This Div is a JS Trigger
Issue 67 | January 2021

LIANSWERS

This newsletter includes information to help lawyers reduce the likelihood of being sued for malpractice. The material presented is not intended to establish, report, or create the standard of care for lawyers. The articles do not represent a complete analysis of the topics presented, and readers should conduct their own appropriate legal research.
FRAUD ALERTS: Current Trends in Cyber Security

The occurrence of fraud attempts continue to grow exponentially. We are all particularly vulnerable due to the pandemic, when scammers are targeting distracted staff and impermanent workplaces in the hopes that these vulnerabilities will delay detection of scams. In November 2020, Canada's National Cyber Threat Assessment report was released by the Federal Government's Canadian Centre for Cyber Security, as "Canadian individuals and organizations increasingly rely on the Internet for daily activities. In a COVID-19 context, this trend has accelerated to enable Canadians to work, shop, and socialize remotely in accordance with public health physical distancing guidelines. However, as devices, information, and activities move online, they are vulnerable to cyber threat actors. Cyber threat actors pose a threat ... through the theft of personal information, which facilitates additional criminal behaviour including identity theft and financial fraud. As physical infrastructure and processes continue to be connected to the Internet, cyber threat activity has followed, leading to increasing risk to the functioning of machinery and the safety of Canadians."

Of the numerous Key Judgments outlined in the report, some are specifically relevant to lawyers and their practices:

  • "The number of cyber threat actors is rising, and they are becoming more sophisticated. The commercial sale of cyber tools coupled with a global pool of talent has resulted in more threat actors and more sophisticated threat activity. Illegal online markets for cyber tools and services have also allowed cybercriminals to conduct more complex and sophisticated campaigns.
  • Cybercrime continues to be the cyber threat that is most likely to affect Canadians and Canadian organizations. We assess that, almost certainly, over the next two years, Canadians and Canadian organizations will continue to face online fraud and attempts to steal personal, financial, and corporate information.
  • We judge that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers. These entities cannot tolerate sustained disruptions and are willing to pay up to millions of dollars to quickly restore their operations. Many Canadian victims will likely continue to give in to ransom demands due to the severe costs of losing business and rebuilding their networks and the potentially destructive consequences of refusing payment."

Among the numerous sections of this report, you may choose to review in particular the list of "Useful Resources" on Cyber Security.

Similar ransomware virus attacks have been reported in Nova Scotia. A ransomware-infected email link or attachment may appear to be from a financial institution or company (e.g. a package delivery service), or, in recent times, with regard to COVID-19 related matters. Once an infected link or attachment is opened, the virus will begin to corrupt the victim’s system files. A pop-up window will soon appear on the computer screen, restricting access to the system and its files until a ransom is paid to the creator of the virus.

These warning messages may also claim to be from the RCMP or other government agencies stating that their computer has been frozen for a criminal investigation involving 'child pornography' or 'illegal music downloading'. This is an attempt to scare victims into sending money to unlock their system, although the computer will not be unlocked if the money is paid – the scammers will disappear once the funds are transferred.

These programs install themselves and encrypt files on the computer’s hard drive, and are extremely difficult to remove, with no guarantee that your data can be recovered. Here’s how to protect yourself:

  • Be vigilant about the legitimacy of all emails received – do not open email attachments or click links from unverified senders
  • Never click on a pop-up that claims your computer has a virus
  • Turn on your browser’s pop-up blocking feature
  • Keep your anti-malware and firewall programs up-to-date and perform scans on a regular basis
  • Schedule regular system updates and maintain backups of your data to ensure that your files are protected
  • Never download anti-virus software from a pop-up or link sent to you in an email
  • If you’ve received a ransomware message, contact the Canadian Anti-Fraud Centre (1-888-495-8501) to report it
  • If your computer becomes infected, do not pay the scammer’s ransom request – have it cleaned by a computer repair service to remove any malware.

As we've warned in the past, we bring this to your attention for several reasons. Social engineering fraud is not part of the cyber coverage we offer in our policy. In the similar cases, coverage has been denied by a cyber insurer when the lawyer/firm did not have the social engineering rider on its commercial cyber policy. Second, depending on the facts, there may not be coverage for such a fraud under the professional liability part of your insurance policy either. Accordingly, a lawyer falling victim to such a fraud who lacks appropriate insurance coverage and whose trust account is compromised could be in the position of having to reimburse their trust account for any lost funds.

For tips to avoid being victimized, or to report or seek advice on dealing with fraud and scam attempts, contact Cynthia Nield at cnield@lians.ca or 902 423 1300, x346.

next