Email fraud attempts continue to target the legal profession. The criminals behind many of the frauds have become more sophisticated and often use internal email they have hacked in their attempts to steal money.

A spate of reported attempted frauds at the start of 2018 prompted the Law Society to repeat the advice it has given a number of times: lawyers and law firm staff should ensure that they check and verify all payment instructions received by email.

Such verification can be by phone or personal contact.

The names used and the wording of the attempted frauds varies. However, the modus is similar, and one of the biggest giveaways, which the fraudsters don’t yet seem to have overcome, is the email address used at some stage. Bad English and grammar is another identifying point – although this, of course, is not confined to fraudsters.

Many of the latest attempted frauds begin with an inquiry for assistance with purchase of property. The introductory emails vary, but lawyers who receive an email from an unknown person – who doesn’t state where they are based or where the property is located (“in your jurisdiction”) – should be very wary. Most of the frauds will end in an attempt to infiltrate the lawyer’s IT system through inducing them to click on a link or to provide their email and password. Be very careful out there.

To assist in identifying some of the tricks used, here is a selection of recent email fraud attempts made against New Zealand law firms. All names and identifying particulars have been changed unless they are for the actual fraudster.

The casual internal money transfer

First email

From: Sarah Youngblood [a partner in the firm]
To: Rory Older [a member of the accounts team]
Subject: International

Are you in office?

Sarah Youngblood
Partner

Second email

From: Rory Older
To: Sarah Youngblood
Subject: RE: International

Of course
Rory Older, Accountant

Third email

From: Sarah Youngblood [mailto:wor.k@aol.com]
To: Rory Older
Subject: Re: International

I need a transfer payment to be processed today. Can you handle that now?

Fraud detected

At this stage it became clear to Rory that the two emails which appeared to have come from Sarah did not. The email address was wrong – but there are instances where this has been overlooked and money transferred (and lost) through staff acting purely on the emailed “instructions”. The next step in the fraud is usually an instruction to immediately transfer a sum of money to a specified bank account (always outside New Zealand – we don’t seem to have our own internet email fraudsters who specialise in lawyers).

Another example, several attempts using an iPhone

From: Jill Highill iphonesemailss@gmail.com
To: Doug Luge [Luge Lawyers]
Subject: Urgent

Have a pending payment to be paid to the UK now, are you available to handle right away? What is our current balance as of today?

Regards
Jill Highill
Sent from my iPhone

From: Jill Highll iphonesemailss@gmail.com To: Doug Luge [Luge Lawyers]
Subject: Urgent

Are you available to handle an international payment this morning? Have one pending, let me know when to send bank details.

Regards
Jill Highill
Sent from my iPhone

Third attempt, this time changing to an interesting email address

From: Jill Highill <donjohnsons@gmail.com>
To: Doug Luge [Luge Lawyers]
Subject: Urgent

Doug
Are you available to send a transfer? Let me know so i can send payee’s details

Regards
Jill

Another variation on the internal transfer request

First email

Hello Moana

How are you today? I will need you to process a bank wire transfer, which needs to go out of the country today as a same value day payment. Let me know if you are available now, so I can forward the beneficiary’s account details.

Thanks,
Basil

The recipient responded, noting that they were available to help but there would be a delay in processing the transfer.

Second email

Thanks for your email, process sum of $12,276.80 USD now as same value payment to the payee account sated [sic] below:
BANK NAME: Bank of American [sic]
BANK ADDRESS: [address in Texas given]
Account Name: [Provided]
Account Number: [Provided]
Routing Number: [Provided]

As soon as the transfer is done, email me the confirmation slip. So, i can forward it to the beneficiary.

Regards,
Basil

Phone contact was then made between Moana and the real Basil and the fraud was discovered. A few hours later, the final fraud attempt was made:

Third email

What is the update on the transfer?

Don’t ever click on an unknown attachment

IT systems are infiltrated by inducing users to click on malware. If you get an email – and that may be an email from someone you think you know (but who has been hacked) – with an attachment, be extremely wary before clicking on the attachment.

From: John Kelly <jKelly@argusfire.co.nz>
Subject: E-Docs

We have just sent you an important Document of a remittance invoice Via Drop-Box, Browse Here to View it.

Thanks
JK.

The property purchase frauds

There are many variations on the preliminary emails, but they involve someone unknown to the lawyer or law firm emailing the firm (our example below used the firm’s online inquiry form) and saying they need a lawyer to help them purchase a property.

The fraudster’s objective is to infiltrate the email of a member of the firm. This could occur through sending a document with a link to click on, or a link which is protected and personalised for a specific firm member with the requirement of entering their email address and password. If this happens the fraudsters will then be able to monitor the firm member’s email account and look for information about property settlements and required payments.

When the payment deadline arrives, the fraudsters email the client pretending to be from the law firm and reminding them that a payment is due. Bank account details are provided – but not, of course, the firm’s bank account.

The following emails are typical of the usual approach.

First email (using a law firm’s online inquiry form)

From: jamesbradon1956@gmail.com

Hi
I need your services to purchase a property and I will like you to act as my solicitor. I am hoping to seal the deal in 4 weeks time. Please let me know if your availability, so I can proceed with seller and also send you the contract details.

Thanks
James
Phone: 0203456657

Second email

The law firm responded, saying it may be able to help, and asking for the location of the property and whether an agent was involved.

Third email

From: jamesbradon1956@gmail.com

Hi
Thanks for getting back with me on short notice . Been a little busy working out details with my bank to make sure there won’t be any issues with the transfer of funds . I am also flexible on the time frame, even though I mentioned 4 weeks. I just need this done as soon as it can be done. I have acquired a couple of properties in the past, but my previous legal adviser is battling cancer at the moment, so I am taking a different direction . In the pdf attachment below contains the “contract certificate” between me and the seller and also location and address of the said property. Please kindly review this and get back to me at your earliest convenience .

Sincerely,
James Brandon

Outcome

Poor James got his last name wrong. The firm involved also tried to verify his identity from the interesting phone number he provided (which didn’t work). His pdf attachment was described by the firm as being “not even close to being a normal commercial document”. The firm also very wisely did not click on the links in the PDF sent to them by James.

One more recent example

From: michael fowler [mailto:michaelfowler90@outlook.com]
Subject: inquiry

Good day,
For some time now i have been in search of a property to acquire and luckily i have found the right property i wish to buy. As a new investor in the property business i need a competent conveyancing representative who can guide and assist me through the unfamiliar conveyancing process.

I came across your organization profile as a professional in conveyancing and other legal matters and as a business man I understand how important it is to provide the best possible service to my customers, having the right product and providing a first class service is the key to ensuring that customers return for repeat business.

I will appreciate if i can get a quotation and a more knowledge about your conveyancing process and as well as terms and condition so we can commence as soon as possible.

I hope to hear from you soon.

Kind Regards
Michael Fowler

The genuine ones

The worry is always that there may be a genuine (if slightly illiterate) client trying to engage a lawyer. The Law Society has had a number of inquiries about emails which emanate from an Australian organisation called Worthington Clark Pty Ltd and its Rightful Claims division. Through direct contact, we are sure this is a genuine organisation.

Rightful Claims describes itself as “asset recovery specialists” and identifies assets such as shares, bank accounts, insurance policies and inheritances which are unclaimed. After identifying the owner or presumed rightful owner, the company makes contact and offers to help claim and secure the asset. In return for a proportion of the asset value, the company acts through the whole claim process if the owner agrees.

A New Zealand business called Sanclaro also carries out a similar activity. It directs people who are suspicious about its activities to contact two New Zealand law firms for verification of authenticity.