Cyberscam may cost plaintiff’s firm six figures

How to protect your firm and its clients

2023 March

With remote work and the reliance of technology to practice law, I must highlight a cautionary tale to both plaintiff and defense lawyers and carriers. Here is a true story from one of our members that I want to share:

“I’m a plaintiff’s attorney in Los Angeles practicing PI. One of my associates settled a slip-and-fall case for $450k, pre-lit. As soon as he did so, my officer manager sent an email to defense counsel attaching our W-9, the signed release, and payment instructions to send the settlement draft made out to our firm and the client.

A frightening hack

“Unbeknownst to my associate, his email had been hacked and was being monitored. Within a day after the hacker saw my office manager’s email about payment, the hacker began emailing the defense firm from my associate’s email address saying the following: “We have transitioned into receiving money by wire instead of settlement draft. Therefore, please wire the settlement funds directly to our account for disbursement. Please make the wire out to Polaris, Inc., which is the owner of our law firm.”

“Obviously, no one from my firm was copied on this email and, because it came from my associate’s email address, the defense attorney thought it was legitimate. The defense attorney then began emailing back and forth with the hacker, ultimately giving the insurance carrier instructions to wire the money to the hacker’s bank account, which it did. Ten days or so after my office manager sent her initial email, she sent a follow-up email requesting status of the settlement check only to learn from the defense that they ‘had already wired the settlement funds.’ She immediately let the defense know that they had been scammed, but it was too late and the money was already gone.”

How this scam works

An attorney receives what looks like a legitimate email with an attachment that says something innocuous like “fax from opposing counsel,” or “voice msg from client.” As soon as they click on it, the hacker gains access to their email and begins monitoring it, waiting for a case to settle so they can attempt to re-direct the settlement funds to their back account through a wire as facilitated by the scenario above. The hacker then creates rules in the attorney’s email outbox and inbox. For example, one rule consists of automatically forwarding all emails sent by defense counsel to plaintiff’s counsel, directly to the hacker and then permanently deleting the email. This way, the plaintiff’s attorney will never see the emails being received from the defense.

Another e-mail rule that the hacker creates is to automatically and permanently delete from “sent mail” all emails being sent by the plaintiff attorney’s email address to the defense attorney. This way, the plaintiff’s attorney will not see in “sent mail” any outgoing emails the hacker is sending to the defense. The effect is that the hacker is communicating with and giving instructions to the defense firm using the plaintiff attorney’s email address in a way that the plaintiff’s attorney has zero knowledge of.

Finger pointing and liability

Both the plaintiff and defense law firms and the insurance carrier begin to blame each other. Implications for the plaintiff’s bar consist of the client filing state-bar complaints or lawsuits against the plaintiff’s attorney, as they are innocent victims and want their settlement funds. Implications for the defense bar and the carriers consist of having to pay the settlement twice because they did not spot a huge red flag, which is a drastic change in the payment instructions that doesn’t make any sense and was not confirmed by a phone a call. Financial responsibility and standard of care requires that the defense firm and the insurance carriers call the plaintiff’s attorney to confirm the wire, given the discrepancy from the initial payment instructions and to whom the payment was to be made. Basically, it’s a mess, and someone is going to be held responsible.

What you need to do now

1. As soon as a case settles, immediately inform defense counsel that you do not under any circumstances accept payment of settlement funds by wire and if they ever receive a request from you to do so it is a scam and to call your office immediately.

2. If you receive an email from someone you think is your client asking you to wire them their settlement funds after you’ve received the settlement check, immediately call your client and confirm it’s actually their wire instruction. As an outright preventative practice at your firm, there should be a policy that settlement funds are never to be wired to your clients. Payment to plaintiffs should always be made by check payable to the plaintiff and either hand delivered or signed for upon receipt so that there’s a paper trail.

What the plaintiff and the defense bar should both do

Share this article with everyone so we all know what’s going on and are aware of it. This includes every person in every role at your firm. Not just the attorneys.

Have your IT people take the following steps.

(1) Set up two-factor authentication via cell phone for logging into all your firm’s email accounts. This consists of downloading an app on your phone notifying you if someone is attempting to log into your email account. The only way anyone can log into your email account is if they are holding your cell phone in their hands.

(2) Disable your email account’s ability to set up “rules.” This way, the hacker cannot hide communications from you while using your email address. All emails from opposing counsel will show up in your inbox and all emails sent from your address will show up and stay in your sent folder.

(3) Do not click on an attachment that you are not expecting. If you’re too curious about it and have to know what it is (which is how they get you), then instead of clicking on it, simply send a reply email asking to verify the identity of the sender and the contents of the attachment: 99% of the time you will not receive a response.

(4) Use a secure cloud for your network. This makes hacking into your firm’s account much more difficult.

(5) And lastly, ask your IT people to do whatever else they can to beef up your cyber security.

Copyright © 2023 by the author.
For reprint permission, contact the publisher: Advocate Magazine