The Phony Direction to Pay

Another social engineering scam that may target you and your trust account is the “phony change in payment instructions” scam with respect to an existing file. In this situation, unlike the bad cheque scam, the client is who they say they are, at least in the beginning. However, along the way, a scammer learns about the timing of an expected payment to your client, and sends you a convincing email, redirecting the funds to them. Believing the email is from your client, you transfer funds to the scammer and create a trust shortage. Below are some examples of how this can happen.

  • You act for a client with respect to a wrongful dismissal claim. You receive legitimate funds in trust from your client’s former employer for a settlement. The scammer, assuming your client’s identity, instructs you via email to wire the settlement funds to an account that the scammer will access. Further emails from you go to the scammer instead of your client. Often your client’s email address and the scammer’s address are similar, but with one small change that could easily be missed (e.g., one letter or number different). The scammer may set up email rules so that all emails between you and the client (even with the client’s correct address) are redirected to the scammer. The scammer may also telephone your firm or invite the firm to call the number in the scammer’s email.
  • On the other hand, a scammer may assume your identity. The client or a third party (e.g., a solicitor acting for another party to the transaction) who is sending you money for a matter (e.g., money for a conveyance), receives an email that tells them to wire the funds to the scammer’s account, rather than to your trust account. By the time that you find out that you never received the funds, the money is long gone. 

Canadian law firms have fallen victim to the phony change in payment instructions scam and faced hundreds of thousands of dollars in trust shortages, funds which they are professionally obligated to replace (Rule 1526 – Duty to Eliminate a Trust Shortage and to Report to the Society). If you are about to pay out trust funds, and you receive new or changed payment instructions electronically from your client, assume that a hacker is impersonating your client behind the scenes. 

  • STOP, and ensure that the new or changed instructions are legitimate by making in-person or phone contact with your client. 
  • Remember to use the number that your client or the third party initially provided to you, not a number provided in the email, for any telephone contact.


The Phony Direction to Pay Within Your Law Firm

This social engineering scam is similar to the phony change in payment instructions scam. In this scheme, scammers usually pose as individuals working in your own law firm. The fraudster “spoofs” another lawyer’s or senior staff’s email address (may be senior accounting staff), to make it appear that the email was from the individual whose name is displayed in the “From:” line. Sometimes a lawyer is away on vacation, and the imposter, knowing this, uses the information for the pretext that the vacationing lawyer is unable to perform the task while away. Commonly, the imposter asks the recipient of the email (usually a more junior lawyer or other staff member) to transfer funds from trust to a client or to purchase gift cards for a client from the firm’s general account. The guidance to protect yourself is similar to the phony change in payment instructions:

  • If you receive an email direction to pay from someone at your law firm, double-check by speaking with the individual. 
  • Do not rely on the telephone number in the email. 
  • Consult your staff directory.

If your accounting staff’s names and contact information are on your website, consider removing them from public view. Once a scammer knows a staff member’s name, it is easy to figure out their email address because every address will presumably have the same domain name, e.g.,