Updated: Nov. 25, 2024

Counterfeit Check Scam

According the FBI, a counterfeit-check scheme is targeting law firms engaged in collections work by deceptively contracting their services to ultimately defraud them. It may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc. This scenario continues to be replayed as part of a sophisticated scam that targets collections lawyers and the scope is constantly evolving.

How the Scheme Works:

  1. A law firm is contacted regarding representation in an alleged debt collection matter by what appears to be a legitimate prospective client.
  2. The law firm agrees to help and sends a demand letter to the alleged debtor.
  3. The Debtor immediately agrees to pay the debt and sends what appears to be a valid cashier's check to the law firm.
  4. The law firm deposits the check into their client trust account and transfers the value to the Creditor via wire, less any legal fees agreed upon.
  5. The law firm's bank then discovers that the check is actually fraudulent and the trust account is charged back the value of the check.
  6. Because the wire has already been sent to the Creditor, the law firm is left to suffer the financial loss.

Variations of the Scheme

Though the structure of the scheme is primarily the same, there can be some variation regarding the reasoning for the debt and engagement of services as well as the types of fraudulent checks.

In one common scenario, the subject alleges to be collecting a debt from a family member through marriage. The debtor's name is usually something innocuous and common, likely to increase the chances of someone by that name residing in the victim's area.

In another variation, the alleged debtor is a business and the purported dispute is over a workplace injury complaint. The name of a legitimate global technology company is currently being used in this type of scheme. However, in these scenarios, the victim may be a genuine business who is themselves a victim, or a fraudulent business designed by the subject to facilitate the scheme.

Many of the cashier's checks involved in this counterfeit check scam are seemingly drawn from a genuine Canadian bank, likely increasing the time it takes to verify the validity of the check and available funds.

The creditor is also often located internationally, which is used to assist the scheme by offering justification for delayed communication and/or other excuses the subject employs throughout the scheme.

How to Protect Yourself

Be suspicious of requests or pressure to take action quickly. A number of potential victims were able to successfully identify the fraudulent check by adhering to policies which required a delay or hold on the funds until confirmation that the debtor's check had indeed cleared into their client trust accounts.

Consider additional financial security procedures, such as two-step verification or telephone calls (subjects tend to prefer written correspondence), to verify transaction details and identity information, prior to wiring funds.

Contact your financial institution immediately and request that they contact the financial institution where any wire transfer was sent to determine if it is able to be recalled or the funds frozen in the deposit account.

The FBI requests victims of an internet crime file a complaint with the Internet Crime Complaint Center at www.ic3.gov.

.

Phishing. Not Your Dad's Favorite Pastime

Phishing is category of online scams. Cybercriminals use deceptive tactics to trick individuals into sharing sensitive information, such as usernames, passwords, credit card numbers, or other personal details. Often disguised as legitimate communications from trusted entities, phishing attacks human vulnerability rather than relying solely on technical hacking skills. The schemes typically start with an email, text message, or social media post that appears to be from a reputable source like a bank, government agency, or popular service provider. These messages often use persuasive language, invoking urgency or fear to compel immediate action.



Types of Phishing

Email Phishing. Cybercriminals send mass emails designed to appear legitimate, often addressing the recipient with vague greetings like "Dear Customer. "

To avoid being a victim, be cautious of messages with urgent or threatening language.  Check the sender's email address for discrepancies. Fraudsters often use addresses that resemble legitimate ones but with subtle differences (e.g., support@amzon-service.com).

Spear Phishing. A more targeted attack, where scammers gather personal information to create a convincing, tailored message.

To avoid being a victim, watch out for suspicious links, and do not click them.  Hover over links to preview the URL before clicking. Look for misspellings or unfamiliar domains in the URL.

Smishing. Phishing with SMS text messages.

To avoid being a victim, a

Vishing. Voice phishing, where attackers use phone calls to solicit sensitive details. 

To avoid being a victim, verify claims from unknown callers. If a caller claims to be from a bank or service, contact the organization directly using official contact methods.

Clone Phishing. Replicating legitimate emails but swapping links or attachments with malicious ones.

To avoid being a victim, enable two-factor authentication to add an extra layer of security to your accounts by requiring a second verification step, such as a code sent to your phone. Regularly update your operating system, antivirus software, and web browsers to protect against vulnerabilities.

The fallout of a phishing attack can be devastating, leading to identity theft, financial loss, and unauthorized access to personal or professional accounts. Businesses may face data breaches, reputational harm, and regulatory fines. Stay informed about new phishing tactics and share this knowledge with friends and colleagues. Install browser extensions or email filters that detect and block phishing attempts. If you suspect phishing, report it to your email provider, company IT team, or a relevant authority like the Federal Trade Commission (FTC).

.

New FTC Tool Designed to Protect Consumers

The Federal Trade Commission (FTC) in October 2020 launched ReportFraud.FTC.gov, a new consumer-friendly fraud-reporting portal that aims to better protect consumers by identifying and foiling new scams sooner. Consumers can report anything from government imposter scams to phony weight-loss claims, abusive debt collection, and deceptive auto sales, along with all sorts of unwanted phone calls, text messages, and emails. And the FTC wants to hear about them all. Read more about the new tool on WSBA's NWSidebar blog.

.

Reported Fraud Schemes Affecting the Public and Legal Profession

As a service to our members and the public, the WSBA provides information about reported scams targeting lawyers, legal service providers and legal services consumers. The Bar does not have authority to investigate these scams. Fraud schemes may be reported to the Washington State Attorney General's Office, The Internet Crime Complaint Center (IC3), or Federal Trade Commission.

.

Fake Lawyer Discipline Complaints

Targeted population: Lawyers in several states

What to expect: Email pretending to be from state bar with link or attachment asking lawyer to respond to a complaint. Link is ransomware and may make all data on the computer inaccessible or compromise client data until a fee is paid.

More information

.

Tax Software Update Phishing Scam

Targeted population: Tax Professionals

What to expect: Emails sent to tax professionals pretending to be from tax software company. Emails offer link to "software update, " but actually installs a key stroke tracker.

More information

.

Real Estate Wire Instructions Scams

Targeted population: Lawyers and other holding real estate transaction funds

What to expect: Email with last-minute change in escrow funds wiring instructions. Email appears to be from a person legitimately involved in the transaction, but is actually from a hacked email account. The money could be wired to the hacker's bank account.

More information

.

Jury Duty Scam

Targeted population: Lawyers and public nationwide

What to expect: Email with link or attachment or phone message demanding payment or personal information to quash an arrest warrant issued for failure to appear for jury duty.

More information

.

Court Appearance Data Scam

Targeted population: Lawyers and public nationwide

What to expect: Email with subject line "Urgent court notice NR#73230 (or another random number), " attaching a fake hearing notice. If you open the attachment, it may download a virus to your computer.

More information

.

Counterfeit Check Scam (IOLTA)

Targeted population: Lawyers

What to expect: Prospective client contacts lawyer, often for debt collection matter. Lawyer receives what appears to be valid cashier’s check from reputable bank — supposedly settlement funds from the debtor (often a real company). Or the client sends a check for more than the agreed fee. After the lawyer deposits the check, the client asks the lawyer to wire the funds, less the fee, (or refund the overpayment) to a foreign bank. The lawyer wires the funds and then learns the cashier’s check was fraudulent.

Washington State Supreme Court Clerk Scam

Targeted Population: Washington Residents with Hispanic Last Names

What to Expect: Phone call demanding money and threatening arrest. Callers pose as the Washington State Supreme Court Clerk. The Supreme Court will never threaten people with arrest or demand payment.

More Information (This article courtesy of Washington State Office of the Attorney General)

Severance Checks

Targeted Population: Lawyers

What to Expect: A prospective client sends an e-mail claiming to be a former employee of a real company who has not received a severance check. The email to the lawyer may contain attachments that could include an employment letter, termination letter, severance agreement, and an email string discussing payment of severance. The reported scams have been virtually identical, with different severance amounts. This scam is currently active during the COVID-19 emergency. 

 

More Information:

Evolving Scams: Don't Let Your Guard Down (This article courtesy of the Oregon State Bar Professional Liability Fund)

Scammers Target Labor Lawyers (This article courtesy of the Florida Bar)

Ransomware Attacks

Targeted Population: Law Firms

What to Expect: Hackers send e-mails containing attachments that contain "ransomware." Details of the e-mails are unknown. Hackers have stolen data, threatened to release the data unless paid, and published the data on the internet. 

More Information: Ransomware Attacks Hit Three Law Firms in Last 24 Hours (This article courtesy of Robert J. Ambrogi)