Fraud Update: Compromised Wire Instructions
In May, the North Carolina State Bar and Lawyers Mutual warned about fraudulent activity related to wired funds in real estate transactions. The scam described in those alerts involved communications from a purported seller or realtor asking the attorney to modify the way closing proceeds should be delivered – either changing from a check to a wire, or changing the wire instructions from one bank account to another. In fact, a scammer had gained access to the email account of one of the parties to the transaction. When the lawyer follows the false instructions, funds are delivered to the scammer’s bank account and cannot be retrieved.
Lawyers Mutual has received multiple reports of a variation on this scheme where the hacker intercepts and alters the law firm’s wiring instructions. In this scam, the closing attorney sends an email to the buyer or buyer’s agent with instructions to wire purchase money into the lawyer’s trust account. That email is intercepted by a scammer (who has hacked the sender’s or recipient’s email account) and replaced with false instructions. The false instructions are received by the buyer, who then unknowingly wires money to the scammer’s bank account.
Attorneys must be vigilant when communicating by email to avoid these schemes. We recommend the following actions to prevent losses from fraudulent wire instructions:
- Obtain verified contact information from all parties at the beginning of the representation and use only those phone numbers and email addresses.
- Consider using encrypted email or a secure client portal when sending wiring instruction.
- If you have concerns about the recipient’s email security, send wiring instruction by fax.
- Implement a two-level process where wire instructions (to and from the law firm) are confirmed by phone using a previously-verified number.
- If you receive last-minute changes from a seller or agent requesting that funds be sent by a new method or to a new account, treat this as a red flag. Do not follow the new instructions without contacting the sender using previously-verified contact information.
- Carefully check email addresses to make sure that they exactly match the addresses you have on file. Hackers will often use an email address that differs from the true sender’s address by one letter or symbol.
- Address wiring instructions in your engagement letter. Your engagement letter can inform the parties of the name of your bank and last digits of your account number. Have the parties acknowledge in writing that they should call your office before initiating a wire to any other account.
- Warn your staff about these scams and make sure they are taking precautions to detect and prevent fraud. Non-attorneys are frequently the point of contact for the parties to a closing and they will often be the ones to receive or act upon compromised communications.
Please call Lawyers Mutual if you have questions or to report possible fraud or cybercrime.