Risk Management Column - Over payment/incorrect payment scam alert
A long-running scam appears to have resurfaced. Communication in respect of the scam was recently distributed by the Legal Practice Council (the LPC) and the Law Society of South Africa (the LSSA) – a copy of the alert can be accessed at https:// lpc.org.za/warning-against-fraudstatement/.
Put briefly, the modus operandi of the scam is that a person purporting to be from the Legal Practitioners’ Fidelity Fund (the Fidelity Fund) contacts the legal practice claiming that an amount of money has been paid to the firm. The caller will claim that the amount paid is in respect of a refund for trust account audit fees and/or trust account bank charges and that an overpayment or an incorrect payment has been made to the firm. The phone call may be followed up with an email or fax purporting to be from the Fidelity Fund – a cursory examination of the ‘letterhead’ used will show that the details (address, phone number, logo and email addresses) are not those of the Fidelity Fund. The type of language used and the numerous typographical errors in the emails or faxes sent by the scammers should also raise a red flag for recipients of the communication.
The caller will inform the firm that the amount was paid in error or that there was an ‘overpayment’ and that a refund should be made into a fraudulent bank account nominated by the caller. In order to induce the firm to act on the misrepresentation, the caller may add that the firm may retain a random portion of the purported payment. In many instances, a fraudulent cheque would have been deposited into the firm’s bank account and the caller will put pressure on the firm to make the payment into the fraudulent bank account as soon as possible – the aim is to get the firm to make the payment into the fraudulent account before the discovery is made that the ‘deposit’ was in fact a cheque that will not be honoured by the bank. In the event that the firm acts on this instruction to pay, it will be out of pocket for the amount paid to the scammers.
As set out in the communication from the LPC, firms should be aware of a few basic points in order to avoid falling victim to the scam. These include that:
- The Fidelity Fund will never contact practitioners by telephone for refunds or use a private email address alleging an overpayment or payment made in error. Payments will also not be made by cheque (the scam artists will give the impression that the ‘payment’ was made by electronic funds transfer (EFT) and may even send a fraudulent, manipulated document which purports to be a ‘proof of payment’). Be aware of emails sent from Gmail, Yahoo and other similar email addresses purporting to be official communication.
- No ‘refund’ should be made without first verifying the validity of the amount and the ownership of the account into which the funds are to be deposited.
- All staff, and especially those dealing with finance, should be informed and educated about such scams.
- The scammers are very persistent and will be in a hurry to get you to pay the money out immediately knowing that the fraudulent cheque will not be honoured and will be returned marked ‘referred to drawer’. In other instances, the scammers may adopt a very friendly and apologetic attitude in order to gain the confidence and sympathy of the person they are dealing with in the firm
- The Fidelity Fund will not pay trust bank charges/audit fee refunds into the practitioner’s trust account but into the practitioner’s business account – ask yourself, if the Fidelity Fund were to purportedly pay funds into your trust account, does it become a trust account creditor?
- The amounts of the purported payments bear no relation to the actual refund (if such refund is due to the firm) or the audit fee/trust account banking charge payment cycle.
- The Fidelity Fund should always be contacted directly using the correct contact details (available on the website www.fidfund.co.za) to confirm to confirm the authenticity of any communication asking for payment and to report any suspicious behavior. The telephone numbers for the Fidelity Fund are (021) 424 5351 or (012) 622 3900.
- Before making any payment (whether the Fidelity Fund or any other party) practitioners must verify the account details as prescribed in Rule 54.13.
We can also add that payments (even legitimate payments) should never be made unless and until there is confirmation from your bank that the funds have indeed cleared in your account and the manner in which the deposit has been made (EFT, cheque or cash) accords with what is claimed by the depositor. Questions should also be asked why the purported depositor will offer that the firm can retain part of the funds to which the firm was not entitled in the first place – there would be no legal basis for the firm to retain any of the funds if the payment had indeed been made in error. The ‘fee’ offered by the scammers is as a means (a sweetener) to induce the firm to fall for the scam when no such fee is due as the firm has not rendered any legal services in this instance and thus not entitled to any fee.
Practitioners must also keep as much detail as possible of their interaction and communication with the scammers. If possible, the phone calls should be recorded. An information and technology expert may be able to assist you in tracing the email accounts used and will also be able to advise you on how best to preserve evidence that can be used in later court proceedings. Please also report this (and all other scams) to your bank and the South African Police Services (the SAPS).
The Legal Practitioners’ Indemnity Insurance Fund NPC (the LPIIF) will not indemnify firms that suffer losses as a result of falling victim to the scam. This loss will be a trading debt (clauses XXVII and 16 (a) of the Master Policy) and not a loss arising from professional legal liability to pay compensation to a third party (clauses 1 and 16). Losses arising from cybercrime are also not covered by the LPIIF policy (see clauses IX and 16 (o)). Firms must implement appropriate internal measures to mitigate against this and other scams. Educating staff on the modus operandi and prevalence of scams is an important and effective risk mitigation measure. The purchase of appropriate insurance cover (a commercial crime policy, misappropriation of trust fund cover and fidelity guarantee cover (the latter will apply in cases business account is the target of the scam), for example) is a risk transfer option that the firm can also consider.
In the event that the firm falls victim to the scam, resulting in a shortfall in the trust account, there is a responsibility on the practice to notify the LPC as prescribed in the rules issued in terms of the Legal Practice Act 28 of 2014 (the Act). The relevant rules provide that:
Trust moneys not to be less than trust balances
54.14.8 A firm shall ensure that the total amount of money in its trust banking account, trust investment account and trust cash at any date shall not be less than the total amount of the credit balances of the trust creditors shown in its accounting records.
Trust accounts not to be in debit
54.14.9 A firm shall ensure that no account of any trust creditor is in debit.
Reports to Council of non-compliance
54.14.10 A firm shall immediately report in writing to the [Legal Practice] Council should the total amount of money in its trust bank accounts and money held as trust cash be less than the total amount of credit balances of the trust creditors shown in its accounting records, together with a written explanation of the reason for the debit and proof of rectification. 54.14.11 A firm shall immediately report in writing to the Council should an account of any trust creditor be in debit, together with a written explanation of the reason for the debit and proof of rectification.
Vigilance at all times and the implementation of a risk management culture will assist firms in avoiding this and other scams.
Telephone: (012) 622 3928