Commercial lawyers: you’re not immune from fraud!

Standard

This high-dollar scam was reported to our company

hacker mask

Our company publishes an excellent newsletter entitled “Fraud Insights”. The Editor, Lisa Tyler, National Escrow Administrator, deals mostly with residential transactions. It’s unusual for her to report on a scam involving a commercial transaction, but the edition that hit my in-box today outlines the story of a chilling scam involving a commercial transaction in New York. Fortunately, the scammers were not successful despite their best efforts.

Here are the facts. On April 10, 2019, an attorney at a large, prestigious New York City law firm sent a settlement services office in Lake Success, New York, a payoff letter for a private mortgage. The payoff letter said $1.7 million should be wired to a bank account in New Jersey.

The afternoon before the closing, the settlement office received an email purportedly from the payoff attorney’s office with revised payoff instructions for a bank in the Netherlands.

The closing was postponed for reasons not involving the loan payoff. When the closing was rescheduled, the settlement office emailed the lawyer and his assistant inquiring about the change in the wiring instructions. The responding email confirmed that the change was legitimate.

Reviewing the emails carefully, the closer noticed the domain name for the lawyer’s office contained an extra “s” beginning with emails dated April 16. The attorney’s email signature was also partially cutoff beginning April 16.

Two hours before the closing, the attorney’s assistant purportedly sent the closer an email asking if the wire had been sent. The closer did not want to alarm her that her email had been compromised, so he responded that the closing was happening shortly, and he would be in touch. The closer then searched the law firm by Internet and called the main telephone number, asking for the assistant directly. She answered the phone and said the original payoff letter was the only payoff letter, and she had not sent the recent email. She was, of course, alarmed.

She said her attorney was in court and she would relay the distressing information to him immediately. She was asked to refrain from using email for that notification because the emails were clearly being watched. Regardless, she emailed the attorney. At that point, the scammers were tipped off that their scheme had been uncovered.

While the legal assistant and the closer were discussing the situation by phone, the closer received another email purportedly from the assistant demanding that he call the lender to confirm the payoff information. Immediately following that exchange, a man called the closer office to confirm the altered wiring instructions.

At this point, everyone involved with the closing knew for sure that they were dealing with attempted fraud. The closing took place, but the payoff was accomplished via bank check.

The closer said his office tries to remain on the cutting edge of technology and industry news. His sharp eye in pinpointing the email discrepancies kept the closing from being another cybercrime news story. Commercial lawyers may feel somewhat insulated from the rampant cyber fraud that plagues residential practices, but this cautionary tale is an example of penetration into a sophisticated law firm. Be careful out there!

Advertisements

Scary telephone identity compromise story from one of our own

Standard

Our company distributes a great publication, Fraud Insights, which tells scary fraud stories every month. Lisa Tyler, National Escrow Administrator, edits this publication and does a great job keeping us informed about new scams. A Fraud Insights story in March came from one of our company employees who told her personal identity compromise story to prevent it happening to the rest of us. I’m going to translate the story to South Carolina terms and call the victim Pam Paralegal.

Pam Paralegal was working on a messy residential purchase file in her office in Charleston and was not focusing on the telephone call on her cell phone that she received purportedly from her personal bank. The caller ID was indeed Pam’s bank’s name. When Pam answered, the caller identified herself as Jill Jones and said she was with the fraud department of the bank. Ms. Jones said she was going to text a code to Pam to confirm Pam’s identity.

scammer calling

Pam received the text code and read it back to Ms. Jones.  Ms. Jones then asked if Pam had authorized a $1,000 transfer from her account that morning. Pam said that she had not made that transfer. Pam told Ms. Jones that she would log into her online account to determine whether that transfer was showing up, but Ms. Jones told Pam the bank had already shut down her ability to access her account via the Internet. Ms. Jones told Pam that she needed her to read off an additional text code to authorize the shutdown. When Pam read the second text code back, the phone line went dead.

Pam immediately started receiving emails from her real bank. The first email confirmed a change in Pam’s password. The second email confirmed Pam had authorized a $1,000 withdrawal via electronic funds transfer. Pam called her bank to report the incident and later received a call back from the real fraud department. Pam was informed that the thieves had stolen $1,000 by using her Social Security number, and that they really had shut down her account.

Pam purchased a credit monitoring service, filed a police report, and contacted all three credit bureaus to make them aware of the incident. And she is still missing $1,000.

Here are seven tips from the Better Business Bureau ® (BBB) offers to protect against telephone scams:

  1. Do not trust caller ID: Victims fall for telephone scams because they assume the number on their caller ID is the correct person. Scammers can easily spoof numbers to make it look like a certain person is calling you, when in reality they are not. Some scammers will use your own telephone number for the caller ID. Others will use your prefix with a different last four digits to make you assume you’re being contacted by a neighbor.
  2. Do not give out personal information: Any legitimate person or business who reaches out to you will already have your information on hand. If they do not, or if you receive a call out of the blue asking for personal information, just hang up.
  3. Scammers usually pose as a trusted source: Like the story from Pam who was called from someone posing as an employee in the fraud department of her bank, scammers will pose as a trusted source to attempt to obtain information from you. Hang up immediately.
  4. Do not press buttons: Many “robocallers” will prompt you to “press 9” to be taken off their call list. Pressing 9 will only do the opposite and flood your phone with even more calls. Pressing a number on the keypad alerts the scammers that they have reached an active telephone number.
  5. Beware of big name companies calling: Scammers impersonate big name companies, charities and legitimate businesses, hoping that you will be more inclined to give personal information to them. If you receive such a call, hang up immediately, find the appropriate number and call the business to verify.
  6. Sign up for the Do Not Call Registry: To cut down on the amount of calls you receive, you can register your phone number for free through the Federal Trade Commission (FTC) Do Not Call Registry. This registry prohibits calls, informational calls, telephone survey calls and calls from companies you have recently done business with.
  7. Do not answer: If you receive a call from a number you don’t recognize, let it go to voicemail. Any legitimate person or business will leave a message. If a scammer decides to leave voicemail, you will have time to think about what is being asked by them, instead of being pressured on the spot to give up your personal information.

That last tactic is the one used in our household and with my business cellphone. If I don’t recognize the number, I don’t answer the call. It makes more sense to return the call of a legitimate caller than to become involved with a scammer or telemarketer. That’s my plan and I’m sticking to it!