Skip to main content




Law Society issues call for caution after 'alarming' scams targeting law firm clients

Law Society issues call for caution after 'alarming' scams targeting law firm clients

A screengrab from Google Street View of The Law Society of Singapore.

SINGAPORE: The Law Society of Singapore (LawSoc) held an unprecedented press conference on Friday (May 24) urging the public to be cautious following an "alarming" series of scams in April, with one victim cheated out of a "significant" amount of money. 

The scammers targeted clients of law firms. They would email the clients who were buyers in property transactions and, posing as their solicitor, request fund transfers. 

It is not known if the two cases were linked and whether they were "local fraudsters" or based overseas, LawSoc president Gregory Vijayendran told reporters on Friday. 

In the first case, the solicitor managed to stop the scam before the funds were transferred. The amount in the second case was "significant", but was not revealed due to issues of liability and confidentiality. 

Both cases involved transactions for conveyancing, which refers to the transferring of a legal title in a property from one person to another. 

The scammers targeted such transactions probably because "it's where the money flow is" and is "low-hanging fruit", said LawSoc vice-president M Rajaram. 

"Other types of scams involving law firms, such as corporate deals, have their own checks and balances," he said. "(In) conveyancing, they are normally first-time buyers, elderly buyers, people who are not so sophisticated, so I guess the scammers look at this as low-hanging fruit and they go for this more than any other thing." 


The modus operandi in the two cases, which occurred within weeks of each other in April, was similar, said LawSoc.

In the first case, after a temporary occupation permit was issued, the solicitor sent the client a letter asking for payment of S$300,000, which was 25 per cent of the purchase price.

The lawyer then posted a hard copy letter to the client and sent the client an e-mail. 

The client received the letter but not the email, as a scammer had hacked into her email account and intercepted it. The client posted a cheque with the payment to the solicitor and sent an e-mail requesting for the solicitor to acknowledge receipt, but the solicitor did not get this email either, as the scammer had intercepted the client's incoming and outgoing emails.

The scammer then began sending the client emails, posing as the solicitor by using a slightly altered version of the original email address, saying that the payment had to be by telegraphic transfer to a bank account instead of by cheque.

The client called her lawyer at least twice to ask why he had asked her to pay via telegraphic transfer, and the solicitor told her clearly that he had not sent her any such email.

However, she felt pressured by the scammer's email reminders and transferred the money to the bank account provided.

She then sent the solicitor a WhatsApp message with a photo of the funds transfer form and emailed him a scanned copy of the form, which the scammer did not intercept.

When the solicitor saw payment details on the funds transfer form, he immediately called his client to tell her to stop payment immediately, which was possible as her bank had not yet effected the payment.  

In the second case, the scammer purchased a domain name very similar to the actual law firm's and hacked into the client's email account.

Posing as the genuine solicitor, the scammer sent an email to the client saying the mode of payment had been changed from a cashier's order to a bank transfer and asked the client to transfer funds to a Bank of China account in Hong Kong.

The changes in the email addresses and domain names were as minute as a hyphen or full stop. For example, instead of "lawyer [at]", the scammer used "lawyer [at]".

In this case, the scammer also copied the lawyer's secretary in the email with a similarly altered email address.

This case was more sophisticated, said Mr Vijayendran, as the scammer had tampered with the law firm's letters by cutting and pasting onto them, and altering details.


Both the law firm and client in the second case have made police reports and investigations are ongoing. LawSoc is not aware of any other similar cases at the moment.

Mr Vijayendran said the scammers in these cases had "a canny awareness" of the transactions, including the timeline of payments, but said there was nothing to show that "this was an inside job".

The lawyers' email accounts were not compromised in these two cases, and he commended the law firms for flagging the cases.

The scams happened over the course of just a month, which is why LawSoc has "made the unprecedented step of calling for a press conference", said Mr Vijayendran. "We were alarmed when we saw two transactions within a matter of weeks." 

"The message out there is to be vigilant, to look at the senders, the emails, perhaps confirm with a phone call or some other means," said Mr Rajaram.

In the aftermath of the SingHealth cyber attack, LawSoc issued an advisory to all Singapore law practices and LawSoc members on procedures and practices they could adopt to safeguard against cyberattacks.

These include verification of a sender's identity if a suspicious email is received, by calling the person or checking their return or actual email address.

LawSoc will be publishing cyber security guidelines for the legal profession later this year, said Mr Vijayendran.

After the two recent scams, LawSoc advised its members to take specific precautions in a four-fold advisory. These include advising clients to verify with the law firms before effecting payments requested via email and to clearly inform clients who are not IT-savvy about payment instructions.

"The Law Society advises clients of law practices to exercise caution when dealing with repeated emails sent purportedly from the law practice requesting them to effect funds transfer or payment by whatever mode," said LawSoc. "They should contact their IT providers to assess whether their email accounts have been compromised in any way."

Source: CNA/ll(hs)


Also worth reading