Last week the ABA Journal reported on a new hacker scheme that targets lawyers’ confidential client emails. It’s a new type of fraud aimed at lawyers where the hackers intercept emails between real estate attorneys and their clients and then use the information obtained from the emails to steal closing funds.
According to the article, once the hackers intercept an email, the fraudulent plot is then underway:
Hackers use the information they steal for so-called spear phishing—mimicking the real email addresses of buyers, sellers, counsel and real estate companies, they send email directing those involved in real estate closings to transmit funds to bank accounts controlled by the hackers.
In other words, the hackers take advantage of the fact that email is inherently unsecure and unencrypted. Because emails are akin to sending postcards written in pencil through the post office, it’s incredibly easy for those who have the know how–such as the hackers described above–to intercept emails and read them.
Since lawyers often share confidential information with their clients via email, this knowledge is particularly disturbing. As it stands, communicating with clients using email remains ethical, since email communication received the green light from most bar associations in the late 1990s. This was because email was becoming a widely used business tool and more secure methods of communication were unavailable at the time.
But, as we all know, times have changed. There are more secure alternatives for client communication, something bar associations have recently begun to acknowledge. In fact some have issued opinions requiring lawyers to balance the sensitivity of the information being discussed with the security offered by the specific technology being used. (See, for example, ABA Formal Opinion 11-459  and Texas Ethics Opinion 648).
The Texas Opinion was issued in April 2015 and at issue is whether lawyers can share communicate confidential information using email. The Committee concluded that “considering the present state of technology and email usage, a lawyer may generally communicate confidential information by email. Some circumstances, may, however, cause a lawyer to have a duty to advise a client regarding risks incident to the sending or receiving of emails arising from those circumstances and to consider whether it is prudent to use encrypted email or another form of communication.”
The Committee then listed six different situations where lawyers might consider a more secure communication method than email, including when: 1) communicating highly sensitive or confidential information via email or unencrypted email connections, 2) sending an email to or from an account that the email sender or recipient shares with others, 3) sending an email to a client when it is possible that a third person (such as a spouse in a divorce case) knows the password to the email account, or to an individual client at that client’s work email account, especially if the email relates to a client’s employment dispute with his employer 4) sending an email from a public computer or a borrowed computer or where the lawyer knows that the emails may be read on a public or borrowed computer or on an unsecure network, 5) sending an email if the lawyer knows that the recipient may access it on devices that are potentially accessible to third persons or are not protected by a password, or 6) sending an email if the lawyer is concerned that the NSA or other law enforcement agency may read the email, with or without a warrant.
For many lawyers, most email communications sent to clients will fall under one of the above categories. That’s why, whether it’s due to ethical issues or the rising threat of hackers, unencrypted email is becoming an increasingly undesirable option for client communications. The good news is that there are better, more secure methods available for discussing confidential matters with clients.
Web-based client portals are one of the most popular alternatives to email because they allow lawyers to securely share case-related information with their clients, all in one convenient location. The cumbersome back and forth process of unsecure, threaded emails is avoided and is instead replaced by the ability to securely communicate in an encrypted, controlled online environment.
That’s why, according to last year’s ABA Legal Technology Survey Report, the number of lawyers communicating and collaborating with clients online increased every year from 9% in 2011 to 19% in 2012, 32% in 2013, and 33% in 2014.
Online communication portals are increasing in use because they provide lawyers with a more secure way to communicate. While no technology is 100% secure, online portals are far more secure than unencrypted email and are a great way to thwart the threat of hackers–like the ones described above.
To learn more about lawyers, email, and encrypted communications, make sure to check out this infographic. It contains lots of really interesting and thought provoking statistics about how lawyers communicate with their clients.