Notice to lawyers
August 21, 2024

Two ransomware attacks and two funds transfer frauds.  Here are the details:

Ransomware attacks

  1. A small BC law firm fell victim to a ransomware fraud with cybercriminals demanding immediate payment of over US$150,000 in Bitcoin. Unfortunately, this firm does not have cyber and privacy insurance that LIF arranged through Coalition Inc, because it did not rectify network vulnerabilities that were identified by Coalition in 2022. The firm will have to deal with this ransomware attack on its own. 
  1. A sole practitioner was hit with a ransomware attack arising from unauthorized access to her network. Fortunately, the lawyer regularly backed-up her client information. However, the disruption and aggravation of dealing with this attack has been immensely taxing on this sole practitioner.

Funds Transfer Frauds

  1. A controller at law firm A received an email request from law firm B to make payment of an invoice, in the amount of $40,000, for certain consulting services that law firm B had provided. The controller did not phone law firm B to verify the legitimacy of the payment instructions. If the controller had made a call to verify the instructions, the fraud would not have succeeded, and it is too late now to claw back the funds. Moreover, because the money was paid from the firm’s general account and not client funds, coverage was not available for a “Trust Shortage Liability” claim under Part C of the LIF policy.
  1. A sole proprietor in the Interior narrowly escaped a funds transfer fraud. The lawyer represented a client in a civil litigation matter and reached a settlement. He received an email requesting that the settlement funds be paid to a specified Canadian bank account. The email appeared to come from opposing counsel but was actually from the fraudster. Unfortunately, phone verification was not done. The good news is that the lawyer quickly discovered the fraud and immediately requested the bank to claw back the funds, which the bank has done. 

The two ransomware incidents prove that cybercrimes are absolutely not only a problem for big firms; the fear, stress, and disruption caused to a small firm cannot be overstated. Even if operations are restored, it is often not known if client information has been stolen or if it will be exposed later. The $15,000 deductible on the Coalition policy can also be a significant, unplanned expense.

The two funds transfer frauds are typical of what we have seen time and time again. And while it is undoubtedly irritating to have to verify all payment instructions by phone, it is the easy – and only – way to avoid these frauds. 

What can you do? Awareness, vigilance and training are key to cyber security. You should:

  1. Constantly educate yourself and your staff about preventing and detecting cyber fraud. Have all your staff read the Notices we send out.
  1. Confirm you have a funds transfer verification process in place. Never use the contact information provided in the instructing email (or confirming letter), and use our checklist. If you are not personally making the phone call to verify instructions, review a completed checklist on every payment before the funds leave your account.
  1. Do not rely on email communication to complete the secondary verification because – as we have seen – the email purportedly from your assistant confirming that verification has been completed may actually come from the fraudster.
  1. Make your computer network as secure as you can. Ask your IT professional to regularly test for vulnerabilities and talk to them about security, including: 
    • Using Coalition Control – (coalitioninc.com/en-ca/bclaw/control) to actively monitor your risks.
    • Multi-factor authentication – Ensure two pieces of information are required to access email or your computer network. If a criminal acquires only one, your computer network may still be safe.
    • Routine backups – Regularly back up your systems and secure your information to a location that is separately secured from your network.
    • Email security – Email is the single most targeted point of entry into an organization for a criminal hacker. Talk to your IT professional, Coalition, or your other cyber insurer about measures including SPF, DKIM, DMARC, and an anti-phishing solution to protect your domains against abuse in phishing or spoofing attacks.
    • Password management – Create strong, unique passwords for each account. Change them regularly and never share passwords with anyone. Encourage employees to use a password manager.
  1. Ensure that your firm has network security and privacy liability insurance, either through Coalition or on your own, or a combination of both. In addition to the financial benefit such insurance provides, the specialized guidance from the insurer in the immediate aftermath of a security or privacy breach can be invaluable because the experience can be terrifying.

How can you check if your firm has coverage under the Coalition policy?

Your firm’s Designated Representative can access a current Certificate of Insurance for the Coalition policy as follows:

  1. Log into the Law Society's Member Portal.
  1. Scroll to “Law firm information.”
  1. Click on the link that is your firm’s name.
  1. Click on the tab that says “Cyber Insurance” for your firm’s certificate.

If a certificate for the firm does not exist, the firm does not have Coalition’s coverage. If this is unexpected, take action right away to obtain coverage. Firms that have previously allowed their Coalition coverage to lapse can always join the program again if they have resolved their network security vulnerabilities.

If you think you have been a victim of a funds transfer fraud:

  1.  Immediately notify your bank of the fraud and request a claw-back of the funds;
  1. Contact your IT department and cyber insurer (Coalition or other) to ensure the fraudster is not still lurking in your system; and
  1. Report any potential loss of client trust funds to LIF (under Part C of your policy) and the Law Society (Rule 10-4).

Find out additional information here about funds transfer frauds.

For the latest updates from LIF, follow us on X @Lifbc.