Update: Original post updated at noon on March 8 to include a great tip from Andy Mikell.
The 2018 Legal Malpractice and Risk Management Conference took place earlier this week in Chicago. I didn’t attend, but followed the Twitter updates.
Two tweets caught my eye. Each relates to trust account scams. I thought I’d use them as teaching tools. Consider these tweets as messages from a substitute teacher in your legal ethics class.
The message: be VERY, VERY, VERY, VERY careful when wire instructions change.
Jennifer Groszek is an attorney & VP at Pro Quest Insurance. Per the company’s leadership page, Jennifer provides risk management and claims prevention services. Yesterday, Jennifer tweeted this from the LRRM Conference:
Andy Mikell is State Manager & Title Counsel at Vermont Attorneys Title Corporation. He’s also a former member of the VBA’s Board of Managers and, perhaps the most important feather of the many in his cap, a friend of this blog. With respect to Jennifer’s point on 2-factor authentication, Andy notes:
- “We are telling folks that the ONLY appropriate 2nd factor authentication method is for the ‘Wiring Firm’: (a) to initiate the verification call; (b) to a phone number that they independently obtained/verified. In other words it is NOT acceptable: (a) to receive a confirmatory phone call or (b) to call a phone number in the email which contains the requested wire change.”
Andy’s point is crucial. Initiating the call is key because scammers can trick your caller ID into showing a number that you think to be the client’s. Further, a last-minute change in wire instructions that’s accompanied by “oh, and i have a new phone number too, please call it to confirm” should set off alarms even if you don’t have any alarms.
Excellent points from folks in the field.