The Risk Manager, Spring 2019

The global law firm, Dentons Canada LLP, got stung for over $2.52 million by failing to thoroughly verify payout instructions for the partial repayment of a mortgage held by Timbercreek Mortgage Servicing Inc. While the transfer was pending, Denton received email purporting to be from Timbercreek advising that its account was being audited and directed the money be sent to an international account in Hong Kong, held by a third-party called Yiguangnian Trade Co. Ltd. Denton attempted to verify the instructions by leaving a voicemail at Timbercreek and asking for letters of authorization from Timbercreek and Yiguangnian.

Denton was never called back, but did receive authorization letters that appeared legitimate indicating they were from Timbercreek and Yiguangnian. Denton then transferred the $2.52 million to the Hong Kong account. Several weeks later Timbercreek contacted Denton asking what happened to their money. At that point Denton realized it had been scammed.

Troy Crawford, Managing Counsel for LM Title Agency, LLC, a wholly owned subsidiary of Lawyers Mutual of North Carolina, developed the following checklists for North Carolina lawyers based on his experience working with real estate closing scam claims. We think Kentucky lawyers can also benefit from Mr. Crawford’s work:

Payout Directives

  • Do not include unnecessary parties in communications involving wires. In particular, do NOT include Realtors and mortgage brokers, as they are the parties specifically targeted by criminal organizations and the most likely to be compromised. In [one] case, a hacker was monitoring the seller’s Realtor and sprang into action when receiving the [lawyer’s] directive. Worse yet, the fraudster now has a legitimate copy of this law firm’s document and may now target the firm in future deals.
  • Demand a physical ‘wet ink’ copy of the notarized directive. In [one] case, a .pdf version of the directive was sent, and it was impossible to detect the forgeries. ….
  • Ideally, the directive will be signed in the presence of a firm employee. This is the only method that does not require telephone or in-person verification.
  • When not possible, directives should ideally be received with other closing documents (deed, lien waiver, etc.) While not a sure indicia of fraud, a stand-alone directive should be considered a red flag.
  • All directives not signed in the physical presence of a firm employee require telephonic confirmation, using a previously verified number obtained from a source not in the chain of wiring communications. The call should be initiated by the law office, as fraudsters are now proactive in calling first. Email verification is useless, as a compromised email account is the very cause of these frauds.


  • Faxes should not be assumed any safer or more secure than email. A quick Google search under the term ‘fax spoofing’ reveals how easy it is to send spoofed faxes for free from any mobile device.
  • More secured versions of fax services should be used. Both stored pages and the data, which is transmitted, should be encrypted and only sent using secured email.
  • The fax account should be regularly monitored to verify faxes are only being forwarded to the correct designated email account.
  • As with email accounts, proper password security procedures should be followed, including making sure passwords are significantly complicated and changed frequently. Passwords should not be shared among different users or between different accounts or services accessed by the same user. For real estate practitioners, passwords should be in compliance with the ALTA Best Practices.
  • When it is not possible to verify the validity of the payoff account information, we encourage all attorneys to either overnight or hand deliver payoffs. This is especially the case if the payoff account is different than previously used for the same lender.
  • All attorneys should consider cyber, crime insurance and/or other insurance policies, which cover social engineering fraud. Working with an agent experienced with law firms is key to getting appropriate coverage and value.

We published the following checklist in 2015 (citing Bar of the City of New York Committee on Professional Ethics, Formal Opinion 2015-3: Lawyers Who Fall Victim to Internet Scams (April 2015)). We think now is a good time to offer it again.

Red Flags That May Alert An Attorney To An Internet Scam

Any one or more of these common “red flags” indicating a scam should arouse a lawyer’s suspicion:

  • The email sender is based abroad.
  • The email sender does not provide a referral source. (If the email sender is asked how he found the firm, he may respond that it was through an online search. If prospective clients rarely approach the recipient attorney based on an Internet search, this should be an immediate red flag.) 
  • The initial email does not identify the law firm or recipient attorney by name, instead using a salutation such as “Dear barrister/solicitor/counselor.”
  • The email uses awkward phrasing or poor grammar, suggesting that is was written by someone with poor English or was converted into English via a translation tool.
  • The email is sent to “undisclosed recipients,” suggesting that it is directed to multiple recipients. (Alternatively, the attorney recipient may be blind copied on the email.)
  • The email requests assistance on a legal matter in an area of law the recipient attorney does not practice.
  • The email is vague in other respects, such as stating that the sender has a matter in the attorney’s “jurisdiction,” rather than specifying the jurisdiction itself.
  • The email sender suggests that for this particular matter the attorney accept a contingency fee arrangement, even though that might not be customary for the attorney’s practice.
  • The email sender is quick to sign a retainer agreement, without negotiating over the attorney’s fee (since the fee is illusory anyway).
  • The email sender assures the attorney that the matter will resolve quickly.
  • The counter-party, if there is one, will also likely respond quickly, settling the dispute or closing the deal with little or no negotiation.
  • The email sender insists that his funds must be wired to a foreign bank account as soon as the check has cleared. (The sender often claims that there is an emergency requiring the immediate release of the funds.)
  • The email sender or counter-party sends a supposed closing payment or settlement check within a few days. The check is typically a certified check or a cashier’s check, often from a bank located outside of the attorney’s jurisdiction.

Duties of a Lawyer Who Suspects or Learns that He is the Target of an Internet Scam

  • An attorney who discovers that he is the target of an Internet-based trust account scam does not have a duty of confidentiality towards the individual attempting to defraud him, and is free to report the individual to law enforcement authorities, because that person does not qualify as a prospective or actual client of the attorney.
  • However, before concluding that an individual is attempting to defraud the attorney and is not owed the duties normally owed to a prospective or actual client, the attorney must exercise reasonable diligence to investigate whether the person is engaged in fraud.
  • In addition, because Internet-based trust account scams may harm other firm clients, a lawyer who receives a request for representation via the Internet has a duty to conduct a reasonable investigation to ascertain whether the person is a legitimate prospective client before accepting the representation.
  • A lawyer who discovers he has been defrauded in a manner that results in harm to other clients of the law firm, such as the loss of client funds due to an escrow account scam, must promptly notify the harmed clients

The Denton scam is now in court for a determination whether cyber insurance covers this kind of scam. For more details see Dentons Canada LLP v. Trisura Guarantee Insurance Company, Superior Court of Justice – Ontario, 2018 ONSC 7311, Court File No.: CV-18-595822, Date 20181211.