As reported by the New Jersey Law Journal, one New Jersey law firm was victimized twice by poor information security. In a situation that can only be described as adding insult to injury, the law firm Olender Feldman was first victimized by an Advance Fee Scam. Then, while litigating to recover the funds it lost in the scam, the firm and its partners’ private and confidential information was publicly filed in court. This comedy (or tragedy if you’re the victim) of errors demonstrates two of the myriad ways third party errors create risk and liability for your business.
In 2017, Olender Feldman fell for a classic Advance Fee Scam, where the victim pays money to someone believing that they have already received something of greater value. For law firms, the scam typically begins with an unsolicited email from a potential foreign-based client that is due to receive a settlement or judgment in the U.S. The prospective client needs minimal legal work to finalize receipt of the funds, which is delivered to the law firm as a certified check. The firm is then instructed to wire the funds to the client, less a generous amount of fees for the firm’s minimal work. After the firm wires the funds overseas the certified check is invariably discovered to be fraudulent and the firm left liable for the funds it wired out. In this case, Olender Feldman alleges it was defrauded of $228,900.
Olender Feldman did not take this lying down, however, and sued its bank, Investors Bank, alleging the bank was negligent for not detecting the fraudulent check sooner. This brings us to our first point about the third party risks and information security protocols:
Takeaway #1 – Defrauded parties often look to shift loss to a third party. This is a risk that business can manage, however, through sound and careful protocols and contract policies. The specifics will vary between industries and based on the nature of the business relationship.
Unfortunately, the story does not stop here because in the course of the lawsuit, Investors Banks’ lawyers publicly filed documents revealing confidential financial information on the firm and its partners. This data included home addresses, home telephone numbers, email addresses, driver’s license numbers, and the bank account numbers. Errors like these are entirely avoidable despite happening with alarming frequency and sometimes disastrous results. This highlights the second lesson about the third party risks and information security protocols:
Take away #2 – Information security is ultimately the responsibility of the data owner, leaving businesses at risk for how their third party vendor’s handle sensitive information. This risk is also manageable, however, through careful contract management, including clear terms regarding data security, due diligence, audit rights, and indemnification.
In this day and age, digital scams are numerous and ubiquitous. The Advanced Fee Scam has many variations, and the FBI offers five tips for remaining vigilant:
- If the offer of an “opportunity” appears too good to be true, it probably is. Follow common business practice. For example, legitimate business is rarely conducted in cash on a street corner.
- Know who you are dealing with. If you have not heard of a person or company that you intend to do business with, learn more about them. Depending on the amount of money that you plan on spending, you may want to visit the business location, check with the Better Business Bureau, or consult with your bank, an attorney, or the police.
- Make sure you fully understand any business agreement that you enter into. If the terms are complex, have them reviewed by a competent attorney.
- Be wary of businesses that operate out of post office boxes or mail drops and do not have a street address. Also be suspicious when dealing with persons who do not have a direct telephone line and who are never in when you call, but always return your call later.
- Be wary of business deals that require you to sign nondisclosure or non-circumvention agreements that are designed to prevent you from independently verifying the bona fides of the people with whom you intend to do business. Con artists often use non-circumvention agreements to threaten their victims with civil suit if they report their losses to law enforcement.
If you have any questions of concerns about any types of fraudulent activity you may be encountering, please feel free to contact me.
This article contains attorney advertising. Prior results do not guarantee a similar outcome.