Professionals depend on third-party email services to operate their business. As a result, professionals may assume that the vendor is safeguarding their electronic information and therefore the professional is not exposed. False. Consider an attorney sued recently for malpractice arising from an e-mail hacking scam.
A New York real estate attorney‘s e-mail account was hacked recently. The attorney was hired to represent wealthy clients in the purchase of a multi-million dollar condo. When the hackers gained access to the attorney’s email account, they identified the attorney’s clients as targets for a wire fraud scam. The hackers e-mailed the attorney posing as attorneys for the sellers of the condominium. The attorney forwarded these emails to her clients, who were tricked into wiring nearly $2 million to the hackers.
The clients learned they were defrauded the following day from their bank, but by that time it was too late to recover the funds. The clients later filed suit against the attorney for malpractice, alleging that she failed to take basic steps to secure her computer and to protect the clients from wire fraud. The clients alleged that the email service used by the attorney was notoriously vulnerable to hacking, but the attorney nevertheless relied on the email for sensitive communications involving the clients’ purchase of the multi-million dollar condominium. The clients further alleged that the poor security practices allowed the hackers to impersonate the seller’s attorney, which enabled them to persuade the clients to wire the funds.
Professionals must remain vigilant of cyber security threats. Simply relying on third-party platforms for email and other electronic communication may not relieve a professional of her duty to keep client information safe. If the professional ignores red flags, or fails to take basic safety precautions, she may be held liable if a client becomes the victim of a scam.