unfold-more book menu mail print close check keyboard-arrow-up keyboard-arrow-right keyboard-arrow-left keyboard-arrow-down align-justify links presentations articles file-o plus cancel plus2 linkedin youtube twitter instagram facebook google plus search

Recent News

Wire Transfer Scams: How to Minimize the Risk

Ethics, Firm Management, Technology

Scams continue to target Texas attorneys regardless of firm size. Email wire transfer scams–most commonly targeting real estate closings or legal settlements–have increased exponentially resulting in millions of dollars of losses each year. 

In this Article, we provide an overview of the prevalent email wire transfer scam, the ethical and practical implications for attorneys, and some risk management tips to help protect you, your clients and your firm.

THE MOST COMMON WIRE TRANSFER SCAM: HOW IT WORKS 

In a nutshell, email wire fraud uses social engineering–defined as the manipulation of  individuals into disclosing personal or confidential information for fraudulent purposes–to initiate an unauthorized transfer of funds. The scammer will pose as the intended recipient of the funds–sending an email from a “spoof” email address (e.g., identical except for one character) to the attorney or the attorney’s client (e.g. the buyer in a real estate transaction) with wiring instructions that diverts the funds into a fraudulent account. The scheme is successful if the recipient of the fraudulent email fails to follow up with the intended recipient to confirm the wiring instructions. 

ETHICAL AND PRACTICAL CONCERNS 

Failing to uphold your professional responsibilities when faced with these types of scams has significant ethical and practical implications including being found accountable for any losses arising from such scams. 

Ethical Rules Implicated 

Under Texas Rule 1.14, attorneys are required to hold property of others with the care required of a professional fiduciary and to “promptly deliver to the client or third person any funds or other property that the client or third person is entitled to receive and, upon request by the client or third person, shall promptly render a full accounting regarding such property.” 

The duty of competence under Texas Rule 1.01, is also implicated. Attorneys are required to keep abreast of changes in technology. Comment 8 states that “each lawyer should strive to become and remain proficient and competent in the practice of law, including the benefits and risks associated with relevant technology.”

You may be thinking that you’d never fall victim to this type of scheme. But what if your client fell prey to the scam–are you still on the hook? Well, it depends. While the Texas Ethics Committee has not addressed this explicitly, an Opinion from the North Carolina Ethics Committee is instructive. The Committee found that attorneys have a professional responsibility to inform clients about potential fraudulent attempts to acquire client funds. And so liability depends on whether a lawyer takes reasonable measures to warn clients about wire fraud. 

[A] lawyer satisfies his or her professional obligation if s/he takes reasonable measures to educate him or herself on real property transaction scams; implements within the lawyer’s practice (including staff) reasonable measures to minimize the risks to client funds in accordance with the Rules of Professional Conduct; and adequately communicates to the client the risks associated with the transfer of funds in connection with a real property transaction and clear instructions on how to safely transfer funds to complete the real property transaction. 

Insurance Coverage 

You might read this and say, well that’s what malpractice insurance is for. Not so fast. Insurance coverage depends on your policy and jurisdiction. The U.S. Court of Appeals for the 5th Circuit held that manipulation of an employee to transfer funds to a fraudulent account is not enough to create coverage

Many regular insurance policies do not cover these types of scams. We’ve recently discussed the perils of being underinsured here. Even cyber coverage may not cover email wire fraud. This is because a cyber event is usually defined as events involving hacking or data breach, as opposed to “social engineering”. If you’re insured through TLIE, additional cyber coverage with third-party liability protection, which provides coverage for the loss of money or securities due to financial fraud, including wire transfer fraud, is available.

RISK MANAGEMENT TIPS

Here are some tips on how to minimize risk of exposure to email wire transfer scams. 

  • Practice email security. Avoid the use of free web-based email and use multi-factor authentication on all email and financial accounts. Do not click on links or open attachments in unverified emails from unknown senders as malware, ransomware and other viruses are prevalent. Avoid attaching sensitive information to an unencrypted email. For example, a closing package sent as a .PDF file should be password protected.
  • Keep firewall, operating system and security software current.
  • Always verify wiring instructions. Never wire funds without calling to confirm wiring instructions using the contact number that’s previously been verified (never use the number provided in the signature block). You may also consider obtaining written, notarized disbursement instructions. 
  • Establish a policy on wire transfers and implement appropriate training. The policy should require verifying the contact information from all parties involved at the beginning of the transaction and the prohibition of using non-verified contact information. Additionally, the policy should include a provision that wiring instructions must be confirmed using verified contact information and that any last minute changes to wiring instructions should be flagged as suspicious. 
  • Warn your clients. It’s essential that you warn all parties on the threat of email wire fraud. Include a provision in the Engagement Letter advising clients to call your office to verify wiring instructions before sending any wire, that you will not change writing instructions and that if the client receives different wiring instructions, it should be presumed to be fraudulent. Have the client sign the engagement letter and keep it on file.  If your practice involves the transfer of funds via wire regularly, you should also consider including a fraud alert regarding wiring instructions as part of every email signature line. 

CONCLUSION 

Wire transfer fraud is a growing epidemic so it’s no wonder that TLIE has had a number of insureds impacted by this scam. It’s essential to stay up to date on current trends and implement sound policies and practices in order to protect yourself, your practice and your clients. Please contact us if you have any questions regarding staying protected. 

By Lauren Bianchini