The Law Firm as a Target for Fraudsters

When they asked Willie Sutton why he robbed banks, he replied “because that’s where the money is.”

-https://www.fbi.gov/history/cases-and-criminals/willie-sutton

Two weeks ago I blogged about personal fraud and my cynical views on societal corruption. See https://www.awrcounsel.com/blog/2026/5/26/mail-fraud-and-rotten-fish. As the manager of a small boutique law firm, this week I thought I would turn to business fraud and be a little more entertaining.

Here is my first story. I have framed on the wall of my office a letter purportedly from the Chief Financial Officer of DaVita, the kidney dialysis company. To be clear, DaVita wasn’t a participant in this fraud; it was a criminal improperly using the Davita name. Back in 2020, on the cusp of the pandemic, I received an email allegedly from a former employee of Davita claiming he was sexually harassed by his female supervisor and had negotiated a six-figure settlement with the company, but then had not been paid. He asked for legal assistance. I demurred saying it was not my expertise, and anyway he couldn’t afford my rates. I got a follow up email anyway with a pile of documents substantiating his claim, and then another email saying DaVita now wanted to pay the sum to his counsel. Again, I told him that he should get payment directly and avoid middlemen. Shortly thereafter, I was told the check was coming to me by special delivery, and sure enough an “Official Check” in the amount of $113,326.16 drawn supposedly on an account at Citbank, along with the cover letter on Davita letterhead, arrived by courier from a Canadian address. All I had to do was deposit the check, net out my $10,000 fee, and pay the balance to my new client. Easy money.

Now, I wasn’t born yesterday, and from the beginning my fraud antenna was on alert. Before the check arrived I had confirmed in my own mind that it was a fraudulent scheme. Money for nothing almost always is. But it was an elaborate one, well-documented, slick, and calculated to appeal to greed. When I researched the signatory on the letter, I found that the alleged CFO had left DaVita’s employment a few weeks earlier. Nor was the email address for DaVita used in the documents a real corporate domain. Like the other frequent email scams that I receive, there had been a new email address created which was similar to but not the same as the real email address.

The upshot of the scam is that I packaged up the materials and sent them to the real corporate folks at Davita. I never heard from them, but as a result I did get a call from a real FBI agent in New York investigating a string of frauds against law firms. After we discussed the case, I told the FBI agent he should watch the documentary film McMillions about how the head of security for McDonald’s conspired to steal most of the million-dollar winnings for the McDonald’s multiyear Monopoly promotions.

Anyhow, as noted above, I framed the fake Davita letter and check and it hangs on my office wall to remind me to always be vigilant. I have received three fraudulent emails with malware attachment in the last 24 hours .It is a jungle out there. Back in the day working for the Brown Rudnick LLP law firm, I once clicked on an email offering a dozen free donuts from what I thought was Dunkin Donuts. They had a donut store just around the corner from our Washington, DC office. Other firm employees often brought in donuts for the staff, and on impulse I had the idea I should do the same. It turns out the email was from Dunkin Donots and was a test by the Brown Rudnick IT Department to alert employees about to spear fishing risks. I fell for it, but it was a learning experience. I had to attend some remedial training  on internet risks, which in hindsight was probably the only useful corporate training I ever had.

Of course, these incidents are not the only business fraud stories I can tell.

Almost every two weeks I get two back-to-back emails from the AWR Counsel HR, payroll, accounts receivables, or some other AWR Corporate Department with a work-related attachment I am supposed to open. The emails always come in pairs, so I surmise I am on the scammer’s mass mailing list of supposed suckers twice. It makes it easier to spot. These emails get blocked immediately (albeit that doesn’t stop future spear fishing). I suppose hope springs eternal in the fraudster that one day I will inadvertently open the attachment.

And once our Abrahams Wolf-Rodda IT system firewall was briefly penetrated by a fraudster. I had another law firm as a client, and I got an email from my contact with an attachment to open. I opened it and it wanted me to give one of our passwords as part of the process of downloading the attachment. I immediately got suspicious and aborted my  efforts and signed out. I then went to email my client directly (not replying to the fishing expedition email) and soon afterwards got an email back from him  saying  yes, the email I had received was legitimate. So (stupid me) I asked a colleague to download the item and work on the new project. That colleague proceeded to give his password, and soon enough his email was highjacked, The  hacker had access to my client’s email and had taken over my client’s account. It was the hacker who replied to my email. Now I know you can’t just go to a client’s email profile and send a new email to confirm whether the original suspect communication was legit. I always knew not to reply directly to a suspicious original email to confirm. If you get a suspicious email from someone you know, call them on the phone and talk with them about it.

My colleague caught the error quickly, and we purged the hacker and his malware from our system without any serious complications. But meanwhile, I became concerned about the integrity of my personal investment accounts -- and thought it was possible my passwords and account numbers had been compromised. So, I proceeded to transfer two investment accounts to new account numbers. Despite being assured by my investment company that they would honor and process two outstanding checks for taxes written on one of the old accounts to the Federal and State governments, they proceeded to bounce my checks. I had to pay the taxes again and petition the tax authorities for relief from the late fees and bounced check penalties. Even if you have no financial losses from these frauds, there is always an aftermath which involves too much of your time being wasted.

In short, lawyers and law firms are an easy target for fraudsters. The criminals are always looking for new targets, and the lawyers are always hoping for new clients. The law firm’s work on things that may have significance in the stock market or other financial transactions. Hacking into the law firm computers can gain access to a treasure trove of business and personal financial information. Large law firms have major IT Departments who track this stuff 24/7, yet they still get penetrated all the time. The smaller  law firms have less resources, but also less people accessing their systems and making mistakes. The risks and access points multiply with larger size. As I noted last week, baby, it is a wild world, and  you have to be suspicious and cautious, even with emails from known clients and friends. There is a lot that can go wrong.