You’re the Mark, Counselor

by | Consumer Resources

How Fraudsters Exploit Lawyers, Trust Accounts, and the Prestige of Your License

By David P. Leibowitz

You went to law school to help people, not to become a money mule. But to a new breed of international fraudster, your law license, your trust account, and your professional instinct to help a client in need make you the perfect target.

These scams aren’t crude. They’re engineered to exploit the specific mechanics of legal practice—IOLTA accounts, escrow obligations, the duty to act on a client’s behalf, and the time pressure of transactions. The FBI has issued repeated warnings. State bars across the country post new alerts nearly every month. Yet lawyers keep falling for these schemes, sometimes to the tune of hundreds of thousands of dollars, because the scams are designed to look exactly like the legitimate work lawyers do every day.

If you handle collections, real estate closings, business transactions, or any matter that involves receiving and disbursing funds, you need to read this.

The Fake Collection Client

This is the most widespread scam targeting lawyers, and the FBI has flagged it repeatedly. Here’s how it works: you receive an email—often from someone overseas—asking whether you handle debt collection in your state. The story is always plausible. A foreign company is owed money by a U.S.-based debtor. They need local counsel to send a demand letter and collect the funds.

You agree. You send the demand letter. And then something remarkable happens: the debtor agrees to pay immediately—in full, no negotiation, no pushback. A cashier’s check arrives at your office, often drawn on a Canadian bank or another institution that’s difficult to verify quickly. You deposit it into your IOLTA account. Your “client” asks you to wire the proceeds—minus your fee—to an overseas account.

Days later, your bank notifies you that the check was counterfeit. The funds are clawed back. But the wire you sent is gone. And because it came out of your trust account, you are personally liable for every dollar.

Red Flags

  • Unsolicited contact from an overseas “client” you’ve never met, often with a vague or generic email address.
  • The debtor capitulates immediately with no negotiation—the fastest, easiest collection of your career.
  • Payment arrives by cashier’s check, often from a Canadian or foreign bank, sometimes for more than the alleged debt.
  • The client pressures you to wire funds quickly, before the check has fully cleared—often citing an “urgent business need.”
  • Communication is exclusively by email. The client resists phone calls, video conferences, or any verification of identity.

How to Protect Yourself

  • Never disburse funds until a check has fully cleared. Cashier’s checks can take weeks to be returned as counterfeit. Your bank’s “available balance” is not confirmation that funds are good.
  • Verify the client independently. Search the company name, check business registries, and insist on a video call before accepting the engagement.
  • Be suspicious of any collection where the debtor pays without resistance. In what universe does a debtor immediately agree to pay a demand letter in full, from a lawyer they’ve never heard of?
  • Call the issuing bank directly to verify the cashier’s check—using a number you find independently, not one printed on the check itself.

The Real Estate Wire Intercept

Business email compromise has become the most financially devastating form of cybercrime targeting the legal profession. The FBI’s 2024 Internet Crime Report documented over 21,000 BEC complaints with losses exceeding $2.7 billion—and real estate transactions are among the most frequently targeted.

Here’s the scenario: you’re handling a closing. Somewhere in the email chain, a hacker has been quietly monitoring the thread—often for weeks. At the critical moment, just before closing, someone in the transaction receives an email that appears to come from you, from the title company, or from the lender. It contains “updated” wire instructions. The email uses the right logos, the right tone, and references the correct property and transaction details. The only thing different is the account number—which now routes to a fraudster’s account.

Red Flags

  • Last-minute changes to wiring instructions sent via email, especially close to the closing date.
  • Subtle changes to email addresses—a single character swap, a different domain extension, or a display name that doesn’t match the actual address.
  • Unusual urgency in the request: “This needs to go out today” or “time is of the essence.”
  • The email thread feels slightly off—different formatting, a different signature block, or a tone that doesn’t match the sender’s normal style.

How to Protect Yourself

  • Establish a firm policy: wiring instructions never change by email. Communicate this to all parties at the outset of every transaction.
  • Verify all wiring instructions by phone using a known number—never a number from the email itself.
  • Enable multi-factor authentication on all firm email accounts. A compromised inbox is the most common entry point for these attacks.
  • Train every person in your office who touches financial transactions. Paralegals, assistants, and bookkeepers are often the ones who actually initiate wires.

Escrow and Trust Account Abuse

Your IOLTA account is a laundromat waiting to happen—at least, that’s how criminals see it. Money that passes through a lawyer’s trust account acquires a veneer of legitimacy. Sophisticated fraud rings know this, and they’re engineering scenarios designed to push funds through your escrow in ways that make you an unwitting participant in money laundering.

Common setups include: an overseas “client” asks you to hold funds in escrow pending a business transaction that never quite materializes, or a new client asks you to receive a wire, hold it briefly, and forward it to a third party minus your fee. The transaction may be framed as an equipment sale, a consulting agreement, or a settlement of a foreign dispute. The funds are real—but they’re stolen. And when law enforcement traces the money, the trail leads to your trust account.

Red Flags

  • A client asks you to receive and forward funds with no substantive legal work beyond holding money.
  • The transaction structure doesn’t make legal sense. Why does an equipment sale between two foreign parties need a U.S. lawyer to hold escrow?
  • Multiple parties you can’t independently verify—the “buyer,” “seller,” and “client” may all be the same person or organization.
  • The client is indifferent to your fee or offers an unusually generous retainer for minimal work.

How to Protect Yourself

  • Never let your trust account be used as a payment pass-through. If the primary purpose of your engagement is to receive and forward funds rather than provide legal services, walk away.
  • Know your client. Conduct due diligence that goes beyond a signed engagement letter. Verify corporate registrations, confirm identities, and understand the economic substance of the transaction.
  • Understand your obligations under anti-money laundering frameworks. While the U.S. hasn’t adopted the ABA’s recommended “gatekeeper” rules in full, the ethical and criminal exposure is real.
  • Consult your state bar’s ethics hotline if a potential engagement feels unusual. Most bars are happy to help you spot a scam before it becomes a disciplinary matter.

The Overpayment Scam

A variation on the collection scam, but worth its own section because it’s devastatingly effective. A new client retains you for a straightforward matter—a contract dispute, a personal injury settlement, a family law collection. A check arrives, but it’s for more than the agreed amount. The client apologizes for the “error” and asks you to deposit the check, keep your fee, and wire the overage back.

The check is fraudulent. The “error” was the whole point. And you’ve just wired clean money from your trust account to a criminal.

How to Protect Yourself

  • Any overpayment followed by a request to return the excess is a scam. Full stop. Legitimate clients do not accidentally overpay and then urgently need the difference wired to a third-party account.
  • Return overpayments by the same method they arrived. If a check came in, send a check back to the same account. Never wire a refund from a check deposit.
  • Wait for final clearance—not “available funds.” Banks make funds “available” long before a check has truly cleared. Cashier’s checks drawn on foreign banks can take weeks to bounce back.

AI-Powered Impersonation

Artificial intelligence has made these scams dramatically more convincing. Fraudsters now use AI to generate flawless legal correspondence, clone the voices of known contacts, and create deepfake video. A scammer posing as a foreign client can now produce emails that read like they were written by a sophisticated business professional—because they were written by an AI trained on corporate communications.

More alarmingly, the FBI has warned of criminal operations that impersonate existing law firms and real attorneys, complete with cloned websites and fabricated bar credentials, to victimize people who’ve already been scammed once. Your name and your firm’s reputation can be weaponized without your knowledge.

How to Protect Yourself

  • Monitor your firm’s online presence. Periodically search for your name, your firm name, and your bar number to check for impersonation websites or fraudulent use of your credentials.
  • Don’t rely on the quality of written communications as a trust signal. AI has eliminated grammatical errors as a reliable red flag. A perfectly written email no longer means a legitimate sender.
  • Verify voice and video. If a client or counterparty calls with an urgent financial request, hang up and call back at a known number. AI voice cloning is now available to anyone.

The Lawyer’s Fraud Prevention Checklist

Eight Rules to Protect Your Practice

  1. Never disburse trust funds until checks have irrevocably cleared. “Available” doesn’t mean “good.”
  2. Verify every new client’s identity independently—especially those who contact you unsolicited from overseas.
  3. Insist on live communication. Clients who refuse phone or video calls are a serious red flag.
  4. Never wire funds to a third party you haven’t independently confirmed.
  5. Treat wiring instruction changes as hostile until verified by phone.
  6. If a collection or transaction seems too easy, it’s probably a trap.
  7. Refuse to let your trust account be used as a pass-through.
  8. Document your due diligence. If you’re ever investigated, your file should show what you checked and when.

If You Suspect You’ve Been Targeted

Speed matters. If you’ve deposited a suspicious check or wired funds based on a potentially fraudulent instruction, act immediately.

  • Contact your bank’s fraud department and request an immediate recall of any outgoing wires. Recovery rates drop sharply after the first 24 hours.
  • Notify your state bar. Most bars have dedicated scam reporting channels and will not treat your report as a disciplinary matter.
  • File a report with the FBI’s IC3 at ic3.gov and with the FTC at ReportFraud.ftc.gov.
  • Notify your malpractice carrier immediately. Prompt reporting is typically a condition of coverage.
  • Preserve all communications—emails, texts, checks, wire confirmations. These are evidence.
  • Alert colleagues in your local bar. Scammers often work geographic regions systematically. If they targeted you, they’re targeting other lawyers in your area.

There is no shame in being targeted. These are professional criminals running industrial-scale operations. The shame would be in not warning your colleagues. Share this guide with every lawyer you know.

If fraud has left you or your clients facing overwhelming debt, you don’t have to face it alone. Lakelaw’s bankruptcy attorneys have helped thousands of people find a fresh financial start. Contact us today for a free, confidential consultation.

Get a Free Confidential Consultation
Loading...