Hacked Emails Can Lead to Wire Transfer Fraud
If you have finally found the house of your dreams and are excited to close on the sale, you might want to double check with the closing agent before you wire that down payment. More and more attorneys, realtors, and title agents are reporting that their email communications have been intercepted and that hackers have used the information obtained from emails to send fraudulent wiring instructions to buyers. The emails look legitimate, so quite a few purchasers have followed the instructions only to discover that their funds are gone forever because, unlike checks, wire transfers cannot be recovered once sent.
Realtor.org advises that the emails “are extremely convincing. Many sophisticated parties have been duped. No one should assume that they are ‘too savvy’ to recognize the fraud. In addition, no one should assume that they are ‘too small a target’ to be on these criminals’ radars.” This scam has become so widespread that some realtors and title attorneys are using low-tech ways to thwart the hackers. Recently, before my own real estate closing, my realtor physically handed me a hard copy of the wiring instructions and told me to alert all parties involved if I received any email that purported to contain wiring instructions. The firm handling the closing was notifying anyone doing business with them that they would never send wiring instructions by email.
If you were personally affected by the Target or Home Depot hacks, it is likely that your bank or credit union notified you of the breach before you were even aware that your credit card information had been compromised. Surprisingly, you cannot count on that same vigilance for your business. The National Association of Realtors warned its members that, “Under the 1978 Electronic Funds Transfer Act, banks are responsible for keeping consumer accounts safe from online fraud,” but “no similar laws are on the books for business accounts.”
As with many other cyber scams, the fraudsters often count on human error to gain the first toehold into your business. An article on LinkedIn gives this very important tip: “Immediately delete unsolicited e-mail (spam) from unknown parties. Do NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give subjects access to your computer system.” Attorneys should be stressing this point to their partners, associates and staff. We have all been inundated with long lists created by cybersecurity experts advising us on how to hopefully prevent data theft. Some businesses have the resources to employ a crack team of IT professionals, however, it is important to remember that all of that can be undermined if we as individuals fail to implement the following common sense steps:
- Use strong passwords and frequently change passwords on all devices
- Never click on a link, open an attachment, or reply to a suspicious email
- Check your online bank account daily and change your banking passwords often
- When out of the office avoid free Wi-Fi to protect against hackers capturing a password
- Never send wire transfers or any sensitive information by email unless it is encrypted
- Install all the updates for your virus protection software and anti-spyware
Obviously, this is an issue that is affecting everyone, but because attorneys have a special duty to protect client information as well as client funds deposited into their trust accounts, the stakes are higher for this profession than for most. Printing out the short list above and posting it on the computer monitors at your firm should help to avoid the classic problem of “out of sight, out of mind.” You might also consider purchasing cybersecurity insurance for your firm. Modern life is stressful enough without having something new to worry about, so the best thing to do is incorporate these habits into your regular routine so you can get back to focusing on practicing law.