I recently received an email from a client that made my blood run cold. This firm came incredibly close to losing $150K in a wire transfer fraud. Thanks to an alert employee who trusted her “Spidey Senses” when the email crossed her desk, the firm averted disaster.
Before I go into the story, I wouldn’t be doing my job if I didn’t mention that this firm is a KnowBe4 customer and has been training its employees to notice and stop exactly this type of fraud. Simply put: training paid off BIG TIME for this firm.
Here is the story in the words of the alert employee:
We had a new case that came into the firm on June 13 and we decided to terminate representation on June 26 after too many red flags. The whole thing was quite fishy and I knew once I saw it we were getting conned, but I couldn’t quite figure out how.
In short, an out-of-state business contacted one of our attorneys on June 13 saying that a debtor in our state owed him money and he was seeking local counsel. Our attorney sent him an engagement letter to request a retainer. Our attorney received the signed engagement letter back with a note from the new client saying that his debtor had already agreed to make a payment. Sounds great to us! Easy case, open and shut, right?
The new out-of-state client writes us a note and says he is going to send the debtor’s check to us and we are to deposit it. He specifically notes that once “the check clears,” we are to deduct our retainer and then wire the rest of the balance to him. Basically, it sounds like this new client is being completely responsible, making sure we are paid our retainer before he receives the rest of his money.
The email chain of communication looked so legit and went on between the client and two of our attorneys for the better part of a week. However, when the word “wire” was mentioned, our attorney copied me on the email chain so that I would be aware of what was coming down the pike.
When I received that email chain, my alarm bells were going off everywhere. I sent my suspicions to our professional liability carrier and asked them what they thought was going on and they knew exactly what was going to happen! (See attached article for an explanation.)
We sent a termination letter to the client immediately, but the same day we received the check from the so-called debtor to deposit. Of course, we did not. But here’s the scary thing: had I not been copied, there is a very good chance that the check would have gotten to accounting and they would have done what they were told to do – deposit it, call the bank in 5 days to make sure it had cleared and then wire the money. We would have verified the wire information by phone in accordance to our policy, and I’m certain the out-of-state client would have gladly assisted us with that. Two people are required to provide pins to wire money out over $25K so I likely would have gotten involved then if I hadn’t been already, but even at that point without having all the back information, I probably wouldn’t have questioned the chairman of our firm if the wire was legit. I would have asked if the check cleared and if we verified the wire information with an OUTGOING call to the recipient. I would have gotten a yes and yes. So, the chills that run up my spine is the “what if” I hadn’t been copied on that initial email chain?
Are you confused by this? You’re not alone. Read on for an explanation of how this fraud scheme works. (Thanks to Swiss Re Corporate Solutions for this documentation.) If you want to improve your own firm’s “Spidey Senses,” give me a call to discuss KnowBe4 Security Awareness Training.
Wire fraud schemes: a new variant on a very old scam!
Remember: Cashier checks and money orders can be counterfeit!
Would you fall for this new set up?
A local business (and would-be defendant) sends you a check, usually drawn from a foreign or out-of-state bank, in satisfaction of a dispute recently brought to you by a new and previously unknown client. Apparently, the local business learned of your anticipated involvement from the new client, and without any action on your part, sent the check. The local business apparently does not want a fight on their hands. Does this sounds strange? Too good to be true? Unfortunately, wrapped around clever details, this scam has actually worked to rob law firms of trust account money.
What makes this new variant of the very old scam so effective?
This scam is essentially the most recent variant of the so-called Nigerian Prince scam.
What makes this version of the scam so effective, however, is the insertion of a legitimate (but impersonated) third party to bolster the appearance of credibility. The old scam involved a stranger/potential client mailing a check to an attorney. The new scam, however, works by creating the illusion that a local business is actually sending the check, and generally unfolds as follows:
A lawyer receives a cold call from a prospective new client who lives several hundred miles away. The new client explains that he wishes to retain the law firm to prosecute a civil action against a business located a few blocks from the law firm's office.
The prospective client explains that the local business owes him money for delivered products, and sends the lawyer collection letters that he purportedly sent to the local business owner demanding payment.
The client signs an engagement letter that requires a retainer. The law firm advises the client that it will hold off on contacting the local business until receipt of the retainer.
Two weeks later, and after never having sent the retainer, the client instead unexpectedly emails the lawyer with a copy of a new demand letter that the client purportedly sent directly to the local business advising of the law firm's retention.
The following day, the local business overnight mails a package to the law firm with a cashier's check for the vast majority of the overdue amount.
The lawyer emails the client to announce its receipt, and the client immediately responds with, "Great news. Please deposit the check, and take your percentage of the proceeds!" The client then requests that the law firm wire a certain percentage of the remaining proceeds to an account owned by a New York City supplier for whom the client owes money. The law firm waits for its bank to advise that the check has "cleared" and then follows the instructions.
The cashier's check bounces. The lawyer contacts the local business only to find out that it never sent the check and has never heard of the law firm's client.
Dissecting three details
There are at least three important details of this transaction that successfully disarmed the lawyer and allowed this fraudster to perpetuate this fraud:
(a.) As opposed to a stranger living on another continent, claiming to be of royal ancestry, the fraudsters here created the illusion that this was a routine contract dispute that involved a local business. The lawyer, however, never had any contact with the local business, which is a necessary component successfully achieved by the fraudster due to his orchestrated delay in paying the retainer.
(b.) After depositing the check, the fraudster instructed the law firm to wire only a portion of the entire amount; this left the lawyer with the illusion that the vast majority of the overall funds remained under the law firm's control and safely within the trust
account. This request was likely designed to reduce the risk of "alarm bells" going off in the lawyer's mind about accepting a check and immediately thereafter making a wire transfer, which, of course, in reality, is exactly what was happening.
(c.) As is so common with fraudulent wire transfers, the payee of the wire was a stranger to the transaction. The fraudster's instructions to send the wire to a New York City supplier is important, however, as it removed suspicion about why a stranger had been inserted into the transaction.
In summary, fraudsters use creative fact patterns designed to disarm their intended targets. Stripped down, however, to its essential elements, this fraud possessed the same red flags that are present in most schemes. A client essentially –out of the blue called- and shortly thereafter the law firm was holding a seven-figure check after doing absolutely no work.
The "cleared check" syndrome
If there is ever a doubt that a check is good, wait a period of time before taking any action on it. Checks from fake or empty accounts should bounce within a few weeks. If the check is from a foreign bank, it may take even longer, although you should hear about it within 30 days in many (but not all) cases.
Never, however, rely upon the initial information from your own bank that the check has "cleared" without confirming that you understand the manner in which the bank is using the term. Since banks will allow customers to move money from a deposited check after a certain period of time, some banks will announce that a check has "cleared" only to mean that this period of time has passed. If, however, the bank associated with the issuing account fails to cover the check, it will still bounce. When communicating with your bank, be careful that you are on the same page in terms of what precisely they mean when they advise that a check has "cleared". You will want to know, more precisely, when the issuing bank's money to cover the check has arrived to satisfy the deposit; escalation to a manager may be required.
Finally, be creative. Is there another way to handle this situation other than your firm wiring funds from an out of state or international bank to an account with a payee that is a stranger to the transaction?
What to do if you are the victim of a fraudulent scheme
If you already believe that you may be the victim of such a fraud, IMMEDIATELY report it to the bank and to law enforcement. Time is of the essence in any recovery action. In certain circumstances, the bank can initiate the FBIs' Financial Fraud Kill Chain (FFKC) to recover large international wire transfers. Do not wait until it's determined that the funds have gone overseas but work with the bank to report the fraud as soon as it is discovered. The transaction must meet the following criteria for FFKC action:
The wire transfer is $50,000 or more
The wire transfer is international
A SWIFT recall notice has been initiated
The wire transfer has occurred within the last 72 hours
In conclusion, wire transfer fraud shows no sign of slowing down, and indeed fraudsters continue to develop new ways to rob innocent people of their money. The only effective way to defeat a fraudster is through proactive risk management. All attorneys and staff should be trained to identify the red flags so common to these transactions.
Copyright Swiss Re Corporate Solutions 2019. This article is intended to be used for general informational purposes only and is not to be relied upon or used for any particular purpose. Swiss Re shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal, accounting or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice.