Canadian Lawyer

w w w . C A N A D I A N L a w y e r m a g . c o m M A Y 2 0 1 7 13 Tolmie says that when he attempted to investigate the Hong Kong incident through local police or warn the bank in England that the account was being used by fraudsters, he was met with indiffer- ence and bureaucracy and told to fill out forms. By the time forms are filled out and authorized, Tolmie says, the money is long gone and the cyber-trail cold. Tolmie says police departments also don't have the resources to carry out international cyber-investigations while offshore police department co-operation is lukewarm or nonexistent. Tolmie's advice to the legal commun- ity? If you are transferring money abroad, make sure it is to the right party. Once the money is sent, it is gone. "You cannot count on the police," he says. Cybercrime private investigator Dale Jackaman, president of Amuleta Computer Security and Investigations, says law firms are "low-hanging" fruit for scams such as address spoofing, identity theft and accessing sensitive business information. They make easy targets as they publish their email addresses and lawyer profiles on their websites and also participate in LinkedIn networks. "It is easy to start up a conversation and start building a trust relationship," he says, adding he is aware of fraud scams stemming from LinkedIn rela- tionships that range up to $1 billion. Spoofing is easy, Jackaman explains. "Anyone can register a new domain with [a] character that is different," he says. Gaining an email access can also be accomplished through a number of programs that attach on to a document and become a back door in. "The weak- est link is the law firm's front desk and the receptionist whom opens an infected PDF or Word document," he says. Staff and lawyers also need to be cautious of what is inserted into computer drives. He points to Stuxnet as an example of a malicious computer worm that damaged Iran's nuclear program. It was intro- duced by a dropped USB flash drive. "An employee picked it up in the parking lot," he says. Jackaman says his company is called in after incidents occur. "In 90 per cent of the cases, we are dealing with lawyers in one way or another," he says, whether to determine how breaches occurred or col- lect information and evidence in cases. In 60 per cent of cases, the breach of security is tracked back to employees. "Law firms — especially the smaller or independent firms — are poorly protected from cyber-intrusion. They are low- hanging fruit and many have relationships with larger firms, which make those firms easy to get to," he says. Knapp agrees that law firms are "slow to adapt." There are many articles online that provide information on BEC and related scams, he says. The best protection is education and ensuring that email information is protected. He estimates that as many as 80 per cent of hacks of emails result from insider information. — JEAN SORENSEN \ AT L A N T I C \ C E N T R A L \ P R A I R I E S \ W E S T REGIONAL WRAP-UP Integrated Legal Marketing Solutions LawyerMarketingCanada.com/solutions Put Your Digital Marketing Tactics into High Gear ntitled-3 1 2017-04-13 2:57 PM

• Cover