Social Engineering Fraud Sublimit
What is social engineering?
Is a claim due to social engineering fraud covered
Your example retainer language suggests putting my firm’s trust account number into the retainer letter. I am not comfortable putting my trust account information in the retainer agreement. Do I have to do this?
Your trust account and client’s banking information does not have to be in the retainer agreement provided you have complied with the policy requirements (“…includes instructions for the receipt, release and/or transfer of monies,…”). For example, you could state in the retainer letter that banking information (both the law firm’s and client’s) will be exchanged after the execution of the retainer agreement via a secure client portal or via email within 5 business days and confirmed during an in-person or virtual meeting.
If clients only send me payment for fees to my general account and I do not transfer money to my clients, do I need to include the sample language or meet the policy requirements pertaining to social engineering fraud?
Social engineering fraud usually happens for the purpose of stealing money, but it can be for other illegitimate purposes such as collecting confidential information for a subsequent crime or a fraudster providing you instructions contrary to your client’s intention/best interest.
With respect to your fees, it is still worthwhile to include information instructing the client that they should not expect changes to your banking information and to call you if they get new banking information sent to them. Otherwise, while it may not result in a claim, you may be out of pocket if the payment for your legal fees gets redirected to a fraudster.
Is the Wiring Funds Checklist mandatory to use to comply with the policy requirements?
Do I need to establish a password with my client on file opening?
No. The password is suggested in the Wiring Funds Checklist as another measure to prevent fraud, but it is not mandatory to establish.