Dentons Lawyer Wired $2.5 Million to Scam Bank Account in Elaborate Con
According to a court ruling, an associate in Vancouver was duped into wiring the money to a Hong Kong bank account by fraudsters with knowledge of the firm's work on a real estate deal.
January 23, 2019 at 01:00 AM
4 minute read
The original version of this story was published on The American Lawyer
The Canadian arm of global legal giant Dentons fell prey to a sophisticated scam that resulted in the inadvertent transfer of $2.5 million in client funds to a fraudster's Hong Kong account, according to a court ruling in Canada.
A description of the elaborate con, which affected Dentons Canada in early 2017, came in a Dec. 11 decision by Judge Carole Brown of the Superior Court of Justice for Ontario. Brown is considering a dispute between the law firm and insurer Trisura Guarantee Insurance Co. over whether Trisura must cover a little more than $1.73 million in losses that Dentons claimed after the cyber incident. The judge ultimately found that she didn't yet have enough information to determine the proper insurance coverage and pushed for further proceedings.
Dentons Canada spokeswoman Neetisha Seenundun said in a statement Tuesday that the insurance case arose from “a subrogated claim brought by one of our insurers against another.” As for the breach, Seenundun said, it “was caused when a third party's computer system was breached, arming the fraudsters with knowledge of the details and timing of the underlying transaction, and allowing them to impersonate employees of the third party.”
Dentons was affected by the breach amid a real estate transaction that members of the firm's Vancouver office worked on, according to the Canadian court ruling. In early 2017, after the real estate deal closed, associate Wilfred Chan was supposed to arrange for some $2.52 million to move from Dentons' trust account to Timbercreek Mortgage Servicing Inc., which held a mortgage on the property that was sold.
Before the transfer, however, Dentons received emails from people who appeared to be affiliated with Timbercreek. The emails indicated that one of Timbercreek's accounts was subject to an audit and asked for Dentons to send the money to an international account in Hong Kong, held by a third-party called Yiguangnian Trade Co. Ltd., according to Brown's decision.
Following that, the Dentons side attempted to verify, leaving a voicemail at Timbercreek and seeking letters of authorization from the mortgage servicer and the Yiguangnian entity. Although Dentons didn't receive a phone call back, it did receive what appeared to be authorization letters from Timbercreek and Yiguangnian. The law firm then went ahead with the transfer, sending the $2.52 million to the Hong Kong account, according to the court ruling.
A couple weeks later, Chan heard from the real representatives of Timbercreek wondering what happened to the wired funds, and the Dentons lawyer realized the money had been misdirected into a scam account. The law firm managed to recoup about $785,000 on its own, but then put in an insurance claim with Trisura to cover a remaining amount of about $1.73 million. The insurer, however, denied coverage on the grounds that the situation didn't fall under a computer fraud rider to Dentons' insurance policy.
Seenundun, the Dentons Canada spokeswoman, said Tuesday that the firm has not been targeted by the phishing scheme at any other point, and provides “extensive training” to its lawyers and employees on cybersecurity issues.
“The training is updated and repeated annually,” she said. “Participation is mandatory by all Dentons partners and employees. Although no firm policies were breached, we have however adjusted the training to highlight the hallmarks of this kind of fraud.”
Dentons is not the first large law firm to be impacted by a cyber breach. In June 2017, DLA Piper suffered a ransomware attack that took down phones and computers at the firm's offices in multiple countries.
Around the same time as the DLA hack, IT security provider LogicForce released survey results showing that more than 200 firms had been the targets of attempted hacks between 2016 and 2017. About 40 percent of the firms in the LogicForce survey weren't even aware of breaches that affected their computer systems.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllAs a New Year Dawns, the Value of Florida’s Revised Mediation Laws Comes Into Greater Focus
4 minute readThese Law Firm Leaders Are Optimistic About 2025, Citing Deal Pipeline, International Business
6 minute readData Breaches, Increased Regulatory Risk and Florida’s New Digital Bill of Rights
7 minute read'So Many Firms' Have Yet to Announce Associate Bonuses, Underlining Big Law's Uneven Approach
5 minute readTrending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250