A case currently before the Ontario courts highlights the importance of fraud and cybercrime awareness for both seasoned solicitors and newly-called lawyers.
In Dentons Canada LLP v Trisura Guarantee Insurance Company 2018 ONSC 7311, an associate from the applicant law firm attempted to transfer over $2.5 million to clear a mortgage on his client’s property. Instead, he was duped into transferring most of the funds to a fraudster.
In the written endorsement, Justice Carole J. Brown reviewed the agreed upon facts. The firm received instructions on December 28, 2016 from the mortgage holder, Timbercreek, and the transaction closed two days later on December 30. However, the firm did not initiate the wire transfer until after New Year’s Day, on January 3, 2017.
On January 3, 2017 the firm received emails purportedly from Timbercreek representatives requesting that the funds be wired to an international account, as Timbercreek’s Canadian account was being audited. The firm telephoned Timbercreek and left a voicemail to confirm the instructions but the representative did not respond.
The firm then received further emails, purportedly from Timbercreek, which included the international account information for a third-party account in the name of Yiguangnian Trade Co. Ltd. in Hong Kong. The firm requested letters of authorization from Timbercreek and Yiguangnian, which were provided. The firm then transferred the funds to the Yiguangnian account.
The firm was able to recover almost $800,000 of the transferred funds, and therefore made a claim with its insurer for just over $1.7 million.
The insurer denied coverage for the loss, in part on the grounds that the transfer by the firm on January 3, 2017 was not the result of fraud. The insurer argued that no computer was used to fraudulently transfer funds because the transfer itself was not fraudulent. Furthermore, the firm had declined coverage for social engineering fraud, which, according to the insurer, meant that the firm had no reasonable expectation of coverage for social engineering fraud and losses.
Justice Brown found for the insurer on the motion and ordered that the application be converted to an action.
Fraud and Cybercrime Awareness
While a final decision on the merits of the dispute has not yet been reached, the facts alone emphasize an important lesson for Ontario lawyers: fraud, phishing, ransomware and cybercrime schemes such as this one are getting more creative as technology advances. Ontario lawyers have to continue to be vigilant of the latest scams and techniques to ensure that both their interests and those of their clients are protected.
As in this case, fraudsters could even be timing their scams around the winter holidays to take advantage of out-of-office clients and counsel. They are capable of successfully faking correspondence and written authorizations from sophisticated parties.
While there are numerous fraud-prevention resources that should be regularly consulted by practising lawyers, below is a non-exhaustive list of tips and common red flags according to LAWPRO:
- Beware when the client changes instructions regarding amounts or payees just before closing;
- Beware when dealing with clients or others by email—always follow up with phone calls or in-person meetings to confirm important details;
- Beware when the transaction area is distant from your office;
- Cross-check names, addresses and phone numbers of clients and others involved in the matter;
- Reverse search phone numbers;
- Ask the bank to confirm that wire transfer details and cheques are legitimate; and
- Contact companies to confirm they are expecting a payment or business loan.
Generally, if you have even the slightest suspicion that you may be a target, proceed with caution, ask questions and dig deeper. Do not assume that it will never happen to you, as lawyers can be prime targets for sophisticated fraudsters.
Any article or other information or content expressed or made available in this Section is that of the respective author and not of the OBA.