Ride the Lightning

Dentons Canada Associate Duped Into Transferring 2.5 Million To Fraudster

January 28, 2019

As the ABA Journal reported on January 23rd, an associate at Dentons Canada was duped into transferring more than $2.5 million into a fraudster’s account, according to an opinion by an Ontario judge in an insurance coverage dispute.

The Dec. 11 decision by Judge Carole J. Brown in Dentons Canada v. Trisura Guarantee Insurance Co. said the Vancouver-based associate sent the money from a property sale to a Hong Kong bank account after he received emails asking him to do so. The emails appeared to have been sent by a mortgage company representative and two bank officials where the mortgager had an account.

Dentons Canada sought a declaration that its insurer had a duty under a computer fraud rider to reimburse about $1.7 million, the amount of money it was unable to recover after it realized it had been scammed. Brown, an Ontario superior court judge, didn’t rule on that point because broader insurance coverage issues had to be resolved.

The fraudster had sent emails to the associate in early January 2017 advising that money from the property sale should be wired to Hong Kong because of an audit of the mortgage company’s account. Dentons called the mortgage company, Timbercreek Mortgage Servicing, to confirm the Hong Kong account information but did not receive a call back, according to Brown. Subsequent emails provided the international account information.

Dentons also requested authorization letters and received what it thought to be real authorizations from Timbercreek and the trading company that had the Hong Kong account. The funds were transferred.

When the associate heard from the real Timbercreek representative in mid-January 2017, he realized the funds had been misdirected, Brown said. Dentons Canada spokeswoman Neetisha Seenundun said the fraudsters had obtained details about the underlying transaction in a breach of a third party’s computer system. The breach allowed the scammer to impersonate employees of the third party.

Seenundun said Dentons provides extensive annual training on cybersecurity issues, and participation is mandatory for all partners and employees.

“We have not been targeted by this scheme on any other occasion,” Seenundun told the Law Times, “although it is public knowledge that other law firms have been, as the Law Society of B.C. has issued alerts regarding this fraud to its members.”

Several points here. There is no question that Dentons Canada is serious about employee training and cybersecurity in general. And yet the firm still got duped. Clearly, the required mechanisms for approving wire transfers need to be enhanced in some way and I have no doubt that the firm has taken appropriate measures.

Second, the firm is quite right to point out that many, many firms are targeted in exactly this manner. What makes me crazy is that some firms will not put policies, practices and training in place to defend against this kind of fraud.

Third, we are hearing more and more about insurance firms denying coverage on all sorts of grounds in cases involving wire fraud and other cybersecurity issues. Don't have coverage? You need it. And make sure the policy states its coverage clearly because too many cases are ending up in court.

Last, note that the fraudsters had gotten details about the transaction at issue from a breach of a third party's computer system. This is very common – and must be accounted for in your fraud defense strategy.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson