1) Fraudsters use spoofed email so learn to spot it. Although there are a number of ways to spoof email, it can be as simple as this. The email address of Lawfirm@aol.com is changed to Lawfirm@aoi.com or Mark.Bassingthwaighte@RECompany.net is changed to Mark.Bassingthwaite@RECompany.net.
2) Security basics are a must. Avoid the use of free web-based email. Always delete unsolicited email from unknown parties. Never open spam or any attachments contained therein. Keep your firewall, operating system and security software current. Most importantly and wherever able, use multi-factor authentication on all email and financial accounts.
3) Establish a policy on wire transfers and couple that with appropriate training of everyone who could be involved in a wire transfer. Mandate the gathering and verification of contact information from all parties involved at the outset of representation and prohibit the use of any other non-verified contact information during the course of representation. The most important provision of the policy would be the implementation of a process whereby all wiring instructions are confirmed by use of this previously verified contact information.
4) Everyone should be trained to be suspicious and learn how to spot wire fraud scams. Underscore the necessity of remaining vigilant at all times. Everyone should know to look for inconsistencies with email such as various email addresses in use or different spellings of a name. Requests for money to be sent to an account that is not in the name of the seller, not in the jurisdiction where the seller is, or are urgent in nature should always be questioned. Finally, remind everyone that just because the grammar and spelling looks great, that doesn’t mean the email is legit. Scammers have spell check too and many of these scammers draft very well written emails.
5) All last-minute changes requesting that funds be transferred by a different method or to a different account should be treated as suspect. The request should never be followed until verified by contacting the person purportedly making the request through the use of previously verified contact information.