CybersecurityAttorney Impersonation Emails

If you or your business is in the middle of a lawsuit, watch out for impersonated attorney emails. Hackers are targeting law firms with wire scam emails and stealing thousands of dollars in client settlement funds.

Cybercriminals are sending these scam emails to the different people involved in legal proceedings including law firm employees, clients, banks, and other third parties.

How do attorney impersonation email scams work?

  1. A law firm employee clicks on a phishing email link or attachment.
  2. Malware enters the employee’s device and infiltrates their email account.
  3. The hacker monitors the account for months and waits until they see emails mentioning sending or receiving settlement funds.
  4. The hacker spoofs the attorney’s email address and sends a request to wire funds to a different account. For example, if the attorney’s email happens to be, a spoofed address might read
  5. The hacker may call posing as the law firm to say the wire transfer details are correct.
  6. The recipient wires the funds to the hacker’s account believing it is going to the law office. The hacker then clears out the account.
  7. The recipient discovers the scam after the law office says they did not receive the funds.

We would hate to hear that someone scammed you out of hundreds of thousands of dollars. Or, that you are the compromised law firm and are responsible for paying back the stolen funds.

How can your organization manage wire payments securely?

  • We strongly recommend signing wire instructions in person with an attorney present. Otherwise, encrypt all emails that contain wiring instructions.
  • Before wiring money, call the law office that is receiving the funds to review the account details. After you send the payment, confirm the payment arrived in their account.
  • Do not accept changes to wiring instructions, especially if the sender insists on receiving the funds immediately. Consider this request as a major red flag.
  • On email communications, particularly ones dealing with wiring funds, examine the return email address and double-check for any misspellings. If the email address is even one letter off, it is a spoofing email.
  • Look out for careless details in emails including misspellings, poor grammar, writing style changes, and fuzzy-looking logos.
  • If you believe you fell for a wire fraud scam, contact the bank immediately to reverse the payment. Also, file a police report and a complaint with the FBI’s Internet Crime Complaint Center (IC3) at

What cybersecurity best practices should you follow?

  • Scan your devices with anti-virus and anti-malware software weekly.
  • Keep your device operating systems and applications up to date.
  • Change your passwords for email, workstations, mobile devices, and document management systems regularly.
  • Use multi-factor authentication on your email accounts. For example, if you use Office 365, you can have a one-time code delivered to your phone.
  • Watch out for phishing emails and do not click on attachments and links from senders you do not know. If you did this already, put in a support request at or 877-794-3811 so one of our technicians can scan your device.

If you have any questions about defending against wire fraud emails, you may contact us at 877-794-3811 or

Also, if you would like additional cybersecurity protection, we can discuss our Security as a Service offering, which includes email security, web security, enterprise anti-virus/anti-malware protection, ransomware protection, intrusion prevention, and security monitoring. More details are here.

InfoSec Institute. BEC Attacks: How Attorney Impersonation Works. (2018, May 10). Retrieved from:
Lawyers Mutual. End of Year, Be on High Alert for Scams. (2016, December). Retrieved from:
Crawford, T. What Happens in a Wire Fraud Scenario. (2018, May 24). Retrieved from.
Aon Attorneys Advantage. A Victims of Social Engineering Fraud: A Trend You Do Not Want to Follow. Retrieved from:
Crain’s New York Business. The five red flags of wire fraud. (2018, September 21). Retrieved from: