Verify emailed instructions. And watch those property purchase inquiries
Email fraud attempts continue to target the legal profession. The criminals behind many of the frauds have become more sophisticated and often use internal email they have hacked in their attempts to steal money.
A spate of reported attempted frauds at the start of 2018 prompted the Law Society to repeat the advice it has given a number of times: lawyers and law firm staff should ensure that they check and verify all payment instructions received by email.
Such verification can be by phone or personal contact.
The names used and the wording of the attempted frauds varies. However, the modus is similar, and one of the biggest giveaways, which the fraudsters don’t yet seem to have overcome, is the email address used at some stage. Bad English and grammar is another identifying point – although this, of course, is not confined to fraudsters.
Many of the latest attempted frauds begin with an inquiry for assistance with purchase of property. The introductory emails vary, but lawyers who receive an email from an unknown person – who doesn’t state where they are based or where the property is located (“in your jurisdiction”) – should be very wary. Most of the frauds will end in an attempt to infiltrate the lawyer’s IT system through inducing them to click on a link or to provide their email and password. Be very careful out there.
To assist in identifying some of the tricks used, here is a selection of recent email fraud attempts made against New Zealand law firms. All names and identifying particulars have been changed unless they are for the actual fraudster.
The casual internal money transfer
From: Sarah Youngblood [a partner in the firm]
To: Rory Older [a member of the accounts team]
Are you in office?
From: Rory Older
To: Sarah Youngblood
Subject: RE: International
Rory Older, Accountant
From: Sarah Youngblood [mailto:email@example.com]
To: Rory Older
Subject: Re: International
I need a transfer payment to be processed today. Can you handle that now?
At this stage it became clear to Rory that the two emails which appeared to have come from Sarah did not. The email address was wrong – but there are instances where this has been overlooked and money transferred (and lost) through staff acting purely on the emailed “instructions”. The next step in the fraud is usually an instruction to immediately transfer a sum of money to a specified bank account (always outside New Zealand – we don’t seem to have our own internet email fraudsters who specialise in lawyers).
Another example, several attempts using an iPhone
From: Jill Highill firstname.lastname@example.org
To: Doug Luge [Luge Lawyers]
Have a pending payment to be paid to the UK now, are you available to handle right away? What is our current balance as of today?
Sent from my iPhone
From: Jill Highll email@example.com To: Doug Luge [Luge Lawyers]
Are you available to handle an international payment this morning? Have one pending, let me know when to send bank details.
Sent from my iPhone
Third attempt, this time changing to an interesting email address
From: Jill Highill <firstname.lastname@example.org>
To: Doug Luge [Luge Lawyers]
Are you available to send a transfer? Let me know so i can send payee’s details
Another variation on the internal transfer request
How are you today? I will need you to process a bank wire transfer, which needs to go out of the country today as a same value day payment. Let me know if you are available now, so I can forward the beneficiary’s account details.
The recipient responded, noting that they were available to help but there would be a delay in processing the transfer.
Thanks for your email, process sum of $12,276.80 USD now as same value payment to the payee account sated [sic] below:
BANK NAME: Bank of American [sic]
BANK ADDRESS: [address in Texas given]
Account Name: [Provided]
Account Number: [Provided]
Routing Number: [Provided]
As soon as the transfer is done, email me the confirmation slip. So, i can forward it to the beneficiary.
Phone contact was then made between Moana and the real Basil and the fraud was discovered. A few hours later, the final fraud attempt was made:
What is the update on the transfer?
Don’t ever click on an unknown attachment
IT systems are infiltrated by inducing users to click on malware. If you get an email – and that may be an email from someone you think you know (but who has been hacked) – with an attachment, be extremely wary before clicking on the attachment.
From: John Kelly <jKelly@argusfire.co.nz>
We have just sent you an important Document of a remittance invoice Via Drop-Box, Browse Here to View it.
The property purchase frauds
There are many variations on the preliminary emails, but they involve someone unknown to the lawyer or law firm emailing the firm (our example below used the firm’s online inquiry form) and saying they need a lawyer to help them purchase a property.
The fraudster’s objective is to infiltrate the email of a member of the firm. This could occur through sending a document with a link to click on, or a link which is protected and personalised for a specific firm member with the requirement of entering their email address and password. If this happens the fraudsters will then be able to monitor the firm member’s email account and look for information about property settlements and required payments.
When the payment deadline arrives, the fraudsters email the client pretending to be from the law firm and reminding them that a payment is due. Bank account details are provided – but not, of course, the firm’s bank account.
The following emails are typical of the usual approach.
First email (using a law firm’s online inquiry form)
I need your services to purchase a property and I will like you to act as my solicitor. I am hoping to seal the deal in 4 weeks time. Please let me know if your availability, so I can proceed with seller and also send you the contract details.
The law firm responded, saying it may be able to help, and asking for the location of the property and whether an agent was involved.
Thanks for getting back with me on short notice . Been a little busy working out details with my bank to make sure there won’t be any issues with the transfer of funds . I am also flexible on the time frame, even though I mentioned 4 weeks. I just need this done as soon as it can be done. I have acquired a couple of properties in the past, but my previous legal adviser is battling cancer at the moment, so I am taking a different direction . In the pdf attachment below contains the “contract certificate” between me and the seller and also location and address of the said property. Please kindly review this and get back to me at your earliest convenience .
Poor James got his last name wrong. The firm involved also tried to verify his identity from the interesting phone number he provided (which didn’t work). His pdf attachment was described by the firm as being “not even close to being a normal commercial document”. The firm also very wisely did not click on the links in the PDF sent to them by James.
One more recent example
From: michael fowler [mailto:email@example.com]
For some time now i have been in search of a property to acquire and luckily i have found the right property i wish to buy. As a new investor in the property business i need a competent conveyancing representative who can guide and assist me through the unfamiliar conveyancing process.
I came across your organization profile as a professional in conveyancing and other legal matters and as a business man I understand how important it is to provide the best possible service to my customers, having the right product and providing a first class service is the key to ensuring that customers return for repeat business.
I will appreciate if i can get a quotation and a more knowledge about your conveyancing process and as well as terms and condition so we can commence as soon as possible.
I hope to hear from you soon.
The genuine ones
The worry is always that there may be a genuine (if slightly illiterate) client trying to engage a lawyer. The Law Society has had a number of inquiries about emails which emanate from an Australian organisation called Worthington Clark Pty Ltd and its Rightful Claims division. Through direct contact, we are sure this is a genuine organisation.
Rightful Claims describes itself as “asset recovery specialists” and identifies assets such as shares, bank accounts, insurance policies and inheritances which are unclaimed. After identifying the owner or presumed rightful owner, the company makes contact and offers to help claim and secure the asset. In return for a proportion of the asset value, the company acts through the whole claim process if the owner agrees.
A New Zealand business called Sanclaro also carries out a similar activity. It directs people who are suspicious about its activities to contact two New Zealand law firms for verification of authenticity.
Last updated on the 2nd March 2018