13 Resources for Protecting Data – Courtesy of the FTC

With data breaches in the news on an almost daily basis, how do you protect your law firm’s assets? What advice should you give to your clients?

The FTC offers a list of 13 data security resources to help you get started. From mobile apps to digital copiers and shutting down spam, there is a ton of good advice to be culled from these posts and PDFs: Continue reading

You and Your Clients Remain Vulnerable to Scams

In the July issue of the OSB Bulletin, Leonard DuBoff and Christy King offer new advice regarding the latest scams plaguing lawyers:

For example, one of the newer scams involves someone posing as a real estate buyer and contacting a mortgage broker or real estate houseagent instead of a lawyer. The broker or agent then refers the buyer to a lawyer, not realizing that the purported buyer is really a scammer. The attorney often knows the mortgage broker or real estate agent and so doesn’t question the legitimacy of the transaction. A variation on the scam occurs where the scammer asks a lawyer in one area of the country to provide a referral to a lawyer in a different region. Some scammers assume the identity of actual attorneys in order to perpetrate the fraud. They claim to be referring a client — often themselves — for claimed legal assistance.

Learning about the latest scams is one way to keep on your toes.  Here are some others:

All Rights Reserved Beverly Michaelis (2013)

Telephone Scam Hits Washington Lawyers

The Oregon State Bar is warning lawyers of a telephone scam underway now in Washington:

Scam Alert
OSB members:  The Washington State Bar Association is warning its members about a telephone scam in which callers claiming to represent the bar are asking its members for personal information. These calls are not from the WSBA. Although we have no reports of similar calls in Oregon at this time, it has happened in the past and could recur. If you receive such a call do not reveal any personal information.

Posted on the OSB home page August 12, 2013.

Law Firm Falls Victim to Scam, Sued by Bank

If this headline doesn’t catch your attention, I’m not sure what will. Here is Sharon Nelson’s latest post on Ride the Lightning:

“It continues to amaze me how law firms fall for phishing scams, sometimes believing that they might have a potential client and sometimes, as here, clicking where they shouldn’t click. The latest law firm is Wallace & Pittman PLLC in North Carolina who reportedly got scammed to the tune of over $300,000.00. And it only went downhill from there.

The scam started with a batch of e-mails in May supposedly from an industry group saying that a transaction hadn’t cleared properly. These e-mails directed readers to click on a link to resolve the problem. Apparently, someone at the law firm did, which allowed hackers to install a keylogger on at least one law firm computer.

After figuring out the law firm’s online banking passwords, the hackers directed their bank, Park Sterling, to send a $336,600.01 transfer through JPMorgan Chase & Co. to a “Konstantin Pomogalove” in Moscow, according to a legal document filed by the law firm. As soon as the law firm received a confirmation of the transaction, it called the bank to cancel it, but it was too late. The bank initially refunded the stolen funds to the law firm’s account.

Later, the bank demanded the funds be returned. State and federal law does not compel banks to restore funds lost through fraudulent activity for commercial customers so long as the bank has reasonable security in effect.

But before the bank could debit the fund, the law firm obtained a restraining order against the bank, removed its funds and closed the account, igniting a lawsuit by the bank.

Park Sterling argues in court papers that Wallace & Pittman did not use an extra layer of security that would require two people to authorize wire transactions and that the request looked legitimate. It also said its customer agreement with the firm places the burden of loss on the customer.

Though the firm uses wire transfers regularly for real estate transactions, this was the first to go outside the country which the firm argues should have raised suspicion enough to put a hold on the transactions. Unsurprisingly, the firm questions the security practices of the bank.

Trial is scheduled for the fall.

There are conflicting cases on whether banks can be held liable, though most have found that they can be, putting a higher burden on information security for banks. My initial take, without having all the facts, is that a bank which suddenly received a high-figure transfer out of the country from a firm which has never done that before should sure as heck have flagged the transaction as potential fraud. And Wallace & Pittman needs to institute two-person authorizations and do some serious employee training!”

Learn how to avoid falling victim to such scams by attending “Protecting Your Firm and Your Clients from Fraud, Scams, and Financial Loss” on May 16 at the OSB Center. Registration open now – visit the PLF Web site > Upcoming Seminars.