New Zealand Law Society - Verify emailed payment instructions, says Law Society

Verify emailed payment instructions, says Law Society

This article is over 3 years old. More recent information on this subject may exist.

Lawyers and law firm staff should ensure they check and verify all payment instructions received by email, the New Zealand Law Society says.

There are now many instances of fraudsters and hackers using internal email in law firms to attempt to steal money through fake transfer requests.

The Law Society says it is vital that all instructions which involve the payment or transfer of money should be verified by a means other than email, such as phone or personal contact.

One recent example received in a New Zealand law firm shows how the fraud operates. All names of those involved in the law firm have been changed. The attempted fraud was detected from the email address showing in the third email which purported to come from the requesting lawyer.

First email

From: Sarah Youngblood [a partner in the firm]
To: Rory Older [a member of the accounts team] 
Subject: International 

Are you in office?

Sarah Youngblood
Partner 

Second email

From: Rory Older
To: Sarah Youngblood
Subject: RE: International 

Of course

Rory Older, Accountant

Third email

From: Sarah Youngblood [mailto:wor.k@aol.com]
To: Rory Older
Subject: Re: International 

I need a transfer payment to be processed today. Can you handle that now?

Fraud detected

At this stage it became clear that the two emails which appeared to come from Sarah Youngblood did not. The email address was wrong - but there are instances where this has been overlooked, and - certainly in some overseas jurisdictions - money was transferred (and lost) through staff acting purely on the emailed "instructions". The next step is usually an instruction to immediately transfer a sum of money to a specified bank account (always outside New Zealand).

Clients involved

Similar frauds have been used in the name of clients, requesting a lawyer to transfer money from a transaction to a bank account. All highlight the importance of always verifying emailed instructions through another means, the New Zealand Law Society says.

Further information

The Law Society provides information on frauds which are reported to it by lawyers. These include the use of client email to target lawyers and other spoofing emails internally in law firms.