Lawyers, clients warned take care with emailed instructions
MEDIA RELEASE – For immediate use, 30 September 2014
Lawyers and clients warned to be careful with emailed instructions
The New Zealand Law Society is warning lawyers and clients of lawyers to be extremely careful with taking and issuing instructions by email.
This follows recent instances where a law firm or client’s email system has been hacked and false instructions issued by the hackers.
New Zealand Law Society Financial Assurance Manager Jeremy Kennerley says this shows that lawyers should be wary of relying on an emailed instruction without verification in some other reliable form.
“We may see a rise in the use of faxed confirmations, which is a bit ironic given that many lawyers have been getting rid of their old fax machines,” he says.
“If a lawyer receives a client email asking them to carry out a transaction, our advice is for the lawyer to try and have a direct phone conversation with the client to confirm the instruction. This could be by phone or by Skype, especially if the lawyer knows the client.”
He says the clients of lawyers should also take care as there have been instances where law firm email systems have been taken over by criminals.
In one case, the hacker had control of the client’s and lawyer’s email and instructed the lawyer to deposit funds in a specified account which was controlled by the hacker.
The hacker then used the lawyer’s email to advise the client that everything was under control and to reassure the client about the delay in the deposit being credited to the client’s account. This bought time for the hacker to make off with the funds.
“If a client is not going to be easily contactable by phone but wants to issue instructions, another suggestion is to verbally agree on a ‘safe’ or ‘code’ word or phrase which can be used in the email to verify identity and authenticity.”
Mr Kennerley says the Law Society’s advice to lawyers and clients communicating with them is that they should assume the emails they receive may not be genuine, unless they are using an encrypted system.
However, even encrypted email is only as safe as the password used, he says.
“Any suspected breach or suspicious email should be reported to the Police, and lawyers should also advise the Law Society.”