Before you disburse funds, spot and stop fraud that steals from your law firm and your clients.

Fraud schemes targeting lawyers are evolving — from business email compromise to AI-generated deepfakes. Criminals exploit the trust inherent in the lawyer–client relationship to pressure lawyers into disbursing funds quickly or to redirect client payments through deceptive communications. Law firms cannot eliminate all risk, but they can implement safeguards to reduce exposure and protect client funds. Learn three proactive steps your law firm can, and should, implement today.

When Fraud Exploits Professional Trust

Fraud targeting law firms is often framed as a technology problem, but its real leverage is the trust dynamic. Clients assume communications from their lawyer are authentic, and lawyers assume prospective clients act in good faith when seeking representation. Criminals exploit both assumptions.

Client payment fraud generally takes two forms: fraud perpetrated on the lawyer, and fraud perpetrated through the lawyer.

In fake-client schemes, a prospective client contacts the firm about collecting a debt or handling a transaction. A check arrives that appears legitimate, and the “client” pressures the firm to quickly disburse funds. By the time the check is returned as counterfeit, the firm’s trust funds are gone. Other variations involve transactions with inconsistencies: mismatched VINs or parcel numbers, altered business names, incomplete documentation, or unexplained multi-state elements. These red flags should prompt verification before any funds move. Keep in mind that these scams succeed when urgency overrides process.

Other schemes operate through the lawyer. In Business Email Compromise a fraudster gains access to a lawyer’s email account, monitors communications, and sends a fake invoice or altered wiring instructions. Because the message appears authentic, the client relies on it.

Generative AI has expanded the threat. Voice-cloning and fabricated video messages can reinforce fraudulent payment instructions. A call that sounds exactly like your client demanding immediate transfer of funds may not be your client at all.

In each scenario, the objective is the same: move money quickly before verification occurs.

Why This Raises Professional Conduct Issues

These schemes implicate core professional duties. Ohio Professional Conduct Rule 1.1 requires competent representation, including reasonable understanding of technology risks. Rule 1.6 requires reasonable efforts to prevent unauthorized access to client information. Rule 1.15 requires lawyers to safeguard client funds from improper disbursement. Lawyers with managerial authority also have supervisory responsibilities under Rules 5.1 and 5.3 to ensure that appropriate policies and training are in place.

The issue is not whether every attack can be prevented, but whether reasonable safeguards existed.

Proactive Prevention in an Evolving Fraud Landscape

Fraud succeeds when urgency overrides process. Consistent verification protects client funds and firm communications.

Funds should not be disbursed until deposits are confirmed as fully cleared. Requests involving urgency or third-party payment should be independently verified. Any change to payment or wiring instructions should be independently confirmed through a known, previously validated contact method – not through reply email.

Authority to issue payment instructions or initiate trust disbursements should be limited and internally reviewed. Multifactor authentication, written policies, and regular staff training are part of reasonable practice management.

Best Practices Strengthen Your Practice

Preventing client payment fraud requires both proactive communication and disciplined internal procedures. Consider these three proactive steps:

1. Establish Disbursement Protocols

Adopt written verification procedures for all payment instructions and wiring changes. Authority to issue payment instructions or initiate trust disbursements should be limited and subject to review.

2. Communicate Payment Security to Clients

Firms should address payment security at the outset of representation. Engagement letters should explain how payment instructions are transmitted and that the firm will not change wiring instructions by email alone. Encourage clients to independently verify any payment instructions through a known contact method. Establishing this expectation early reduces confusion and gives clients a framework for identifying suspicious communications.

3. Develop and Maintain an Incident Response Plan

Have clear procedures for responding to suspected compromise, including immediate contact with financial institutions, prompt communication with affected clients, and notification of the firm’s malpractice carrier. Review and update the plan regularly.

These safeguards help protect both client funds and professional relationships.

This article is part of OBLIC’s broader series on billing and IOLTA best practices. Whether addressing advance fees, unclaimed funds, credit card processing, or client payment fraud, the principle remains the same: sound financial controls and clear communication protect client property and professional credibility.

Trust is foundational to the legal profession. Preserving it requires verification, preparation, and disciplined practice management.

This information is made available solely for loss prevention purposes, which may include claim prevention techniques designed to minimize the likelihood of incurring a claim for legal malpractice. This information does not establish, report, or create the standard of care for attorneys. The material is not a complete analysis of the topic and should not be construed as providing legal advice. Please conduct your own appropriate legal research in this area. If you have questions about this email’s content and are an OBLIC policyholder, please contact us using the information above.

Read more: OBLIC Article: Three Must-Do Cyber Moves