chevron-down Created with Sketch Beta.
February 09, 2021 Road Warrior

The Road Warrior Looks at Lawyer Scams

Jeffrey Allen
You cannot avoid exposure to scams, scammers, or other invasive efforts by the bad guys. You can only limit the risk of that exposure to you.

You cannot avoid exposure to scams, scammers, or other invasive efforts by the bad guys. You can only limit the risk of that exposure to you.

Best Content Production Group/iStock via Getty Images Plus

As a prelude, let me clarify that my reference to “lawyer scams” does not refer to a scam initiated by a lawyer that victimizes others. We should never involve ourselves in such things, and I would never write a piece telling you how to do that. Rather, this piece focuses on scams that target lawyers. Yesterday, I spoke at a CLE program as part of the GPSolo Division’s Winter Summit. In preparing for that, I looked at some of the changes wrought by the COVID-19 pandemic and the associated lockdown. Because of my interest in technology, our increasing use of and dependence on technology in the course of the pandemic stood out to me. It stood out for three reasons. First, it underscores a lesson I have taught for many years relating to the absolute necessity of lawyers learning about technology to facilitate the competent practice of law in today’s world. Second, as we grow more dependent on technology, the failure to understand how it works and deal with it competently exposes us to a burgeoning number of scams directed to lawyers as targets. And third, I always thought that the increased use of technology by attorneys lied on the horizon; the pandemic hastened that evolution, and many of the changes will remain part of our lives and practices long after we look back at the pandemic as history.

The positive reception to the CLE program confirmed for me the interest attorneys have in this topic and induced me to focus this column on attorneys as the victims of scams and scams that target attorneys. This problem potentially affects all attorneys, without regard to practice setting. Likely, mobile attorneys have greater risk. Mobile attorneys have regularly depended more on technology than most other attorneys as technology facilitates that mobility. The more you use technology without fully appreciating the risks, the greater the risk of exposure—hence my crusade to make sure that attorneys learn to appreciate the risks of using technology and the way to use it most safely.

As a prelude, I will tell you that in the aftermath of the pandemic, I have talked to a number of attorneys who got sucked in by one or another scam. Some of them have lost significant amounts of money, others lost time, others had their system’s operation impaired, and some lost access to important and sometimes confidential information. Others had their systems breached, allowing the bad guys to access client confidential information. None of the attorney-victims I talked to liked the consequences of what happened. Some continue to deal with the consequences and dislike them more with each passing day. While we should never think of the problems they incurred as a good thing, some good can come from it, both for them and for you. They learned the lesson that they need to master technology and exercise caution in using it, and you have the opportunity to learn from their mistakes and take preemptive action to avoid suffering the same or similar consequences. Unfortunately for them, they learned the lesson the hard way. Fortunately for those of you who read this, if you pay attention and take appropriate prophylactic action, you won’t have to suffer the slings and arrows of outrageous conduct by the bad guys (written tongue in cheek and with due apologies to William Shakespeare).

Scams that target lawyers generally seek to get access to information and often to get you to do something that will impact your trust account. I cannot go through all possible scams in this article. I have chosen to focus on one in particular and use it to help make a point of the need to take protective action to mitigate your risk. One of the realities that you have to deal with is the double-edged nature of technology. It can help you or hurt you and do either or both very effectively. One of the ironies of the Internet is that the more of an Internet presence you develop to attract clients, the larger a target you become for scammers. The more you put yourself out there, the easier their access to you.

Because I see myself as somewhat of a bellwether when it comes to technology, trying to help attorneys understand technology and appreciate its risks as well as its benefits, I occasionally accept certain risks that I strongly advise you to avoid. I do that in many ways and for the specific reason of gathering information. Perhaps in another life, I might have found contentment as an investigative journalist, or perhaps as an undercover agent. So, let me describe for you an example of what I am talking about. I have personal knowledge of this one as I went undercover to trap the scammers.

The Trust Account Scam

Like many of you, I often receive e-mails from people all over the world soliciting my legal services (generally multiple e-mails on a daily basis). While some come from legitimate potential clients, a large percentage of them come from scammers. The letters I get generally fall into several categories. Some ask me to write agreements to lease equipment; others ask me to document the purchase/sale of equipment and frequently also ask that I agree to act as the escrow agent to handle the transaction; still others ask me to file lawsuits for breach of contract and/or simple collection of accounts for property delivered in the past. I also often get a completely different type of e-mail asking me to join someone in some foreign country in claiming substantial amounts of money left by a decedent with my last name, suggesting that I might be a distant relative and the only one left to make the claim. I have also received solicitations asking me to take responsibility for large amounts of money and oversee the use and often the distribution of these funds.

At any rate, one day I received an e-mail from a foreign company (meaning outside the United States, not outside my state) that claimed to have sold equipment to a company located in my home county. The e-mail represented that the buyer dishonored the obligation to pay for the equipment and claimed to want to retain my firm to represent them in a suit against the buyer to recover the purchase price of several hundred thousand U.S. dollars. The would-be client asked me to advise about a retainer and to provide a copy of our representation agreement form. As the initial solicitation looked very much like others I had seen, I suspected a scam. Being a bit bored that day and also having some interest in seeing how this would play out, I did what I have regularly advised you not to do: I responded to the suspicious e-mail. (No, I did not click on any links!) I told the would-be client that as a condition of representing them, we would require a $25,000 U.S. trust deposit in good funds against fees and a signed representation agreement. I provided a copy of our representation letter to them for review of the terms. As a precaution, I gave it to the prospective client as a PDF, not filled out, not signed, and not on letterhead. I did that as I did not want them to be able to sign it and claim we had agreed to represent them. If I were dealing with what I believed to be a real client, I would not have done that. Instead, I would have sent it on letterhead, completely filled out for the client to sign.

The next communication I got was about three days later—an e-mail from the would-be client stating that he had talked to the buyer and told the buyer that my office was representing them and would be filing a suit. The e-mail claimed that the buyer immediately caved (I guess our reputation must have scared the buyer) and agreed to pay the balance in full. The e-mail also said that we should expect a check from the buyer for the balance. I wrote back and informed the would-be client that we did not represent them as we had not agreed to do so and would not until we had a signed representation agreement and good funds on deposit in the trust account. That afternoon a messenger dropped off an envelope that contained what purported to be a cashier’s check, payable to our firm as trustee. Presumably, the scam called for us to deposit the check into our trust account and disburse the funds prior to the check clearing the issuing bank. I looked at the check and allowed that it appeared to look like a pretty good fake, but I did not believe it to be a real cashier’s check. Accordingly, I had my assistant take it to the bank that supposedly issued it (not our bank), and she verified with them that it was not one of their checks and that their checks looked substantially different. They told her that they would not honor it as it appeared to be a forged document, which is what I suspected.

I e-mailed the would-be client and told them that the check was dropped off at our office, that we had verified it was forged, and that we would not deposit it into our trust account or otherwise handle or process it. I also reminded them that we did not represent them and suggested that they might want to contact the buyer and let them know that the check would not be negotiated. I told them they could tell the buyer to arrange to pick it up within 72 hours or I would destroy it. If they had called to arrange to pick it up, I would have had the police waiting for them when they came to the office. They did not. We never heard from any of them again.

Lessons to Learn

Now, if you had come to me with this story, what would I have said you did wrong, and what would I have said you did correctly?

  • First wrong thing: You should not have answered the e-mail at all. I did to see what was going on and because I anticipated writing this article or one like it. I knew what I was doing when I did it and was extremely cautious. Unless you are planning on authoring a similar piece and have sufficient technological savvy to protect yourself, don’t respond to such e-mail.
  • Second wrong thing: You should not have continued correspondence with the prospective client. If they came up with good funds and documentation to establish their validity as a company and signed a representation agreement, I would take a different approach. The likelihood of a con artist giving you $25,000 in real money to lure you into their trap is relatively slim. It could happen but would not likely occur.
  • Third wrong thing: You should not have accepted the check from the messenger. I say that tongue in cheek, as you might not have known the origin of the envelope or that there was anything suspicious about it until you opened it. In fact, we did not. The messenger left the envelope with our receptionist, who signed for it. She thought it was just another hand delivery of documents in a case or perhaps notice of a motion in a litigation matter. We did not know the content or the connection until we opened it.
  • First right thing: You did not agree at any time to represent this would-be client.
  • Second right thing: You did not deposit the check into your trust account.
  • Third right thing: You did not distribute any funds against the forged check.

From an ethical perspective, understand that if you had distributed trust funds against the forged check, you would, in effect, have misappropriated funds from other clients. That could net you some discipline, and you would have the legal obligation to restore the funds so used to bring your trust account in compliance with the law.

What else could you have done? You could have notified the police about the scam attempt. It is not likely that they would or could do anything, but it never hurts to have a record. You could have also notified your bar associations. They might want to get some kind of warning out to their members.

You could have had tighter restrictions (rules) on your e-mail accounts. That might have prevented the e-mail from ever reaching you. Rules for e-mail accounts are a trade-off, though, and you have to be careful. The tighter you ratchet down the rules, the more likely you trap some legitimate e-mail that you will wish you had seen. To give you an example, an attorney, who shall remain nameless, with whom I did a CLE program some years ago, told me this story about e-mail rules. By way of background, the attorney specialized in representing lawyers in disciplinary matters before the state bar. It seems the attorney represented a large law firm (also remaining nameless) that ran into a problem because the non-attorney IT department tried to impose very strict e-mail rules to weed out spam and other undesirable e-mail. E-mail with sexual overtones made the list of undesirable. Apparently, the IT people made a list of all terms that they could think of that related to sex. They included references to female undergarments. They also included references to male undergarments, such as, wait for it: briefs! The end result was that any e-mail containing the term went straight to spam. You can do the math on that one.

Lest you think I am exaggerating the scope of the problem of lawyer scams, I refer you to an interesting article by Paula M. Bagger entitled “Lawyer Beware: Four Tips to Avoid Email Scams Targeting Lawyers,” published by the ABA Section of Litigation ( This article addresses another form of lawyer-targeted trust account scam. It also discusses recent litigation arising out of that situation where the firm unsuccessfully attempted to get its bank to share the substantial loss that resulted. That case citation is Sarrouf Law LLP v. First Republic Bank, No. 19-P-31 (Mass. App. Ct. May 20, 2020).

Steps to Protect Yourself from Scams

I have written many pieces about other steps you can take to protect yourself and your firm both at home and on the road when it comes to cybersecurity risks. I do not have the space to repeat those recommendations in detail here, but you can find many of them in my July/August 2020 Road Warrior column ( A short summary of some of the most important recommendations would include:

  1. Protect your devices physically (don’t leave them unattended).
  2. Protect your devices with strong passwords and/or biometric access. A strong password consists of a minimum of eight characters including alphabetic (upper- and lowercase), numeric, and symbolic.
  3. Protect your accounts with strong passwords and/or biometric access.
  4. Stay off of public WiFi (carry your own cellular hot spot).
  5. Use a virtual private network (VPN).
  6. Don’t respond to questionable e-mails.
  7. Don’t click any link in a questionable e-mail.
  8. Don’t download any attachment from an unknown source.

One other word to the wise: E-mail scams may come after you professionally or personally. Those coming after you personally that collect information or that get access to your computer or mobile data or your e-mail accounts might also impact you professionally. Accordingly, you need to protect both your personal and your professional situation. As a practical matter, it may be accurate to say that the world of lawyers (and others) divides into three camps: (1) those who have suffered the slings and arrows of outrageous cybersecurity pirates and/or scammers; (2) those who will suffer the slings and arrows of outrageous cybersecurity pirates and/or scammers; and (3) that relatively lucky group that will somehow escape this fate.

The damage done to you by the bad guys can be minor or major or anywhere in between. The bottom line: You cannot avoid exposure to scams, scammers, or other invasive efforts by the bad guys. You can only limit the risk of that exposure to you. This is not about risk avoidance; it is about risk mitigation. If you do everything recommended, you may still get stung. The odds of it diminish with each mitigation measure you properly employ. Sometimes you can get lucky, do nothing, and still not get stung, but the odds of that aren’t good.

Download the PDF of this article

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

Jeffrey Allen is the principal in the Graves & Allen law firm in Oakland, California. He is Editor-in-Chief Emeritus of GPSolo magazine and the GPSolo eReport and serves as an editor and the technology columnist for Experience magazine. A frequent speaker and writer on technology topics, he is coauthor (with Ashley Hallene) of Technology Tips for Lawyers and Other Business Professionals (ABA, 2016).