Lawyers are again warned to personally verify instructions received from clients by email. In the latest instance of the dangers posed by hacked email accounts, a New Zealand lawyer who had settled the sale of a residential property for a client received an email from the client’s actual email address directing payment of the funds from the sale into a foreign bank account.
The email gave detailed instructions for the payment. Attached to the email was a PDF of a page of a bank statement from the bank in the name of the client, apparently showing genuine transactions over the last month. This attachment was entitled “Proof of bank account”.
The client had not sent the email and did not have an account with the bank.
This attempted fraud illustrates the importance of verifying all emailed instructions directly with clients by telephone.
The accompanying emails often contain small clues that they are fraudulent. Strange phrases, spelling mistakes and shoddy punctuation should be viewed as red flags. The fraudsters are usually not native English speakers. A claim to be difficult to contact is also often an indicator of fraud.
The fraudulent email to the lawyer began “A good day to you, find below banking details as required for the transfer to my account...”
After giving details of the “account”, the email continued (exactly as written):
“Kindly confirm as soon as the settlement funds have been received via email because i am travelling and would be unvailabe by phone, also find attached a copy of my bank statement for verification puposes.
“Please confirm safe receipt of the banking details for the transfer of the proceeds of the sale on settlement.”