News and Information
May 24, 2017

ALERT: Compromised E-mail/Wire Instructions Fraud Continues to Target Real Estate Attorneys

The North Carolina State Bar first alerted North Carolina lawyers to the compromised e-mail wire instructions fraud scheme in April 2015. Unfortunately, over two years later, North Carolina lawyers, and at least one Virginia real estate lawyer, continue to fall prey to this scam, causing millions of dollars of losses to clients and law firms. Information about this scam is available through title insurance companies (such as Investors Title’s W.I.R.E. brochure and checklist), malpractice insurance carriers (Lawyers Mutual has published numerous articles and videos), and other cyber security websites. Here is a recent article about the scam and how it affected a couple in North Carolina. This video is a chilling reminder of the devastation this scam can bring to your clients.

In 2011 FEO 7, the North Carolina State Bar’s Ethics Committee opined that a lawyer has “affirmative duties to educate himself regularly as to the security risks of online banking; to actively maintain end-user security at the law firm through safety practices such as strong password policies and procedures, the use of encryption and security software, and the hiring of an information technology consultant to advise the lawyer or firm employees; and to insure that all staff members who assist with the management of the trust account receive training on and abide by the security measures adopted by the firm.”

The opinion specifies that lawyers must stay educated on current cyber security risks to prevent client harm and avoid potential disciplinary action. Failure to implement reasonable security measures to protect entrusted funds can cost a lawyer financially and professionally. In fact, the North Carolina State Bar is aware of numerous instances where lawyers spent hundreds of thousands of dollars of their own money reimbursing clients for losses caused by this scam, instantly wiping out a career’s worth of retirement savings.

Virginia lawyers are required to pay attention to the benefits and risks associated with relevant technology and shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, confidential client information.  See Comment 6, Va. R. Prof. Conduct 1.1 (competence) and Va. Rule Prof. Conduct 1.6(d)(confidentiality of information).  Comment 21 states that law firms should keep abreast on an ongoing basis of reasonable methods to protect confidential information including periodic staff training and evaluation of procedures for data security; policies to prevent departing employees access to confidential client information; procedures for security measures when third parties access confidential firm data; procedures for secure storage and backup of electronically stored confidential data; use of strong passwords and other authentication measures when users log on to law firm networks; and the use of hardware and/or software measures to prevent, detect and respond to malicious software and activity.

Updated: May 24, 2017