B.C. Lawyers Out $2 Million After Email Fraud
Two law firms in British Columbia were the victims of a social engineering scheme that caused $2 million in real estate and investment funds to be diverted. In each case, the thief used email addresses nearly identical to that of the true client.
In one case, the client had instructions from the firm to transfer funds in person, but before the client could do so, the firm received an email from that client. Unfortunately, the email was really from the fraudster, the firm wired the funds into the fraudster’s account, and the client never received the funds. The email was an exact copy of the real client’s email address.
The second firm’s transaction was also redirected via the same method. In this case over $1.5 million in investment funds were lost to the impostor. The firm originally received payment instructions from the corporate client, then received an email from the fraudster redirecting the funds to a different bank account. In this case, the email used by the thief was one letter off from the true client’s email.
The law society suggests lawyers, clients and other businesses can protect themselves in various ways:
- Always assume a hacker is aware of any imminent payments
- Be aware that any client, business and law firm email account may be compromised by a hacker
- Establish due diligence protocols for all fund transfers and ensure staff adheres to this protocol every time
- Be aware that scammers can replicate emails and firm and company websites