The Risk Manager, Fall 2016

The following are verbatim state bar alerts to its members concerning scams:

Kentucky Bar Association

Warning: Potential Scam Targeting Bar Associations’ Members

Other state bar associations are reporting that their members have been targeted by scammers requesting dues payments. The KBA has not received any reports from our members, but we ask that you be careful as the 2016-17 dues invoices will be mailed around July 8, 2016. When you pay your KBA dues online, always check the web address to make sure you are on the correct site:

In addition, if you receive any emails from the KBA, all of our emails are sent from the domain: If you are unsure about an email or a website, please contact us at (502) 564-3795.

North Carolina State Bar Association

Wire Instruction Fraud Continues to Plague North Carolina Lawyers

Over the last two weeks, Lawyers Mutual (North Carolina) has received multiple reports of North Carolina attorneys who were targeted by scammers attempting to divert seller closing proceeds following real estate transactions. Unfortunately, several of these attacks were successful and hundreds of thousands of dollars were stolen and are very unlikely to be recovered. However, several attacks were foiled by attorneys and staff members who approached transactions with a high degree of skepticism.

While the details of the recent scams are emerging, it appears hackers first became aware of the closing by compromising email accounts of differing [sic] parties. Sometimes the attorney account was compromised, sometimes the Seller’s account was compromised but the most common scenario was the Realtor’s account was being monitored by international criminal organizations. The foreign-based hackers would observe the account, likely for several weeks, and only actively intervene once an understanding of the business practices were obtained and a significant wire was to be produced. In the interim, the unsuspecting Realtor would continue to use the account unaware his or her client and the closing attorney were being set up to be robbed.

Below are some tips that will help your office avoid falling victim to the latest series of scams.

EVERY wire request should be verified and the more personal the verification, the better.

  • The best way to verify wiring instructions is to have the Seller sign the wiring instructions at the closing ceremony in the presence of the attorney. We know of no wire fraud that has taken place when this has occurred, and even if it did, the closing attorney would likely be insulated from liability by the doctrine of contributory negligence. (Note: N.C. still has the doctrine of contributory negligence)
  • If the Seller is unable to attend the ceremony, we recommend the wiring instructions be included in the same package in which the deed is delivered. In these situations, have the Seller sign wiring instructions and have the signature notarized, if possible. Even then, we recommend the Seller verify the closing instructions over the telephone via a call initiated by the law office, using contact information from very early in the file prior to any discussion of proceeds and wires.
  • Confirming a telephone call verification via email is a good practice and a great way to document the file. However, an email verification alone is inadequate.

Do not accept changes to wiring instructions.

If wiring instructions are attached to an email from a free email service (gmail, yahoo,,, etc.) they should be assumed to be fraudulent and extra diligence should be taken in the verifying their authenticity. Sometimes hackers will set up an alias account with a very similar name (frequently dropping or swapping letters) to send modified instructions so the authentic user is not aware of their presence. Examining the account name in detail is a good idea; however, as the hacker already has access to the original account, he or she may not take this step and will use the same account that all other correspondence used.

Real Estate attorneys should not be using free email accounts. These accounts have major security concerns and are likely being mined for data by their providers in violation of Rule 1.6 of the Rules of Professional Conduct. In addition, they are very unlikely to be compliant with the ALTA Best Practices.

  • If you are currently using a free service, immediate action should be taken to find a more secure and professional alternative. In the interim, it is possible to see when and from where the free account was recently accessed. Here is a link explaining how to do it for gmail accounts: Other services should have similar abilities. If you see suspicious activity, please immediately change account passwords and contact your professional liability carrier along with your cyber or crime carrier.

Be very suspicious of wires going to any account that is not in the name of the Seller. Also, be suspicious of any account with a geographic location different than the Seller. Why is a North Carolina Seller relocating to New York sending a wire to Wisconsin? There are some reasons for the different names and odd locations, but these are red flags, which should be explored in detail (and not via email).

Do NOT send wires overseas. Once money leaves the United States, it is likely gone forever.

Regularly change your passwords

We understand these policies appear harsh and some pushback may occur. However, hacking crimes can be devastating to a law firm’s finances and reputation. Explaining the policy up front is a good way to limit negative actions. Below is sample language I recommend to be included in your Seller engagement letter.

Funds Availability Policy

It is our goal to make real estate commission checks and funds available as soon as practical following closing. However, NC State Bar Rules expressly prohibit disbursing any closing funds prior to recording. Should you request funds be wired, our office can accommodate the request for a fee of $___.00.   In order to prevent fraud and protect your proceeds, all wiring instructions will be verified and you will be required to sign the instructions at the closing ceremony. THIS OFFICE WILL NOT ACCEPT CHANGES TO WIRING INSTRUCTIONS.

Phone Scam Spoofing Lawyers’ Phone Numbers Targets NC Citizens

We have recently been made aware of a new phone scam targeting North Carolina citizens. In this new scam, the caller purports to represent a law firm collecting a debt. The caller threatens the citizen with arrest if the debt isn’t paid via credit card during the phone call. The phone call has been reported to go like this:

  • “I am with [law firm] calling to collect a debt. If you do not give me a credit card number and pay this immediately, the sheriff is standing by to come to your house and arrest you.”

Victims of these scams are chosen at random. The scammers are hoping to scare vulnerable people into thinking they must provide credit card information to avoid going to jail. Unfortunately, there is nothing law firms can do to prevent scammers from spoofing their phone number.

Law firms can help alert the public to this scam. Here are some steps you can take to help:

Alert your family and friends. Anyone could be a victim.Make your staff aware of the issue so they can address phone calls should your firm receive them.

If your firm has been scammed, consider posting a notice on your website. Sample text listed below:

  • This firm DOES NOT collect debt via phone call. If you receive a phone call to collect debt purporting to be from this law firm, please do not provide personal or financial information to the caller. If possible, write down the name of the law office that appeared on the caller ID and hang up.

Alert: New Phishing Attack – Exercise Caution

There is a new phishing scam targeting bar members across the country. The fraudulent email pretends to be a communication from the State Bar or Bar Association.

There are several versions of this scam. The most common are: “[state] Bar Complaint,” “[state] Bar Association Past Due Notice,” and “Lawyers and judges may now communicate through this portal.”

In many instances, scammers pull names from State Bar or Bar Association websites to add legitimacy to their scam.

If you receive one of these fraudulent emails:

Do not respond or open any attachments.

Delete the email immediately. These emails likely contain malicious software or contain links to phony websites.

If you think your account has been compromised, change your password immediately.

State Bar of Arizona

State Bar Warns About New Scam Directed At Attorneys and Their Clients

The State Bar of Arizona is warning its members about a new type of scam directed at both attorneys and their clients. This sophisticated scam exploits the attorney/client relationship and defrauds consumers of their money.

How the scam works:

  • The client receives a phone call.
  • The caller ID shows the number belongs to the attorney.
  • The client is told that they need to pay additional money.
  • The client is then given a toll-free number to call.
  • When the client calls, they are directed as to how to pay the money.

This scam works through a process known as “Caller ID Spoofing”.  “Spoofing” allows a caller to change their ID to reflect any desired number, which will then show up on the recipient’s caller ID. Previous “spoofing” scams, for example, have involved callers using a number that belongs to the IRS.
“What makes this most recent case especially troubling is that the scammers have linked the attorney with the client,” said John Phelps, CEO/Executive Director of the State Bar of Arizona. “While this information may be publicly available through court documents, we have not seen it used in this way. This recent case involved bankruptcy court and the client was told they needed to pay more money to a creditor. Fortunately, the scam was caught in time and no money was lost.”
Attorneys should consider advising their clients about the potential for this type of scam. Consumers should confirm with their attorneys before sending money.   Both attorneys and consumers should file a report with the FBI’s Internet Crime Complaint Center (IC3) at if they are a victim of this scam.