Your IT pro is your best friend, but can’t always protect you from fraud.

Last week I was confronted with another example of how valuable excellent IT professionals can be for practicing lawyers.  As routinely happens, our firm’s spam filter trapped a significant number of emails last Wednesday. Because legitimate email sometimes gets wrongly blocked or filtered, our IT folks also review what gets caught in the filters.  Last Wednesday, our IT gurus noticed an email that, if given the benefit of the doubt, could potentially be a legitimate effort by a lawyer in another state to share with me a document through a well-known online document sharing service.

I was asked by our IT department if I recognized the sender and whether the email address being used was legit.  I did and it was, but there were still enough peculiarities about the details of the email that the IT folks were skeptical about whether it was legitimate or the result of hacking or spoofing.  Although this lawyer might very well have a reason to be in touch with me (I do have a blog read regularly by perhaps a dozen people after all), I had to admit that I wasn’t expecting to hear from this lawyer.  I agreed to send a new email to the person explaining what had transpired on our end and asking “did you mean to send me some documents through [high-profile service],” fairly quickly, a response came back from the person’s email address that was short and sweet:  “Yes i did.”

Now I was distracted by other aspects of what I was doing along with dealing with this issue and I really had not focused on the fact it was a little early in this person’s part of the world for them to be sending the first email and the fact that the response email was a little too pithy to be consistent with their personality, but the folks who handle IT for a living at our firm have a much more singular focus and not only weren’t distracted but were still quite concerned about details of the email and, most particularly, that one of the links in the email appeared to be pointing to an IP address in French Polynesia rather than to anything affiliated with the document sharing service.  Relying on that person’s expertise, it was easy for me to agree that it was more likely that the intruder who had hacked into this person’s email was sufficiently in control to be drafting replies sent to the email account then than (edit: and thx to a loyal reader for catching the error) that the lawyer had really tried to share a document with me using a file sharing service.

I’m relatively tech savvy and would like to think that, even without the involvement of the IT professional, I would never have clicked on a link that when hovered over didn’t look right, but having such high-quality IT folks in my corner made sure that I never even had the opportunity to make that mistake.

Unfortunately, not every situation is one where your IT folks can protect you from falling victim to fraud.

Much has been written online about financial scams targeting lawyers.  A few better pieces available online discussing various aspects of these issues can be found here, here, and here.  Gone are the days when such scams were as easy to see through as the Nigerian Prince emails.  Instead, common current scams involve contacts from companies that on paper actually exist  and that want to hire you to pursue litigation against someone who owes them money or to pay you to defend them in a case where they are accused of owing someone else money.  Once you agree to be hired, the case then quickly settles and the settlement proceeds flow through your trust account and you are instructed to quickly send the proceeds, minus payment for yourself of course, to the party owed the money under the settlement agreement whether that is your client or the other party (depending on the variation of the scam being deployed).  Any lawyer that acts too quickly, however, comes to find out that the funds were no good – money orders forged or wires reversed or checks bounce – and the lawyer is left holding the bag and trying to get out from under a hellish trust account deficit and inquiries from disciplinary counsel about RPC 1.15 compliance.

One iteration of this scheme involving forged money orders, shell companies on both sides controlled by the fraudsters, and with an interesting twist also involving hacking and spoofing of law firm email accounts can be studied in this story today from the ABA Journal and the indictment of a Texas lawyer who was on the criminal side (rather than the victim side) of such an endeavor.

In the unforgettable words of Roy Trenneman from The IT Crowd: “People.  What a bunch of bastards.”