Skip to Content

Social Engineering Fraud Sublimit

Looking for definitions of terms?

Expand All » Hide All »

What is social engineering?

It is the use of deception or manipulation to coerce you or your staff into divulging or transferring personal or confidential information or property. This includes, but is not limited to, actions by another party that intentionally induce a lawyer or their staff to transfer funds or assets to the wrong party or account. For a full definition see Part V (Definitions) of your policy.

Is a claim due to social engineering fraud covered

Yes, up to a sublimit of $250,000 per claim and in the aggregate. Beginning with the 2024 policy if you take specific steps mandated by LAWPRO you can extend this limit to $1M per claim and $2M in the aggregate. Find the requirements here.

Your example retainer language suggests putting my firm’s trust account number into the retainer letter. I am not comfortable putting my trust account information in the retainer agreement. Do I have to do this?

The goal is to ensure that contact and account information is exchanged (yours to the client and the client’s to you) early and ideally at the start of the retainer. As time goes by, chances increase that a fraudster could intercept the emails and commit social engineering fraud.

Your trust account and client’s banking information does not have to be in the retainer agreement provided you have complied with the policy requirements (“…includes instructions for the receipt, release and/or transfer of monies,…”). For example, you could state in the retainer letter that banking information (both the law firm’s and client’s) will be exchanged after the execution of the retainer agreement via a secure client portal or via email within 5 business days and confirmed during an in-person or virtual meeting.

If clients only send me payment for fees to my general account and I do not transfer money to my clients, do I need to include the sample language or meet the policy requirements pertaining to social engineering fraud?

If the steps outlined in Part III (k) of the policy are not taken, you are covered up to a sublimit of $250,000 per claim and in the aggregate, subject to any other provisions in the Policy.

Social engineering fraud usually happens for the purpose of stealing money, but it can be for other illegitimate purposes such as collecting confidential information for a subsequent crime or a fraudster providing you instructions contrary to your client’s intention/best interest.

With respect to your fees, it is still worthwhile to include information instructing the client that they should not expect changes to your banking information and to call you if they get new banking information sent to them. Otherwise, while it may not result in a claim, you may be out of pocket if the payment for your legal fees gets redirected to a fraudster.

Is the Wiring Funds Checklist mandatory to use to comply with the policy requirements?

No. The Wiring Funds Checklist is an additional fraud prevention tool, but not mandatory to use.

Do I need to establish a password with my client on file opening?

No. The password is suggested in the Wiring Funds Checklist as another measure to prevent fraud, but it is not mandatory to establish.

Land Acknowledgement

The offices of LAWPRO are located on the traditional territory of many nations including the Mississaugas of the Credit, Anishnabeg, Chippewa, Haudenosaunee and Wendat peoples. Toronto is covered by Treaty 13 with the Mississaugas of the Credit. LAWPRO respects and acknowledges the histories, languages, knowledge systems, and cultures of First Nations, Metis, and Inuit nations.

Back to top