ALIAlert: Compromised Lawyer Email Leads to Fraudulent Bank Transfers

December 16, 2025 ◆ Alberta Lawyers Indemnity Association

An Alberta law firm was recently the target of a fraudulent scheme resulting in the theft of trust funds.

ALIA is reminding lawyers to stay vigilant and practice good cyber-hygiene after an Alberta law firm was recently the target of a fraudulent scheme resulting in the theft of trust funds.

The law firm was the victim of multiple fraudulent Electronic Fund Transfers (“EFT”) from its trust account over a three-day period. EFTs were not authorized by the firm. The firm became aware of the scam when a lawyer was contacted by a recipient bank to verify a further EFT request.

After investigation, it appears that the fraudster breached the lawyer’s email account and used the email address to instruct the firm’s bank to authorize EFTs from the trust account. The bank set up EFTs as requested and processed multiple EFT requests from the same fraudster.

Once the breach was discovered, quick action by the lawyer and the bank facilitated the recovery of most, but unfortunately not all, of the stolen funds.

ALIA is aware of several other recent incidents where fraudsters have accessed lawyers’ or their assistants’ email accounts through cyber breaches, and then used the accounts to mislead clients, banks, and other third parties into transferring funds to the fraudsters. In one instance, the fraudster even deleted the fraudulent emails from the firm’s email system to avoid detection.

Dissecting Fraud

There are many types of cyber-crime that target law firms, lawyers, and their clients. In the situation described above, the firm was likely the victim of funds transfer fraud. Funds transfer fraud typically describes situations where a fraudster either poses as the victim and submits false instructions to the victim’s bank or debtor to transfer funds directly to the fraudster, or where a fraudster compromises a victim’s banking credentials and proceeds to initiate fraudulent transactions directly. Another common type of cyber-crime is social engineering fraud. Social engineering fraud generally describes a situation where fraudsters deceive victims into voluntarily transferring funds or divulging confidential information to the fraudster. Both types of fraud involve deception but may differ in how the deceptive tactics are applied.

Ultimately, cyber criminals are less interested in defining their tactics than they are in evolving their tactics to separate victims from their money. Cyber-criminals will continue to enhance their methods, including by incorporating artificial intelligence with potentially devastating effects. Lawyers should understand the different types of cyber-crime and try to stay current on common schemes. Recognizing the distinctions between different types of fraud can assist lawyers to establish strong policies and procedures, to notice red flags when present, and to ensure that they seek appropriate insurance coverage to protect them when cyber-crime is not avoided.

Preventing Fraud

The best line of defence against multiple types of cyber-crime, including funds transfer fraud and social engineering fraud, is often the diligent practice of good cyber-hygiene. For example, there are concrete steps that lawyers can take to reduce the possibility that their email or credentials will be hijacked by a bad actor seeking an instrument to commit fraud.

Many cyber “best practices” will be familiar to lawyers. They bear repeating because they work when followed, especially when multiple steps are taken. Lawyers are encouraged to review the measures set out below and consider whether their practices today will help them avoid becoming a victim of fraud tomorrow.

Best practices for cyber-hygiene include:

Enable multi-factor authentication on all email and banking accounts, and for financial transactions. Multi-factor authentication requirements can act as a final shield, especially in instances where credentials have been compromised. When possible, use an authenticator app rather than email or SMS (text message) codes.
Utilize tools that flag unusual account activity to identify and circumvent fraudulent activity in real time.
Require regular education for lawyers and employees to identify common schemes. Many frauds involve an element of human error at some point in the chain. Attention to common red flags may help identify phishing emails or an imposter.
Update passwords and credential often and avoid using the same password for multiple accounts. Passwords should be unique and difficult to guess. Passwords should be changed immediately if a security breach is suspected.
Implement internal controls and policies to offset the risk of human error. These may include restricting who has the authority to create or approve new payees and processes, restricting how the changes may be communicated, limiting access to sensitive or financial information, and ensuring third parties such as banks and clients are aware of relevant policies.
Conduct routine reviews and tests of internal practices and of employees’ ability to detect possible fraud. The results could reveal organizational vulnerabilities and inform future training.

ALIA does not provide legal advice. ALIAdvisory newsletters, ALIAlert fraud warnings, ALIAction notices and the content on ALIA’s website, notices, blogs, correspondence and any other communications are provided for general information purposes only and do not constitute legal or other professional advice or an opinion of any kind. This information is not a replacement for specific legal advice and does not create a solicitor-client relationship.

ALIA may provide links to third-party websites. Links are provided for convenience only; ALIA does not vet or endorse the information contained in linked websites or guarantee its accuracy, timeliness or fitness for a particular purpose.

If you believe you have been targeted by potentially fraudulent activity, please contact ALIAlert.