Assisting Lawyers

Have a query? Call the Helpdesk
PII & RM: +603-2050 2001
BCM General Line: +603-2050 2050
Marsh Insurance Broker: 
     +603-2723 3241 /3388
Font size
  • small text
  • medium text
  • large text

Practice Alert: Legal Firm Scammed into Releasing Client’s Money to Fraudster (Circular No 137/2014)

Circular No 137/2014
Dated 1 July 2014

To Members of the Malaysian Bar

Practice Alert: Legal Firm Scammed into Releasing Client’s Money to Fraudster

It has come to Bar Council’s attention that a legal firm has been scammed into releasing its client’s money to a bank account based on information by a fraudster. 

The legal firm received instructions by telephone to transfer balance monies to a bank account purportedly belonging to its client (hereinafter referred to as “Account ABC”).  This was subsequently confirmed in writing, through email.  All checks and verifications with the client were confirmed through email correspondence.

It is believed that the fraudster intercepted the legal firm’s emails by hacking into the email accounts of the legal firm and the client.  The fraudster then posed as the client and provided instructions for the money to be transferred to Account ABC.  The fraudster also provided information believed to have been extracted from previous email correspondence between the legal firm and the client, to bolster the fraudster’s credibility as the purported client.  This led the legal firm to believe that it was dealing with its actual client.

The actual client later called the legal firm to enquire about the proceeds.  Upon being told of the payment that the legal firm had made, the client asserted that no instructions had been given to transfer money to Account ABC, and the client had not received any money.

The police are currently investigating the matter.  

Members of the Bar are urged to be wary of communications involving emails, particularly any request, which relies on email, to transfer funds.
                                     
What Can You Do?

Some protective measures that Members can implement include:

(1) Verify instructions in person

It is best to verify instructions that are received, particularly those involving financial transactions, in person or by telephone.  If conflicting or unusual instructions are given subsequent to an earlier verification by email, confirm the instructions again in person or by telephone.  Do not rely solely on email communications for verification.

(2) Check the sender’s email address

Some free email providers do not automatically display the sender’s email address unless the user expands the “From:” field in the header section of the email.  If your dealings with your client are by email, make it a habit to always check the “From:” field to ensure that emails you receive are actually being transmitted from your client’s email address.  If the address appears unusual, always speak to your client to verify the email!  Do not reply to that email address.

(3) Know your client

Some fraudulent schemes may be perpetrated with the help of a client.  Run a background check first if you are dealing with a client you are not familiar with.  Refer to the 100-Point Identity Checklist on the Praktis website.

(4) Prevent hacking!

Boost your Internet security settings by taking these quick steps:

(a) Use safe email practices - Check that your firm’s email settings have the requisite security settings, such as encryption of emails.  If you are using a web-based free email provider such as Gmail or Yahoo Mail, ensure that your emails are encrypted using Secure Sockets Layer (“SSL”) technology.  SSL-encrypted web pages can be identified by the little padlock icon displayed on the browser page or by the fact that the URL begins with “https” rather than “http”[1].  It is not advisable to send emails, especially those containing sensitive information, over open or public Wi-Fi connections, as these connections are unsecured and may be vulnerable to hacking activities.

(b) Keep software up to date - Vendors of operating systems or software applications often issue updates to fix existing vulnerabilities.  Update your operating systems and browser software regularly to ensure that you have the latest security settings.[2]

(c) Install anti-virus programmes - Ensure that your firm has a good anti-virus programme installed in computers to prevent the use of malware and spyware.

(d) Change your password - Modify your password regularly for greater security.  When choosing a password, it is best to use a mix of alphabetical and numeric characters, as well as symbols, for added security.  Avoid using the same password for different accounts.

Members of the Bar are reminded to be vigilant and to report suspected or confirmed scams to Bar Council by sending an email to the Professional Indemnity Insurance and Risk Management (“PII”) Department at pirm@malaysianbar.org.my.  

Should you have any enquiries, please contact the officers of the PII Department by telephone at 03-2032 4511 or by email at pirm@malaysianbar.org.my.

Thank you.

Ragunath Kesavan
Chairperson
Professional Indemnity Insurance Committee

 

[1] Adapted from Tony Bradley, “Top Secret! Keep Your E-Mail Private and Secure” (PC World, 30 November 2010), accessed on 30 June 2014.

[2] Adapted from “Keep Security Software Up To Date” (Stay Smart Online), accessed on 30 June 2014.