by LAWPRO

In the nineteenth century, American journalists and law enforcement coined the term “confidence artist” to describe a form of fraud that preys on the trust and credulity of its target. The form these frauds took was always changing but relied on the good faith of the target and either a promise of profit or a warning of impending losses to encourage co-operation.

Examples are legion: In the early 1920s, Charles Ponzi defrauded investors of millions of dollars by purporting to invest the money of trusting “marks” in a “postal reply coupon” arbitrage scheme that didn’t exist. In 1925, an Austrian con artist by the name of Victor Lustig fraudulently “sold” the Eiffel Tower to a Parisian scrap metal business—the following year, he attempted to do it again.

Modern examples are often less metallurgical, more technological. Online scams such as “Nigerian Prince” emails may be easy to spot, but sophisticated variations and alternatives can be surprisingly convincing to even the most careful victim.

Today in Ontario, lawyers are often targets of these frauds, sometimes taking the form of sophisticated variations on classic “confidence artist” techniques. Fraudster clients take advantage of their lawyer’s trust by involving them in a fraudulent mortgage scheme. Alternatively, the “confidence client” may provide their lawyer with a cheque pertaining to a supposed transaction, have the lawyer hold the funds in trust for a very short period, then, explaining that the deal has fallen apart in some way, ask for the funds to be returned—less legal fees. All of this will happen quickly before the lawyer realizes the client’s original cheque bounced, and the lawyer has now erroneously transferred money out of trust. Or fraudsters may target the confidence of a law firm’s staff member by using spoofed email addresses of a managing partner, requesting the employee’s assistance to immediately purchase and email “gift cards” to the fraudster for seemingly legitimate business purposes.

To help lawyers better understand these growing threats and how to avoid them, LAWPRO hosted a virtual CPD event along with the Toronto Lawyers Association focused on cyber and homeowner impersonation fraud targeting lawyers. Juda Strawczynski (JS), and LAWPRO’s Vice-President Public Affairs, Ray Leclair (RL), were joined by Mouna Hanna (MH), Partner at Whitelaw Twining, to talk about recent fraud efforts targeting lawyers and provide “survival tips” to prevent successful frauds from occurring.

The following are edited highlights from that conversation.

What are the common forms of cyber fraud targeting lawyers?

MH: In the last year alone, LAWPRO has seen firm losses from fraud ranging anywhere from $200,000 to $4 million. In a typical claim involving wire fraud, what we see is a hacker who gains access to legitimate email conversations between a lawyer and their client, or between two lawyers discussing a transaction, and the fraudster will linger within the system and watch the conversations. Eventually they will insert themselves into the conversation and begin impersonating one or both sides of the conversation. They may use your email application’s rules or settings to automatically filter legitimate responses from clients or opposing counsel into hidden folders, so the lawyer only sees spoofed emails or communications created by the fraudster themselves. Once the fraudster controls the conversation, they will reroute funds in a transaction to a bank account they control. This may be by altering documents within the computer system itself, or by emailing “new” wire instructions. Often these hackers will continue the façade even after a wire has occurred to give them enough time to get the money out of the receiving account.

Typically, someone within your firm will have received a fraudulent or phishing email, clicked a link or attachment, and inadvertently provided access to their computer. From there, the hacker can obtain the employee’s passwords and gain access to secure internal systems. If firms aren’t using Two Factor Authentication (2FA), they not only leave themselves open to fraudsters impersonating their clients this way, but also the threat of ransomware. Ransomware and wire fraud is a big problem from a cost perspective and is not typically covered under a firm’s professional insurance policy.

My top tip for firms is always to use 2FA, which is the process whereby you’re authenticating your login to your computer or online account using two systems. One may be a password, and the other may be an application on your phone, so that only someone who both knows the password and has access to that specific phone will be able to log in.

The good news here is that banks have been on top of wire fraud recently. If you catch it early enough, the bank may be able to trace back the funds. But what we’re finding is that banks are requiring you to issue an application or claim against the bank for a tracing order to retrieve the funds. So, it’s still complicated and expensive, even if the fraud can be unwound. LAWPRO recently provided an article on “What to do if money is diverted to a fraudster’s account.”

JS: If a wire instruction comes in by email, calling the person on the other side, using contact information that is stored outside of the email chain itself because the fraudster may have altered that info, is key to avoiding these sorts of fraud attempts. We’ve recently seen some close calls where lawyers receive a last-minute wire redirection, and because they’ve made note about our recent warnings about these sorts of frauds, they’ve contacted the bank, or the other side of the transaction, and discovered that the wire redirection was fraudulent. These close calls can save a lawyer hundreds of thousands of dollars that they could be on the hook for if the money leaves their trust account.

What is happening with homeowner impersonation fraud in the real estate market?

JS: Many people in the real estate realm are seeing significant increases in property owner impersonation fraud. Private mortgage fraud especially seems to be the “flavour of the day.” This is a situation where fraudsters are securing private mortgages against properties that they don’t own, or even selling the property to unsuspecting buyers, by pretending to be the owner. Once the proceeds of the mortgage or sale get directed to them, they disappear with the funds. It’s a complex and costly matter trying to undo these transactions.

RL: With institutional mortgages, there are often a number of safeguards and procedures in place to prevent fraud. Private mortgage lenders are a common target because fraudsters are always looking for the low-hanging fruit. While many private mortgage lenders have sophisticated systems in place to screen files for red flags, many others don’t. Some lenders jump at the opportunity to lend money and make a supposed great return and are then susceptible to this type of fraud where you have someone purporting to be the owner but is running a complex impersonation scheme.

How do they convince people they own these properties? They use Google or the Multiple Listing System (MLS) to obtain pictures of the property. They often target Airbnb properties so that they can rent the property and take personal photos inside, or bring an appraiser, banker, or lawyer to the property to assuage any ownership concerns.

Some years back, the police arrested an individual with 13 cell phones on him. On the back of each cell phone was the name of a “character” so he could pretend to be the mortgage broker, the banker, the borrower, and so on, depending on which phone rang. It can be quite sophisticated.

JS: LAWPRO is also seeing situations where the homeowner impersonation has been used on a sale. Usually in these cases, the true owner of the targeted property is not living in the residence at the time. These may be snowbirds or people who split their time between different locations. By the time the lawyer is involved, the fraudster may already have a sale in progress, and the lawyer is merely asked to paper what appears to be a legitimate transaction.

What red flags are of concern for homeowner impersonation frauds?

RL: If you get a large number of referrals from a new source, such as a broker or agent, it can be tempting to jump into a supply of new business. But a series of similar transactions over a small timeframe can be a sign of danger.

Rushed transactions should be of concern. They may be legitimate, but you need to know the reason for the rush. You should be asking your client to explain why they are proceeding with the transaction and why they are insisting on a short timeframe. If the client doesn’t want title insurance, it may be because they don’t want the scrutiny that comes with a title insurance policy. If their photo identification doesn’t look quite right, you need to dig deeper. In any situation where the client is dictating to you how you do your legal work, you should be asking questions.

JS: Which brings us to our next tip: Know your client. Ask your client lots of questions. If you’re acting for a purported vendor, a good question is “Why are you coming to me? Why are you not using the lawyer you used when you bought the property? What changed?” But don’t stop there, ask them how they found you, why they chose you.

Recently we’ve been seeing things that should give lawyers pause. For example, if the client claims to own a property in downtown Toronto, but they retain a lawyer in Barrie, that needs explanation. We sometimes see people retaining counsel where there is no rational connection between the property’s location and the lawyer. The client may have an answer for that, perhaps they spoke to a former client, or they liked your website online, but there needs to be some sort of explanation and lawyers shouldn’t be afraid to press their clients for it.

You should also inquire with the client as to why they are selling the property at this time. How did they determine the price? How does the price compare to neighbouring properties on MLS? A client should be able to happily and trustingly tell their lawyer why they came there, what their intention is, and the history of the transaction.

How should lawyers confirm their clients’ identities?

JS: Sometimes real ID is being used for fraud. We’ve seen cases where the actual homeowner has lost their ID or it’s been stolen, and that makes its way to fraudsters who pose as clients. More often, though, it’s fake IDs that are being used.

For starters, you can always check a driver’s licence on the Ministry of Transportation’s website. You can enter the licence number online to see if it matches what is on the licence itself. Sometimes fraudsters use a legitimate licence number but swap out the phone number or the name. We’ve seen cases where a fraudster uses the same photo on multiple pieces of identification. That is an obvious red flag because each piece of ID should have a different photo— probably taken at different times or even in different years.

RL: You need to take the time to look at the ID. Photocopying it and putting it in a file is not good enough. You need to take the time to compare images on different IDs, compare the information on the ID with other available sources. Think about the information on the ID: Does the provided date of birth make sense? Meet with the client in-person, if possible, to confirm their appearance.

MH: We often use the words “identify” and “authenticate” interchangeably, but they are different. You can identify yourself with a statement such as “I am Mona Hanna.” Authentication takes it further and involves verification of the claim of identity.

There are also a number of third-party platforms that can be used to independently verify client IDs. Examples include Verified.Me, Vaultie, Treefort, or TransUnion. Generally, you can expect these programs to provide you with a digital process to identify and authenticate a client before you meet with them.

RL: One other thing to note: Unfortunately, individuals are not the only ones having their identity stolen. Corporations continue to have their ID stolen under the new Interior Business Registry. We still see situations where fraudsters file false documentation with the registry changing the directors and officers of a corporation as well as the location of corporate headquarters. They can then falsely act on behalf of the corporation to buy or sell property, as they are now the officer or director of record.

To watch the full CPD discussion which is eligible for 1.5 hours of LSO professionalism and LAWPRO’s Risk Management Credit visit practicepro.ca/CPD.