LM Wire Fraud Unit is On the Front Lines
Picture yourself on the front line of defense against an email phishing scam. Imagine being in the trenches as you fend off the cyber-attack.
Now you can do so vicariously.
Following is an actual email exchange between a real estate lawyer and Lawyers Mutual claims counsel Troy Crawford. The string begins when the lawyer, who is insured with Lawyers Mutual, writes in after receiving a phishy email. The sender’s name is changed to Mr. X and the email address is deleted, but otherwise the emails appear as they came in and went out.
The successful result was the result of heads-up and speedy action by the insured lawyer, and strong secondary defense from attorney Crawford.
Another bullet dodged? Another crisis averted?
Or just another day in the life of a practicing lawyer – and a claims counsel at Lawyers Mutual.
From: Mr. X
Sent: Thursday, March 2, 2017 10:10 PM
To: Troy Crawford <tcrawford@lawyersmutualnc.com>
Subject: Wire fraud
Hey, just caught an attempted wire fraud on our account. Closed one this morning, elderly lady, agent said he would pick up her check tomorrow. Received an e-mail several hours later allegedly from the agent saying she now wanted her funds wired to a trading account. I did not catch it at first, but when looking at the file tonight, the fraudster's e-mail was @mail.com instead of the agent's email @gmail.com. We always verify wiring instructions before sending anything. There is only 1 person besides me who can even input wires into the system. I am the only one who can authorize them to be sent. Just wanted you to have another story to add to your growing list. Thanks for all you guys do.
From: Troy Crawford <tcrawford@lawyersmutualnc.com>
Sent: Friday, March 03, 2017 8:31:00 AM
To: Mr X
Subject: RE: Wire fraud
Thanks for the update and I am hearing of these schemes multiple times per week now. The Realtor’s email was very likely compromised and I would hope she takes immediate action to verify the security. Gmail accounts allow for easy access to IP logs to determine if it has been compromised – here is a link you could pass along: https://www.groovypost.com/howto/check-gmail-login-activity/
One recommendation I have for your firm is to also take this opportunity to update your firm passwords, procedures, etc. The hackers now know your office handles large wires, so you are a target yourself and I would not be surprised to see your firm systems attacked. Just a little good news to start off the weekend.
From: MR X
Sent: Friday, March 3, 2017 8:36 AM
To: Troy Crawford <tcrawford@lawyersmutualnc.com>
Subject: Re: Wire fraud
Thanks Troy. I notified him last night to change his passwords as his account had been compromised. Thankfully, the one paralegal who I trust to handle wires knows to look out and is overly cautious. This wire was only for going to be for $19,000, but it could have been a gateway fraud attempt. We get fished multiple times daily. Agents get mad because I will not join their DocuSign or dotloop groups, but we do not open any links period. If you want to send me a contract, do so by pdf or drop it by the office. I also get multiple “contracts” weekly from people needing cash deals done quickly, but the e-mails are usually a .ca or .uk extension and always involve clicking a link to get the contract. I am even getting e-mails asking me to review a HUD for an upcoming closing and surprise, I have to click a link to review it. It is a battle every day...
