The Bite, the Bank, and the Barrister: Lawyer-Targeted Scams
With her husband in the hospital fighting Covid-19, Vista attorney Natalia Taylor* saw the email requesting legal assistance with a gruesome dog bite as a gift from God.
“My husband wasn’t working because of COVID-19 and I was stressed,” Taylor said, “so, I wondered if this was a blessing from above.”
The self-proclaimed dog bite victim wrote Taylor that he was visiting San Diego with his wife on vacation and all of a sudden, a vicious dog attacked him.
“He said the owner of the dog was nice and had insurance and said he would cover it,” Taylor said. “He said he had to have surgery and sent photos of the dog and the homeowner’s info, who isn’t paying now and isn’t answering his phone. He even had a letter from the guy accepting liability. There were really gruesome photos of the bite, too.”
To help recover the man’s medical expenses and other damages, Taylor, who focuses her solo practice on family law, partnered with a solo civil litigation attorney, whose husband was also having health issues.
“It sounded like a really good case, basically, like a slam dunk case,” Taylor said. “The person had insurance and was accepting liability. I thought maybe this is God’s way of blessing us so we don’t have to focus on our finances and we can focus on getting our husbands better.”
Unfortunately, Taylor’s case was not a blessing but a new variation on a client trust account scam that has targeted lawyers for decades. It presents as a legal matter requiring the assistance of a lawyer. Then, the lawyer is duped into wiring real funds from their trust account after depositing a fake check received as payment from the other party, who is also part of the fraud.
Earlier this year, the State Bar of California warned about the newest variation of the scam in its social media posts. According to the State Bar, fraudsters are using the urgency of the COVID-19 pandemic to pose as representatives of a medical equipment company who are looking for an attorney to draft a lease agreement.
“After agreeing to do the work, you receive a cashier’s check, which you deposit in your trust account,” the State Bar says on its website. “The client asks you to make a wire transfer from your trust account to another account. After you have wired funds as directed, you learn that the cashier’s check was fraudulent, your trust account is now overdrawn, and you are liable to the bank for the deficit.”
Within the SDCBA, 66% of new attorneys who responded to a 2021 New Lawyer Division poll said they have been targeted by scammers, 50% said they have fallen, at least initially, for a scam, and 11% said they lost money to the scammers.
MaryAnn McIntyre, a strategic banking partner at San Diego-based Axos Bank, said she has seen many IOLTA accounts targeted by such scams and that, depending on the size of the fraud, it can be devastating to some attorneys.
“In a lot of countries cyber fraud is a respectable job,” McIntyre said. “You put on a suit, kiss your children goodbye, and you’re off to the office to execute fraud schemes in the U.S.”
These scams run the gambit from phishing to spoofing and even identity theft.
The State Bar says in typical phishing schemes, fraudsters posing as regulators, clients, and law enforcement agencies urgently request information by email, phone, fax, or text to get access to email accounts and client information. The State Bar has even had reports of fraudulent calls from someone claiming to be at the State Bar requesting contact information, which it says appear to be phishing attempts.
A new lawyer in San Diego who has been practicing for less than two years said she was the target of a spoofing scam, where a scammer sends an email with a disguised sender address that appears to exactly match another person’s email address.
“I was asked by a senior attorney to go to the store to buy gift cards to give at an upcoming presentation,” the attorney said. “She said she was in a meeting so she could not call. The email came directly from this attorney’s email, not an email that was similar.”
While the attorney thought it was weird her senior attorney would ask an associate to do this, she thought it made sense because she knew the attorney was participating in a meeting at that time. Not being able to call didn’t seem off to her.
“It wasn’t until I asked what kind of gift cards that I knew for sure it was a scam,” the attorney said. “They wanted four $100 Google Play and eBay cards. I figured if she was giving them away at a speaking event, they’d be much smaller. Then, as I didn’t respond, the texts became more abnormal and desperate, which was very obvious. Having received the email from the senior attorney’s correct email was the weirdest part.”
As it turns out, technology allowing scammers to spoof email addresses is readily available.
“The ‘From’ field in your email is not that sacred,” explained James Giles, a certified information systems security professional who works as a cybersecurity engineer in Encinitas. “You don’t even need sophisticated tools to do this. It’s easy, super easy, so no problem for scammers.”
But Giles says there are ways to combat spoofing.
“[Executing a scam successfully] is much more complicated where the sender and receiver have keys shared between them,” Giles said. “Or, have an email encryption program that will tell you this might have come from a spammer, which would probably get filtered out at the server level, or, it will say ‘external’ so you should be more suspicious of it.”
Felicia Hernandez, a five-year attorney in San Diego, said she once received emails that included a link from an apparent opposing counsel, and also from a nonprofit that looked very similar to legal aid, purportedly attempting to share documents for a “mutual case.” Because she realized that it was not someone she knew, she did not click on the link.
These types of links are the real danger with phishing and spoofing scams, Giles warns.
Giles also cautions attorneys to watch out for scammers who want to speak or work through intermediaries, particularly money transfers such as wire transfers or PayPal where you can make an international monetary transfer and you can send money before it can be verified. Before doing any money transfer, you should verify the person that you’re talking to by calling and speaking to them directly, Giles urges.
Family lawyer Taylor discovered her dog bite client was a fraud when she couldn’t get him on the phone.
“All of a sudden, he told me, ‘I got (the dog’s owner) to settle, you just need to deposit the check, take your percentage, and then I’ll get my money.’”
The quick resolution raised the a red flag, so Taylor and her partner drew up a release of liability letter saying they would deposit the check and hold it for a few days and then when it cleared they would send the client his portion.
The client refused to sign the release. The pair tried to set up a phone conference with the client, but he cancelled by email.
Taylor’s frustration with the client avoiding phone calls, coupled with the stress of her husband’s illness, led her to reach out to her sister-in-law for help, and with one Google search, the scam was discovered.
“She typed in the client’s name and ‘dog bite’ and it came up,” Taylor said. “Basically, the same exact scam; the only thing that would change sometimes was the name.”
Taylor says she took the check to the bank to make sure it was fake, which the bank confirmed, and then emailed the client to let him know the jig was up.
“For a while I was saving (the email) like a souvenir,” Taylor said. “Like, ‘The time I got scammed.’”
The State Bar of California offers addition information on scams targeting lawyers and where to report if you think you’ve been a victim of one at https://www.calbar.ca.gov/Attorneys/Fraud-Alert.
*Name changed to protect attorney’s privacy.