Commercial Insights Business Solutions

Learn ways to help protect your organization from evolving fraud schemes and implement procedures to help mitigate losses.
Mar. 25, 2024 8-minute read

Law firm phishing scam alert

  1. An attorney receives unsolicited email correspondence, typically from a business or individual located overseas, seeking legal representation. The prospective client claims to be owed a significant sum of money from a business that is located in the same city or state as the attorney.
  2. Once the attorney has formally agreed to represent the client, the fraudster sends the attorney a cashier’s check drawn on a U.S. bank, accompanied by a letter purportedly from the U.S. business, stating that the check represents a payment to satisfy the debt owed to the attorney’s overseas client.
  3. The fraudster then emails the attorney, directing him or her to deposit the check and wire transfers the proceeds (less the attorney’s fees) to unrelated third-parties.
  4. The counterfeit cashier’s check is subsequently returned, unpaid, to the attorney’s bank. The account is debited the amount of the counterfeit check and any overdraft is the responsibility of the attorney. Attempts to recover funds wire transferred to the third-parties are almost always unsuccessful.

  • Conduct as much due diligence as possible on potential clients – particularly those who correspond solely via email, and are located overseas.
  • Request documentation that adequately identifies the parties involved, and the reason for the debt.
  • Independently verify the business’s telephone number and location.
  • If the debtor is a local business, contact the company to confirm the debt.
  • Be wary of demands to the deposit check and quickly wire the funds out of the account. Fraudsters rely on the attorney’s good standing with their bank to provide immediate funds availability.
  • Contact the bank that issued the cashier’s check to determine if the item is authentic.
  • Contact your banker for guidance if you suspect part or all of the transaction may be fraudulent.

Check fraud alert

Cybersecurity attack alert


Business email compromise

Wire fraud

  • Fraudulent email requests are often well-worded and may be based on previous legitimate emails.
  • The email address may look identical to your legit counterpart so do not let this fool you. Make sure to contact the individual directly with a phone number you have on file.
  • Phrases “code to admin” or “urgent wire transfer” are common.
  • Email may provide an alternate phone number, advise that the sender is traveling, or otherwise unavailable to discuss verbally, but can be reached through email.
  • Fraudulent request amounts are similar to normal business transaction amounts.

  • Establish internal communication procedures (e.g., verbal authentication), to verify transaction requests, particularly any requests to a new beneficiary as well as employee requests.
  • Do not confirm a request using information contained in the email which you are trying to validate. Authenticate all wire remittance change requests from vendors via a phone call to a known contact or known number. Be suspicious of requests that pressure you take action quickly, are to foreign beneficiaries that are not consistent with historical requests, or to a beneficiary name different from the vendor.
  • Implement dual controls which requires two employees to initiate a transaction or transfer, ensuring the success of the process does not rely upon the actions of one sole person.

Join the conversation

Find the insights that matter to you

Explore more helpful resources