The Malaysian Bar has recently been informed by several law firms that their identities and credentials were impersonated. This has prompted the Bar to review several notifications received by the Malaysian Bar Professional Indemnity Insurance (“PII”) Scheme Insurer regarding the impersonation of Members of the Bar (“Members”) and their firms. Hence, this I-RiskAlert is issued to inform Members of recent methods employed by imposters. These methods are outlined below:
(1) Cloning of Virtual Phone Systems
Cloning of virtual phone systems involves the imposter cloning the firm’s phone number. This is used to falsely represent the call coming from a law firm and to gain the trust of preyed-upon victims.
Case Study: The imposter cloned the firm’s office number to call unsuspecting victims, alleging that they were an employee of the firm. The imposter then claimed that the recovery of debt owed to the bank (for example, credit card debt) from the victims must be paid within a certain period of time. If the victims failed to pay the debt within the stipulated time frame, the imposter threatened them that the bank would instruct the firm to take legal action.
(2) Identity and Document Impersonation via Messaging Applications
Impersonation involving forged identity and documents circulated via messaging applications.
Case Study: In a recent incident, an unknown person falsely represented himself as a lawyer of the firm by using the name and photograph of one of the firm’s lawyers to communicate with members of the public. The imposter further reinforced the deception by providing a purported “Dokumen Perwakilan Khas” bearing the firm’s logo and the forged signatures of several of the firm’s lawyers, despite the document having been created and circulated without the firm’s consent or knowledge.
(3) Impersonation on Social Media Platforms
Impersonation involving imposters posing as lawyers or their firms on social media platforms.
Case Study: In one incident, the imposters created fake advertisements on social media platforms, falsely offering legal services such as claiming affiliation with cybersecurity organisations offering fund recovery services. These imposters then preyed on unsuspecting victims by privately messaging them using the lawyer’s identity to misrepresent that the lawyer is able to assist them in recovering their money. They created fake business cards bearing the lawyer’s name and firm details. They also prepared a forged document titled “Dokumen Perwakilan Khas”, using the firm’s letterhead and falsified signatures of the lawyers and witnesses. Unfortunately, there has been one victim who fell prey to the said imposters and transferred funds to them.
(4) Employment-Related Fraud and Misuse of Address
Fraudulent job offers are made using a firm’s address to make the scam appear legitimate. Such offers were intended to mislead recipients into believing that the commission-based employment opportunities were legitimately connected to the firm.
Case Study: In one incident, individuals were approached via a messaging application with fraudulent job offers, in which these imposters claimed to act on behalf of the firm and used the firm’s address for correspondence. Victims were promised commissions for completing tasks, such as purchasing products from provided links.
The firm was alerted of the impersonation when contacted by the victim’s sister to verify the legitimacy of the offer after a certain amount of money had been transferred, but no commission had been received.
In the light of the increasing prevalence of impersonation targeting Members and their firms, lawyers are encouraged to adopt proactive risk management measures to safeguard their practices, clients and the integrity of the legal profession. The following are the recommended measures that Members may implement:
(1) Reporting Phone Cloning and Spoofing Incidents to the Relevant Authorities
In the event that a Member’s or their firm’s number has been publicly associated with scam activities and impersonation, the Member or their firm is encouraged to notify their telecommunications provider and report the incident to the relevant authorities, such as the Malaysian Communications and Multimedia Commission (“MCMC”). The Member or their firm should also consider issuing a scam warning on their website to inform the public of the incident that has happened to the firm.
(2) Being Cautious of Free or Public Wi-Fi Networks and USB Ports
Before connecting to any free or public Wi-Fi networks or USB ports, Members should assume that the network and port may be unsecured or malicious. Free or public Wi-Fi networks and USB ports, such as those in cafés, airports, hotels, or shopping centres, can be manipulated by perpetrators to intercept communications, harvest login credentials, or inject malware.
(3) Enhancing Cyber Security Measures
Firms are encouraged to strengthen cybersecurity measures, including the use of strong password policies, multi-factor authentication, system updates and regular password changes. Staff should be trained to identify phishing attempts, suspicious links and unusual changes to email addresses or payment instructions; not to click on any suspicious links; and to ensure all devices are logged out of all messaging applications connected to the web.
(4) Managing Social Media Presence
Firms are encouraged to regularly review their firm’s online presence, including websites and social media platforms, to ensure information is accurate and up to date. Firms may also consider monitoring for fake profiles or pages impersonating the firm or its Members and taking prompt action to issue scam alerts or warnings to the public on such profiles. Upon identifying these fake profiles or pages, firms may also report them directly to the relevant social media or online platform and request their removal. Additionally, lodging official complaints with regulatory authorities, such as MCMC or law enforcement, can help escalate takedown requests and enforce action against fraudulent profiles or pages.
(5) Internal Awareness and Staff Training
Regular training should be conducted for lawyers and support staff on common fraud tactics, including phone spoofing, document impersonation and social engineering scams. A well-informed workforce is the critical first line of defence against impersonation attempts.
Nevertheless, the above is not an exhaustive list. Members are encouraged to adopt additional precautionary measures that are tailored to their specific practices and risk profiles, and to constantly be vigilant.
Notify the PII Scheme Insurer and the Malaysian Bar immediately if you believe that you have become a victim of impersonation, which could lead to a possible claim against you and your law firm, in addition to these imposters tarnishing your reputation and integrity.
As stated under Clause 12 of the Certificate of Insurance, notifications of any known claim or notifiable circumstances must be made in writing as soon as possible to the PII Scheme Insurance Broker within 60 days of awareness, to:
Aon Insurance Brokers (Malaysia) Sdn Bhd
Level 10, Tower 3, Avenue 7
The Horizon, No. 8, Jalan Kerinchi
Bangsar South, 59200, Kuala Lumpur
Telephone : +603 2773 7059
Email :
malaysianbar@aon.com
If you require clarification or have any suggestions regarding professional indemnity and risk management, or have an issue with a claim or the services of the PII Scheme’s insurance broker, please contact the Malaysian Bar Professional Indemnity and Risk Management Department by telephone at 03-2050 2001, or by email at
pirm@malaysianbar.org.my.