The Canadian arm of global legal giant Dentons fell prey to a sophisticated scam that resulted in the inadvertent transfer of $2.5m in client funds to a fraudster's Hong Kong account, according to a court ruling in Canada.

A description of the elaborate con, which affected Dentons Canada in early 2017, came in a 11 December decision by Judge Carole Brown of the Superior Court of Justice for Ontario. Brown is considering a dispute between the law firm and insurer Trisura Guarantee Insurance over whether Trisura must cover a little more than $1.73m in losses that Dentons claimed after the cyber incident. The judge ultimately found that she didn't yet have enough information to determine the proper insurance coverage and pushed for further proceedings.

Dentons Canada spokeswoman Neetisha Seenundun said in a statement on Tuesday that the insurance case arose from "a subrogated claim brought by one of our insurers against another". As for the breach, Seenundun said, it "was caused when a third party's computer system was breached, arming the fraudsters with knowledge of the details and timing of the underlying transaction, and allowing them to impersonate employees of the third party".

Dentons was affected by the breach amid a real estate transaction that members of the firm's Vancouver office worked on, according to the Canadian court ruling. In early 2017, after the real estate deal closed, associate Wilfred Chan was supposed to arrange for some $2.52m to move from Dentons' trust account to Timbercreek Mortgage Servicing, which held a mortgage on the property that was sold.

Before the transfer, however, Dentons received emails from people who appeared to be affiliated with Timbercreek. The emails indicated that one of Timbercreek's accounts was subject to an audit and asked for Dentons to send the money to an international account in Hong Kong, held by a third party called Yiguangnian Trade, according to Brown's decision.

Following that, the Dentons side attempted to verify, leaving a voicemail at Timbercreek and seeking letters of authorisation from the mortgage servicer and the Yiguangnian entity. Although Dentons didn't receive a phonecall back, it did receive what appeared to be authorisation letters from Timbercreek and Yiguangnian. The law firm then went ahead with the transfer, sending the $2.52m to the Hong Kong account, according to the court ruling.

A couple of weeks later, Chan heard from the real representatives of Timbercreek wondering what happened to the wired funds, and the Dentons lawyer realised the money had been misdirected into a scam account. The law firm managed to recoup about $785,000 on its own, but then put in an insurance claim with Trisura to cover a remaining amount of about $1.73m. The insurer, however, denied coverage on the grounds that the situation didn't fall under a computer fraud rider to Dentons' insurance policy.

Seenundun, the Dentons Canada spokeswoman, said on Tuesday that the firm has not been targeted by the phishing scheme at any other point, and provides "extensive training" to its lawyers and employees on cybersecurity issues.

"The training is updated and repeated annually," she said. "Participation is mandatory [for] all Dentons partners and employees. Although no firm policies were breached, we have however adjusted the training to highlight the hallmarks of this kind of fraud."

Dentons is not the first large law firm to be impacted by a cyber breach. In June 2017, DLA Piper suffered a ransomware attack that took down phones and computers at the firm's offices in multiple countries.

Around the same time as the DLA hack, IT security provider LogicForce released survey results showing that more than 200 firms had been the targets of attempted hacks between 2016 and 2017. About 40% of the firms in the LogicForce survey weren't even aware of breaches that affected their computer systems.

|

Read More:

DLA Piper Isn't Alone – 40 Percent of Law Firms Unaware of Breaches