Cybersecurity and Wire Fraud

CertifID [1], a leader in fraud protection for the real estate industry, recently published its “State of Wire Fraud 2025 Report.” The report states, “Losses from cybercrime reported to the FBI Internet Crime Compliant Center (IC3) exceeded $12.5 billion last year, a 22% increase in annual losses. Most of these losses reported to the IC3 are the result of fraud and scams.” The report further states, “Real estate has become a particular target, where the problem has grown to nearly $500 million in losses from business email compromise annually.”

Attorneys in every area of the law should be aware of the serious concerns regarding cybersecurity and wire fraud. However, this is especially true with real estate practitioners, given the sensitive information attorneys and their staff handle and the financial transactions involved with this type of legal work.

The report goes on to state, “52% of all consumers are “not aware” or only “somewhat aware” of the risks of wire fraud.” Further, the report states that, “Over 1 in 4 (26%) of home buyers and sellers reported receiving suspicious or fraudulent communications during their closing process.” Additionally, the report provides that among victims who realized they had become victims of their money being sent to the wrong place, “73% of consumers were able to recover all or most of their funds. However, that left 27% of consumers with less than half to no funds recovered.”

When it comes to assisting your clients who fell victim to wire transfer fraud, the report further provides, “In this time of crisis, first-time consumers turn to their title company or attorney the most…” The report continues, “56% of first-timers received help to attempt to recover funds from their title company or attorney.”

Accordingly, LMICK wishes to bring to your attention this important risk which exists when dealing with cybersecurity and wire fraud.

Some of the main concerns include:

  1. Email Spoofing and Business Email Compromise (BEC)
    • Threat: Hackers impersonate attorneys or clients to redirect wire transfers.
    • Impact: Funds can be irreversibly stolen if sent to fraudulent accounts.
    • Real-life scenario: A hacker gains access to an attorney’s email, monitors conversations, and at the right moment sends a fake wire instruction that appears legitimate.
  2. Phishing and Social Engineering
    • Threat: Attorneys and staff may receive convincing emails or calls designed to trick them into giving up credentials or downloading malware.
    • Impact: Compromised systems or access to sensitive client info.
    • Concern: High-value cases and confidential data make law firms prime targets.
  3. Inadequate Cybersecurity Measures
    • Threat: Weak passwords, unencrypted communications, lack of multi-factor authentication (MFA), or outdated software.
    • Impact: Makes it easier for attackers to breach systems.
    • Concern: Small or mid-sized firms often lack robust IT departments.
  4. Data Breaches and Client Confidentiality
    • Threat: Breach of client data (e.g., intellectual property, personal data, case strategies).
    • Impact: Legal liability, loss of trust, malpractice claims, bar complaints.
    • Concern: ABA Model Rules require attorneys to safeguard client data.
  5. Ransomware Attacks
    • Threat: Malware encrypts firm data and demands payment for release.
    • Impact: Operational downtime, reputational damage, financial loss.
    • Concern: Even firms with backups may face issues if client data is leaked or sold.
  6. Wire Transfer Protocol Vulnerabilities
    • Threat: Inconsistent or informal procedures for verifying fund transfers.
    • Impact: Increased risk of sending money to fraudulent accounts.
    • Best Practice: Always confirm transfer instructions by phone with a known contact.
  7. Regulatory and Ethical Compliance
    • Threat: Failure to meet obligations under data privacy laws (e.g., GDPR, HIPAA, CCPA).
    • Impact: Fines, sanctions, malpractice liability.
    • Concern: Attorneys must understand not only legal risk, but also technical standards. Please see SCR 3.130 (1.1) (Competence), Comment 6 (Technological Competence). Lawyers have a duty to stay abreast with the benefits and risks of relevant technology.
  8. Third-Party Vendor Risks
    • Threat: Cloud providers, court filing platforms, or e-discovery vendors may be less secure.
    • Impact: Data could be exposed via external systems.
    • Concern: Attorneys are still responsible for protecting client data, even when using outside services.

LMICK would like to provide the following Cybersecurity and Wire Fraud Checklist for you and your firm. While this list is certainly not exhaustive, it can at least help you and your firm begin to take the necessary steps to protect yours and your client’s interests regarding cybersecurity.

  1. Email & Communication Security
    • Enable multi-factor authentication (MFA) on all email accounts.
    • Use a custom domain email address (avoid Gmail/Yahoo/etc. for legal business).
    • Train staff to spot phishing, spoofed emails, and suspicious attachments. Consider random penetration testing by an outside vendor who will simulate a cyber attack.
    • Include 'DO NOT TRUST WIRE INSTRUCTIONS VIA EMAIL' warnings in email footers.
    • Encrypt sensitive emails using secure communication platforms.
  2. Wire Transfer Protocols
    • Verify all wiring instructions with a phone call to a known, trusted number.
    • Implement a dual-authorization system for outgoing wire transfers.
    • Never accept wire changes via email without independent verbal verification.
    • Educate clients about common wire fraud scams before transactions.
  3. Device & Network Security
    • Use endpoint protection (antivirus, anti-malware) on all devices.
    • Keep software and systems updated (including operating systems and plugins).
    • Encrypt laptops and mobile devices, especially if used outside the office.
    • Disable auto-forwarding of emails unless necessary for security audits.
  4. Staff Training & Awareness
    • Conduct mandatory cybersecurity training at least annually.
    • Create a cyber incident response plan and test it with drills.
    • Assign a cybersecurity point person or team within the firm.
  5. Data Protection & Backup
    • Regularly back up critical files (both locally and in the cloud).
    • Store backups offsite or in secure, encrypted cloud environments.
    • Use secure client portals for file sharing instead of email attachments.
  6. Vendor & Third-Party Risk Management
    • Vet all third-party services (e.g., cloud storage, case management systems) for security compliance.
    • Sign data protection agreements with vendors.
    • Avoid free or consumer-grade software for case-related work.
  7. Legal, Ethical, and Insurance Considerations
    • Review and comply with any applicable KBA and ABA cybersecurity ethics opinions.
    • Maintain cyber liability insurance (ensure it covers wire fraud, ransomware and theft).
    • Include cybersecurity clauses in engagement letters and retainer agreements.

LMICK also wishes to remind you that most cyber insurance policies do not cover theft. Thus, please be sure to have in place the appropriate safeguards necessary to ensure cybersecurity and protect you, your client and your firm from wire fraud and theft.

[1] CertifID is a leader in fraud protection for the real estate industry. The company safeguards billions of dollars every month with advanced software, digital payments, direct insurance, and proven recovery services. Trusted by title companies, law firms, lenders, realtors, and home buyers and sellers. To download a free copy of the State of Wire Fraud 2025 report, go to www.certifid.com/sowf.