ARTICLE
28 March 2017

AOL, Dropbox And The Big "Uh-Oh"

LD
Lowndes, Drosdick, Doster, Kantor & Reed

Contributor

The firm’s original four partners were engaged primarily in a burgeoning real estate practice. While our real estate practice and deep-rooted involvement in that industry remains an integral component of the firm, we have grown alongside the dynamic needs of our clients and community at large. Today, the firm’s lawyers advise clients on almost every aspect of business: from copyrights and trademarks to high-stakes, high-profile litigation; from complex commercial and residential real estate issues to wealth management; from labor and employment law to healthcare; from capital raising and entity formation to corporate growth and expansion locally, nationally and internationally.
An article came out highlighting a new suit against a law firm. Suits against law firms are not particularly rare and don't make for compelling news.
United States Law Department Performance

An article came out highlighting a new suit against a law firm. Suits against law firms are not particularly rare and don't make for compelling news. This suit, however, did.

A New York couple brought suit against their former law firm because it used an America Online account to transact firm business. If you are my age you probably remember that AOL and "You've got mail!" were the future—back in 1990.

Well, it turns out that this law firm and its AOL account were being used to help a couple purchase a $19.4 million cooperative apartment in Manhattan. Hackers had breached the firm's AOL account and were monitoring its email traffic. The hackers then used the account to pose as the attorney working on the deal to direct the clients/couple to deposit $1.9 million by wire transfer into a hacker-controlled account. The hackers were kind enough to send the buyers/clients a receipt for the funds.

Once the fraud was detected the couple was able to recover all but $196,200 (plenty enough to still ruin my day). While this is a brand new suit, it should be warning enough. So, what are the lessons learned here?

1. Your company should provide thoroughly vetted and secure software tools for its employees. If you are using "personal" software (including email or file sharing services) or cloud-based software for company business that has not been affirmatively adopted by your company, you may ask yourself, "Is this a risk I want to take on my own? Does my name look good in headlines

2. Frequently these hacks take the form of "spoofed" email (i.e. email that looks like it is from a legitimate source, but is not). For example, you could receive an email from another employee within your company, requesting confidential information. Before hastily responding, click on the email address and carefully examine it. Often a spoofed email changes one letter or number within a familiar email. Tricky!

3. As to handing money in general via the Internet, you as the responsible citizen, should be very careful if you have any part to play in handling wire transfers (or any money). I suggest verbal communications to confirm instructions/accounts/timing in addition to written instructions. Pick up the phone and speak with your client to guarantee the details and discuss how the wire transfers will be handled. Better yet, avoid "handling the money" if at all possible.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More