Bad-check “phishing” scams continue to target lawyers
Remember when your mother told you that if something seems too good to be true, it likely is? That holds true today for lawyers and the array of sophisticated bad-check “phishing” scams that continuously target them. In recent years, especially when remote work grew in popularity during the COVID-19 pandemic, the number of phishing email attacks rose. After analyzing about six trillion emails in 2019, Microsoft found about 13 billion of those emails were malicious, according to the company’s 2020 Digital Defense Report. Legal services were in the top 10 industries to receive malicious business emails, according to the report.
Over the years, the scams have become more elaborate. While initial scams may have involved someone based in another country seeking assistance with a legal matter – like a divorce or small claims settlement – today’s scams involve “international companies” armed with corresponding email domains and LinkedIn profiles of its “employees.” One recent scam that some Missouri Bar members have received involves a company that needs legal assistance drafting a purchase and sales agreement with a buyer in the local lawyer’s area. The catch is the lawyer receives a fraudulent cashier’s check suddenly and is asked to draw the retainer.
The names and plots may change, but the core scam remains the same – getting lawyers to distribute the funds from the cashier’s check when the bank has “cleared” the check, but before the deposited funds have been verified. This mistake leaves the lawyer notified later that the check was fake and the bank will seek reimbursement.
Mark Lanterman, chief technology officer at Minneapolis-based Computer Forensic Services, was a key speaker at The Missouri Bar’s 2021 Solo & Small Firm Conference in June. He offered several tips to help law firms protect themselves against cyber attacks. Click here to read his advice.
“Don’t ever think, ‘Why would any hacker come after me? I’m just a small shop here,’” Lanterman said. “They don’t care. They don’t take the time to figure out if you’re big or small or medium. They cast a wide net, so be careful before you follow instructions you receive via email.”
Practicing patience is one way to avoid falling victim to these types of scams, as well as stay in line with Missouri’s trust accounting rules.
Missouri’s Legal Ethics Counsel, Melinda J. Bentley, provides informal opinions and teaches continuing legal education programs on trust accounting for lawyers. She said following the Safekeeping Property rule can help lawyers fend off bad-check scams. She highlighted Supreme Court of Missouri Rule 4-1.15(a)(6), which provides: “no disbursement shall be made based upon a deposit: (A) if the lawyer has reasonable cause to believe the funds have not actually been collected by the financial institution in which the funds are held; and (B) until a reasonable period of time has passed for the funds to be actually collected by the financial institution in which the trust account is held.” She added that Comment  on the rule refers to this as “good funds” and notes that it’s insufficient to only wait until the deposit is “cleared” or “available” by the bank.
“I recommend that lawyers check with the financial institution to make sure they are ‘good funds’ before they disburse any funds from the trust account,” Bentley said.
If a lawyer has an ethical concern or question, they may contact Missouri’s Legal Ethics Counsel at 573-638-2263.