedy Mortgage, LLC.

On April 10, Paul and Penny Purchaser received Ready and Able, LLC’s “Purchaser’s Information Sheet” which required Paul and Penny to pay all closing funds over $500 to Ready and Able, LLC by wire transfer. The complaint states that these were silent as to the security of wire transfers, the security of private information to be conveyed between the purchasers and the law firm, and the security or lack of security of the use of email for closing information.

Also on April 10, Penny Purchaser telephoned the law firm and spoke with paralegal, Candy Competent, providing her with the purchasers’ Social Security numbers. The complaint states that Ms. Competent accepted the information and provided no wiring information or warnings.

hacker

The complaint states that on April 14, Paul Purchaser received what purported and reasonably appeared to be an email from Regina Realtor, their real estate agent for the transaction, asking Mr. and Mrs. Purchaser to wire closing funds in the amount of $48,490.31 that day so that the closing scheduled for April 21 would not be delayed. Penny Purchaser replied to the email requesting wiring instructions. An attachment purporting to be wiring instructions for Ready and Able, LLC. was sent via reply email.  The complaint states that the wiring instructions reasonably appeared to be the correct wiring instructions for the law firm and appeared to be printed on law firm letterhead. This email exchange was actually with a third-party criminal.

Later on April 14, Penny Purchaser telephoned Candy Competent and requested the amount needed to close. Ms. Competent discussed the amount needed to close despite the fact, according to the complaint, that she knew or should have known that the law firm had not sent wiring instructions to the purchasers or the real estate agent.

On April 17, Ms. Competent sent an email to Mrs. Purchaser advising her to add $550 to the funds due to close to cover a survey bill that came in on April 14. No mention was made of wiring instructions in that email. The email also did not discuss the fact that the law firm had not yet provided an amount to close to the purchasers or to the real estate agent. Mrs. Purchaser wired $49,015.31 using the wiring instructions provided by the third-party criminal.

On April 21, Paul and Penny Purchaser learned for the first time that the wiring instructions were the work of a criminal third party, who received the funds and has failed to return the funds.

The complaint states two causes of action, negligence and legal malpractice, and lists the following breaches of duty committed by the law firm:

  • Requiring the plaintiffs to use wire closing funds to defendant, without counseling the plaintiffs about the methods by which the secure delivery of such funds could be compromised;
  • Failing to counsel the plaintiffs about the risks and insecurity of email communications, particularly of private, sensitive, or financial closing information; and
  • Failing to be alerted by the circumstances of Mrs. Purchaser’s telephone call on April 14, and therefore to warn her that no communication had been sent by the law firm.

Is this, in fact, negligence or legal malpractice?  We will have to wait to see.  Would the processes established by your law firm for the protection of your clients’ funds prevent this type of crime? That is the question of the day. Please discuss among yourselves!

Ransomware: A Scary Prospect for Dirt Lawyers

Standard

The Cyberdivision of the FBI is serious about ransomware!  An FBI speaker last Friday at the SC Bar’s excellent tech seminar, an annual seminar I highly recommend for solo and small firm lawyers, emphasized awareness and employee training are critical to prevent data losses in your operation.

Ransomware is a form of malware that is most often delivered through spear phishing e-mails. Spear phishing is a type of e-mail fraud that seeks unauthorized access to confidential data. Ransomware is what it sounds like. Once the fraudster gains access, your system is locked down, and money is demanded to provide access. You have to pay for your own data!

hacker

“H4ck3rz R Us, how can I help you?”

The FBI recommends prevention, business continuity and remediation, but suggests that there is no guarantee of prevention even with the most robust controls in place. Methods of prevention include:

  • Provide extensive awareness and training for your staff.
  • Use strong anti-virus and anti-malware solutions that are set up to update automatically.
  • Regular scans should be conducted of the anti-virus and anti-malware solutions.
  • No user should be assigned administrative access unless that access is absolutely needed.
  • Those with administrative accounts should only use them when necessary.
  • Keep access to a minimum. If a user only needs specific files, he or she should not have access to other files.
  • Ask your IT professionals to implement controls to avoid common ransomware techniques.

But since prevention is not guaranteed, the most attention should be paid to business continuity and remediation. In short, back up your data regularly and regularly verify the integrity of the backups.  Secure backups. Ensure backups are not connected to the computers and networks they are backing up.

The FBI does not endorse paying a ransom to the fraudsters and teaches that paying the ransom does not always ensure regaining access to data.

The FBI encourages victims to contact a local FBI office immediately to report a ransomware attempt and to request assistance. Victims are also encouraged to report cyber events to the FBI’s Internet Crime Complaint Center (www.ic3.gov.)

E-mail Hacking Scams Hitting Buyers in SC

Standard

Please get the word out to your clients!

hacker

As closing attorneys, title insurance agents and business men and women, we receive daily warnings about a myriad of e-mail hacking scams. Many of these schemes involve wiring instructions and attempts to divert escrow funds to remote accounts. Piecing together the two words “wiring” and “instructions” in the subject line of an e-mail seems to entice the worst kinds of fraudsters.

Our own office was hit a year or so ago. We were escrowing funds for an agent’s large commercial transaction, and the agent received a bogus e-mail purportedly but not actually from us telling him to send the money in a different direction. Thankfully, our very astute agent had attended sufficient seminars and read enough fraud alerts to take the simple step of calling us.  Fraud averted!

American Land Title Association and others have written that fraudsters are now attacking buyers, not just businesses who hold escrow funds. And it is happening here!

Within the last few weeks we have heard of three email securityattempts of this nature in Charleston, at least one of which was successful. A buyer wired $150,000 to the wrong account on a Friday afternoon based on a bogus e-mail, spoofed to appear as if it came from the closing attorney. The e-mail said the firm was busy, and advised the recipient not to call but to respond by e-mail if there were questions. That should have been the first clue. The buyer and the banker both said they thought the e-mail and wiring instructions looked funny. But they sent the money out anyway.

Buyers have not attended the seminars nor read the fraud bulletins that have inundated all of us in the last few years. Closing attorneys and real estate agents may be the best line of defense in this situation.

Please communicate with your clients and let them know that a simple telephone call can prevent the diversion of their savings to criminals!

Be Vigilant to Prevent “Business E-mail Compromise” Scams

Standard

fraud alertWire fraud is on the rise! Train your staff!

United States business e-mail accounts are under attack by sophisticated fraudsters.

The FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC) and the United States Secret Service issued a financial services bulletin on June 19 warning against increasing wire transfer fraud against U.S. businesses referred to as “Business E-mail Compromise” (BEC) scams.

The bulletin warned that BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts for the purpose of conducting unauthorized wire transfers.  Many compromised accounts belong to business CEOs or CFOs. The funds are primarily sent to Asia, but funds involved in these schemes have been diverted to locations around the globe.

BEC fraud compromises e-mail accounts through phishing, social engineering or malware used to obtain the user’s password. Once an e-mail account is compromised, fraudsters begin accessing and reviewing e-mails, including meeting and calendar information, contacts lists, and information concerning business partners, vendors and customers.

This activity enables the fraudsters to interject themselves into normal business communications masquerading as the person whose account was compromised. This reconnaissance stage lasts until the actor feel comfortable enough to send wire transfer instructions using either the victim’s e-mail or a spoofed e-mail account.   E-mails are typically sent to an employee with the ability to wire funds. A common tactic is to wait until the victim is away on legitimate business travel to send new wire instructions, making it more likely that individual would use e-mail to conduct business and making it more difficult to verify the transaction as fraudulent while the victim is in transit. The requests will sometimes state that the wire transfer is related to urgent or confidential business matters and must not be discussed with other company personnel.

Other incidents involve the compromise of a vendor or supplier’s e-mail account with the intention of modifying the bank account associated with that business. This scheme may also be labeled “vendor fraud” and often involves last minute changes of the bank and account number for future payments.

red-phoneThere is a relatively easy fix: all wire information received via e-mail should be verbally verified using established business telephone numbers.

Other suggestions to guard against this fraud are:

  1. Limit the number of employees with authority to handle wire transfers.
  2. Have a second employee designated as an approver for any wire transfer requests.
  3. Be careful opening attachments and clicking on links even if the e-mail appears to be from a legitimate source if you believe wire instructions may be included in the communication.
  4. Look out for e-mails that contain significant changes in grammar, sentence structure and spelling compared to previous communications.
  5. Look out for suspicious communications particularly toward the end of the week or the end of a business day. The fraudsters will have more time to access and divert funds.
  6. Maintain a file, preferably in non-electronic form, of vendor contact information, including telephone numbers.
  7. Look out for “spoofed” e-mail addresses that are made to look like the real addresses. Fraudsters use tactics like character substitution, addition and omission to make e-mails addresses appear legitimate. Here are some examples using a Chicago Title address, richard.roe@chicagotitle.com
  • roe@chicag0title.com
  • roe@chicagotit1e.com
  • roe@chicagotitlee.com
  • roe@chicagottle.com
  • roe.chicagotitle@gmail.com
  • roa@chicagotitle.com
  1. Be wary of wire transfers to countries outside of normal trading patterns.

ic3 circleIncidents should be reported to local offices of the FBI or Secret Service or to:

Dirt lawyers, protect your businesses and your clients’ funds by following these critical guidelines!