Massive ‘WannaCry’ Cyberattack Highlights Growing Ransomware Threat
Know Your Reporting Requirements Under Your LPL Policy

Internet Scams Targeting Attorneys

Email FraudAttorneys are highly educated, trained to be thoughtful, analytical, and most importantly skeptical. It will come as a surprise then that attorneys are also particularly vulnerable as a group to certain internet scams, in part because of the way that most attorneys obtain clients and in part because of ethical codes imposed on the profession. Scam artists have in turn become efficient and sophisticated in targeting the vulnerabilities of lawyers. Despite repeated warnings from bar associations and legal publications, many unsuspecting and otherwise mindful attorneys still fall prey. This article explores three (3) internet scams specifically targeting attorneys:

1. “Fake Client/Check” Scam

 

This scam has been around for several years, targets the way many attorneys obtain clients, and only works because of procedures in place for attorneys’ escrow/IOLA accounts. One of the many consequences to the attorney-victims of this scam is that the money lost from their IOLA account often belongs to bona fide clients.

We live in an age of convenience. Most people are unwilling to call a restaurant to make a reservation. The same is often true when hiring attorneys. Many attorneys, especially small firms and solo practitioners, get their clients through the internet, through LinkedIn.com or even direct messaging to an attorney’s email address posted on a firm website. The internet has made attorneys more accessible to potential clients worldwide and has had wide benefits to practitioners.

 The ease of the internet has also led way to a now-common internet scam targeting attorneys. An overseas potential client will email a U.S. attorney to recoup a debt owed by a local entity in the attorney’s jurisdiction. The potential client and local entity usually appear legitimate and may even be a real company and/or person. The foreign client, however, provides contact information that looks legitimate but instead is their own contact information. The foreign client generally signs a retainer agreement, and after some demand letters and back and forth, the attorney will succeed in obtaining a check from the local entity to pay the debt. The attorney then deposits the check in his escrow account and after it seemingly clears, he wires the funds (less his fees/retainer for future services) to the client’s foreign bank account. However the check has not cleared, instead the attorney’s bank provided provisional funds, funds the bank provides clients even though the legitimacy of the check has not been verified, and now the attorney is on the hook to replace the funds the bank provisionally provided. The “client” and the wired funds are nowhere to be found.

There are many variations of this scam. For example, in one variation a scammer posing as a property investor asks a real estate broker for a referral to an attorney. The attorney has had a long standing relationship with the broker, i.e. his guard is down. Then investment funds are sent by check to an IOLA account, but suddenly the investor needs the funds back for some “emergency”. Fearing penalties for mis-handling a client’s funds, the attorney wires provisional funds to the scammer. The check bounces and the investor is gone.

Attorneys who fall victim to this scam often have represented foreign clients in the past so the initial request and retainer do not seem unusual. Small firms and solo practitioners are under intense pressure to sign new clients and the offer appears to be easy money especially because the “client” agrees to any fee terms the attorney suggests. Small firms also do not have the financial controls implemented at larger firms putting them at greater risk. A smaller firm may not have an accounting department knowledgeable about provisional funds and banking practices. The scams work because of a mistaken belief that a bank will inform the attorney when the check “clears.” However, as detailed below, this is not how banks work.

After the check has bounced, the bank freezes the IOLA account (and often the attorney’s personal accounts) and/or sues the attorney to collect the “provisional funds” which were wired to the scam artist. Since the check bounced, there is no money to cover the funds—the scammers are nowhere to be found and often in foreign countries which are uncooperative with U.S. criminal investigations.

Ability to Rely on The Bank’s Representation That a Check has “Cleared”?

In one recent lawsuit where a bank sued an attorney who fell victim to this type of scam, a representative of the bank actually told the attorney that the check cleared before the attorney wired the funds. The attorney thought he could rely on the bank’s representation that the check “cleared” and that representation was proof of the validity of the check, right? Wrong! As ruled by the Court of Appeals in Greenberg, Trager & Herbst, LLP v HSBC Bank USA, 17 N.Y.3d 565 (2011), dealing with a bank suit against an attorney for a check scam, a banking client cannot rely on a bank’s representation that a check cleared.

In Greenberg, Trager & Herbst, LLP, during a telephone conversation, HSBC informed the attorneys that the check had cleared.  The attorneys then wired $187,750 to Hong Kong based on a belief that the check had cleared.  Thereafter, HSBC notified attorneys that the check was dishonored as “suspect counterfeit.”  HSBC then revoked its provisional settlement and charged back attorneys’ account.  The attorneys commenced an action against HSBC sounding in negligence and negligent misrepresentation.  In affirming summary judgment in favor of HSBC, the Court of Appeals found that the “oral statement by the HSBC representative that the check had ‘cleared’ [was] an ambiguous remark that may have been intended to mean only that the amount of the check was available (as indeed it was) in [the attorney's] account. Reliance on this statement as assurance that final settlement had occurred was, under the circumstances here, unreasonable as a matter of law.” Id. at 580. 

Further, the Court noted that “[t]he term 'cleared' is not employed in the UCC and, as commonly used, is not the equivalent of 'final settlement'" Id. at 578, n. 8; see also Call v. Ellenville Nat'l Bank, 5 A.D.3d 521, 524 (2d Dept. 2003), (finding that the statutory allocation of risk found in the UCC should not be altered by the defendant bank's alleged representation to the plaintiff that the check had "cleared."); Law Offices of Oliver Zhou v. Citibank N.A., 2016 U.S. Dist. LEXIS 65110 (S.D.N.Y. May 17, 2016); JPMorgan Chase Bank, N.A. v. Freyberg, 171 F. Supp. 3d 178 (S.D.N.Y. Mar. 17, 2016) (finding no liability for the bank’s provision of provisional funds for a counterfeit check); Margot J. Garant, Inc. v. Suffolk County Natl. Bank, 46 Misc. 3d 1218(A) (Sup. Ct. Suffolk Co. 2015) (finding any reliance on the defendant-bank’s representation that a check cleared by the plaintiffs was unreasonable as a matter of law); JP Morgan Chase Bank, N.A. v. Popovic, 26 Misc. 3d 1216(A) (Sup. Ct. Albany Cty. 2009) (finding no liability when a bank takes seven weeks to notify a customer of a dishonored check); see also Bank of NY v. Asati, Inc., 184 A.D.2d 443 (1st Dept. 1992); but see JP Morgan Chase Bank, N.A. v. Pinzler, 28 Misc. 3d 1214(A) (Sup. Ct. 2010) (a pre-Greenberg decision denying summary judgment on a negligence claim finding that more discovery was necessary to determine whether Chase acted negligently by asserting that a check cleared.).

As described above, the term “cleared,” despite its wide-spread colloquial use, does not really have any legal significance. The processes of the check collection system employed by banks is described in Northpark National Bank v Bankers Trust Co., 572 F Supp 524, 525-526 (S.D.N.Y. 1983):

Two features of the modern check collection process are central to the understanding of this fraud. The first is that, notwithstanding the colloquial suggestion to the contrary, checks deposited for collection do not generally "clear." That is, provisional credits -on the customer's account at the depositary bank and on the accounts of intermediary banks involved in the collection process-become final by the mere passage of time, rather than by an advice of actual payment.  It being statistically unlikely that a particular check will not be paid,  the practicalities of the process call for giving actual notice (down the chain of collection) only in the event a check is not paid. Accordingly, the temporary hold which a depositary bank customarily places on the withdrawal of proceeds from a check deposited for collection is intended to give the collection chain an opportunity to notify the depositary bank, if it be necessary, that the check has not been paid. Thus, the hallmark of the normal completion of collection-i.e., the check having been paid-is the receipt of no notice by the depositary institution.

[…]With the foregoing in mind it is clear how a fraud of this type is accomplished. Its object is to cause a worthless check deposited for collection to take a sufficiently long detour in its progress to the drawee bank, to insure that the notice of non-payment will not arrive at the depositary bank until after the expiration of the hold which it placed on the availability of the proceeds from transit items. Having received no such notice before the expiration of the hold, the depositary bank supposes the items to have been paid and allows its proceeds to be withdrawn. By the time notice arrives the malefactor has, of course, absconded with the spoils.

Id. (citations omitted). In other words, a bank confirms that a check is valid when a certain amount of time has passed, often up to two-weeks, without the bank receiving notice that the check was invalid.

This scheme is made easier by banks who regularly provide “provisional credit” to check depositors prior to the discovery of the fraudulent nature of the check. The Expedited Funds Availability Act (“EFAA”) of 1987 (implemented by Regulation CC, 12 C.F.R. 229), requires banks to make funds deposited in transaction accounts available to their customers within a specified time frame. This availability is provisional and the collecting bank has the right to charge back the amount if the check is dishonored or the bank fails to receive a settlement for the check (see U.C.C. § 4-212). Through these means, a bank will provide “provisional credit” based on a check which is later revealed to be fraudulent thus providing the scammer with an opportunity to recoup the credited funds while the bank still has to recourse to charge back the unwitting victim of the scam.

When banks sue for the return of provisional credit, some malpractice insurers have refused to indemnify attorneys under their policies. See e.g., Lombardi, Walsh, Wakeman, Harrison, Amodeo & Davenport, P.C. v. American Guarantee and Liab. Ins. Co., 924 N.Y.S.2d 201 (3d Dep't 2011)(coverage litigation between insurer and attorney, arising from settlement of bank's lawsuit against attorney as a result of an overdraft caused by a counterfeit check); O'Brien & Wolf, L.L.P. v. Liberty Ins. Underwriters Inc., No. 11-cv-3748, 2012 WL 3156802 (D. Minn. Aug. 3, 2012) (holding that insurance company was required to cover losses from attorney trust account due to counterfeit check scheme); Attorneys Liab. Protection Soc., Inc. v. Whittington Law Assocs., PLLC, 961 F.Supp.2d 367 (D. N.H. 2013) (denying insurance coverage for losses due to "Nigerian check scam"). In Lombardi, the court found that the insurer had to cover the attorney under the malpractice policy because, even if the client turns out to be fake, handling a client’s funds is part of the attorney’s legal services. Id.; see also Yudin & Yudin, PLLC v Liberty International Under Writers, Inc., 2012 N.Y. Misc. LEXIS 111 (Sup. Ct. N.Y. County Jan. 11, 2012) (Rakower, J.) (same).

Ramifications/Solutions

Another ramification of this scam is potential disciplinary liability. An attorney’s IOLA account may contain other clients’ funds which the bank may then use to “cover” the provisional funds lost. Banks may also be required to report an attorney with an overdrawn IOLA account to the state bar. This will likely result in a disciplinary investigation and audit of the IOLA account. In 2015, the New York City Bar Association came out with a formal ethics opinion finding that “because Internet-based trust account scams may harm other firm clients, a lawyer who receives a request for representation via the Internet has a duty to conduct a reasonable investigation to ascertain whether the person is a legitimate prospective client before accepting the representation. A lawyer who discovers he has been defrauded in a manner that results in harm to other clients of the law firm, such as the loss of client funds due to an escrow account scam, must promptly notify the harmed clients.” Formal Opinion 2015-3: Lawyers Who Fall Victim to Internet Scams.

One of the best ways to avoid this scam is to tell all overseas clients that there is a mandatory three-week waiting period on any check deposits. This is because some foreign institutions take up to 20-days to verify credit. This should be enough time for the depositing bank to discovery whether the check is valid. Do not be fooled into waiving this grace period because the foreign client requests that you wire funds to U.S. bank accounts. Scammers will often use individuals with U.S. bank accounts as strawmen intermediaries who then wire the funds internationally (see below). As stated in Margot J. Garant, Inc, 46 Misc. 3d 1218(A): “The Federal Reserve, like the Appellate Division and the Court of Appeals, advises that it is important to ‘know your customer.’”

2. “Ransom” Scam

 

This scam not only affects attorneys, but companies around the globe and has been in the news a lot lately. The main purpose of this scam is to infect the attorney’s computer with a virus blocking the attorney’s access to it. The scammers then hold the computer for ransom. The scammer’s initial entry into the attorney’s computer system could be through hacking or because the attorney clicked on a seemingly legitimate link. On November 30, 2016, New York Attorney General Eric T. Schneiderman issued a press release warning that attorneys were receiving emails which were seemingly from A.G. Schneiderman’s office claiming that their business was the subject of a complaint for which they have 10 days to respond. The email included a hyperlink to the “complaint” which instead installed malware. Press release available at, https://ag.ny.gov/press-release/ag-schneiderman-issues-alert-phishing-scam-targeting-new-york-attorneys. The A. G.’s office advised attorneys to update their anti-virus software and use caution when clinking on links. Also be particularly mindful when an email appears to be odd. For example, in the scam cited above, the email claimed to be from “The Office of The State Attorney Complaint,” but there is no such office. Generally, attorney complaints in New York are handled by the grievance committee in the jurisdiction where the attorney was admitted.

3. “Impersonating a Known Client” Scam

 

This scam generally targets attorneys, accountants and other professionals holding a great deal of client money. The scammer first hacks into the attorney or client’s email account and gains information about how the attorney and client conduct business. For example, does the client direct the attorney to wire her funds from the attorney’s IOLA account over email? What language does the client use? As news dribbles out each day of compromised user name and password for various internet applications, this first step is becoming fairly easy for hackers. In 2016, the astounding news came to light that between 2013-2014, over 1 billion Yahoo! user accounts were hacked.[1]

Then, once the hacker has the inside information from the email accounts, he then impersonates the client and requests that the attorney wire the client’s funds to the hacker’s bank accounts. In one such case handled by our firm, the hacker exploited the way Yahoo! groups email messages. The hacker created an email address that was identical to the real client but for one-digit. The hacker then sent emails from the fraudulent email address impersonating the client, including using the same subject line as legitimate emails and using similar phrasing to the client. Yahoo! will group all emails together which have the same subject line. When the attorney viewed the fraudulent email, it appeared to be from his client, even down to the client’s tag name- the fake email address was not visible. Accordingly, there was nothing inherent about the email, not even the email address, which was not visible, to put the attorney on notice that the email was fraudulent. The attorney then wires the funds as he believes his client directed.

This scam works because the attorney already has a relationship with the real client who he trusts and the request does not seem unusual. The client may be in the business of often requesting funds to be wired in this matter, for example if the client is a lender. The scam artists are highly sophisticated and realize that if they ask that the funds be wired out of the country where the bona fide client is not located, it might raise red flags. So they generally solicit the cooperation of Americans with U.S. Bank accounts to be the conduit for the wired funds. Once the attorney wires the funds to the U.S. Bank accounts, these strawmen, after subtracting a fee for their “services,” wire the funds out of the country. The attorney remains ignorant that the client’s funds left the country until learning of the scheme from a conversation with the client, who has no knowledge of the wiring instructions.

Attorneys can face high liability with this scheme because, technically, they wired their clients’ funds without authorization. In New York, this would generally be prima facie evidence of the breach of standard of care in a legal malpractice action.  The bank would not be liable in this scheme because the proper account holder, the attorney, authorized the wire transfer.  Similarly, it would be difficult to hold Yahoo! responsible for the breach described above.  Email providers are only responsible for providing the amount of internet security as is represented in their services agreement.  For free internet providers like Yahoo!, the amount of internet security provided to users is generally not as high as paid providers.  Yahoo!’s security policy states that it only provides Secure Socket Layer (SSL) inscription for transactions involving credit cards and other financial services.  Yahoo! claims to “maintain reasonable physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information.”  It would be very difficult to prove that Yahoo! breached these terms.

While authorities sometimes arrest the perpetrators of internet scams and recoup the stolen funds or obtain restitution, with foreign scammers, this is incredibly unlikely. In one such case, the scammer involved in the case handled by our firm, Nigerian national David Chukwuneke Adindu, was arraigned on December 14, 2016 for wire fraud in the Southern District of New York. According to the indictment, Adindu worked with others to carry out internet scams on various entities from 2014 to 2016.  The scams include contacting and impersonating potential victims in order to induce them to wire money to third parties. See U.S. v. Adindu, No. 16-cr-00575 (S.D.N.Y.).   

If you or a client has fallen victim to an internet scam, you can report it to:

  • Federal Bureau of Investigation (FBI) Internet Fraud Complaint Center at www.ic3.gov  
  • Federal Trade Commission (FTC): by telephone at 1-877-FTC-HELP or file an electronic complaint at www.ftc.gov
  •  Mail-based scams - U.S. Postal Inspective Service by telephone at 1-888-877-7644 or via e-mail at https://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx 
  • If you have a complaint about a national bank’s handling of a fraudulent check, and you cannot resolve the problem with the bank, contact the Office of the Comptroller of the Currency’s Customer Assistance Group, by calling 800-613-6743 or by sending an e-mail to: [email protected]

__________________________________________________________

* This article was prepared by Andrew R. Jones, Esq. and Rachel Aghassi, Esq. of the New York City-based law firm of Furman Kornfeld & Brennan LLP.  Andrew and Rachel work as part of a team of 15 lawyers devoted to the defense of attorneys and other professionals in malpractice and disciplinary matters.  For more information about the above topic or the authors, please visit: www.fkblaw.com.

We trust that the above article was useful and thought provoking; however, please note that it is intended a general guide only, not a complete analysis of the issues addressed, and readers should always seek specific legal guidance on particular matters.

For more information on LPL coverage generally and how internet scams can affect the exposure of your firm to malpractice claims, contact USI Affinity today.

 

 

[1] See New York Times article, available at https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html.  The U.S. Justice Department has since charged two Russian Intelligence Officers with data theft, available at, https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html.  

Comments

EricR

One other course of action is to advise these suspect "clients" that you will confirm the validity of all checks received, including bank and cashier's checks prior to depositing them. After responding to an inquiry that seemed legitimate at first, I received a purported bank check that I was to deposit into my escrow account. I immediately contacted the issuing bank and emailed them a scan of the check, and was advised that it was a very good forgery. Ever since, I provide such a notice in my emails to potential (but suspect) clients.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)