How to avoid an old scam with a new twist

Picture this: You get contacted by a non-local potential client who wants to hire your firm to represent them in a case involving a local business with which you are familiar. This prospective client provides you with documentation and paperwork attesting to the interactions he has had with the business and what type of work will need to be done moving forward. An engagement letter is signed and a retainer is requested. A few weeks go by with no retainer, until all of a sudden, the local business sends a cashier’s check. You contact the client to let him know it has been received and he tells you to deposit the check—and to wire a portion of the sum to an out-of-town entity. Your firm follows the instructions only to learn that the cashier’s check bounced. Worse still, upon contacting the local business that supposedly sent the check, you learn that it has no awareness of the case. Or your client. 

A variation of the tried and true wire transfer scam, this setup is made even more effective by invoking the name of a seemingly legitimate and local third party. I was recently contacted by a firm that unfortunately lost hundreds of thousands of dollars as a result of this scam, and their bank is saying they’re on the hook for the sum. This past May, a Boston law firm that had fallen victim to the same con in 2015 had their lawsuit against their bank dismissed by the Massachusetts Appeals Court. The court said, “It was the firm that was in the best position to guard against the risk of a counterfeit check, by knowing its ‘client,’ its client’s purported debtor and the recipient of the wire transfer.”1 That’s the stark reality of the matter: In the event of a scam, firms are ultimately responsible for spotting when things are amiss. Relying on your bank to identify a counterfeit check is not an effective strategy. 

Like phishing scams and the many other social engineering attacks that a firm may encounter, combatting this type of scam requires vigilance. Consider the last part of the scenario. It’s only after the check bounces that the firm finally contacts the third party and finds out they have no knowledge of the situation or the client. Even without a retainer, this should be the first step. If something seems off, out of the ordinary, or simply too convenient, verify the story with the third party. Maybe you will do a bit of extra work without getting paid, but in the long run, you’ll save yourself a lot of time and money. Always check and double-check that the parties that are either sending or receiving funds are legitimate. 

It is always wise to slow down and act cautiously when dealing with potential social engineering attacks and scams. Confirming identities, waiting for checks to truly clear, and being wary of anything that raises a red flag are all strategies that may help to prevent your becoming a victim. If you believe that a wire transfer fraud has occurred, it is absolutely critical to act fast for any hope of recovery. As these scams don’t show any signs of going away, it is important to provide training and education in identifying and reporting fraud. 

MARK LANTERMAN is CTO of Computer Forensic Services. A former member of the U.S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security/forensic experience and has testified in over 2,000 matters. He is a member of the MN Lawyers Professional Responsibility Board.