The Bar of the City of New York Committee on Professional Ethics, Formal Opinion 2015-3: Lawyers Who Fall Victim to Internet Scams (April 2015) provides a helpful analysis of the ethics and risk management issues facing lawyers dealing with emails believed to be fraudulent. The following extracts cover the key guidance of the opinion.
May You Ignore an Email that Appears to be Fraudulent?
As the California State Bar Association Committee on Professional Responsibility and Conduct (“COPRAC”) has noted: “The best approach is to ignore such solicitations altogether.” COPRAC Ethics Alert: Internet Scams Targeting Lawyers (Jan. 2011). An attorney has no ethical obligation to respond to an unsolicited email inquiry from a prospective client. See NYSBA Ethics Op. 833 (2009) (“An attorney is not ethically required to respond to unsolicited letters from incarcerated individuals requesting legal representation.”). If the attorney responds to the email, however, he should be mindful of certain ethical obligations that arise once he engages in those communications.
Confidentiality Issues When Reporting a Suspected Fraudulent Email
(Applicable Kentucky Rules of Professional Conduct (KRPC) 1.6, Confidentiality of Information, and 1.18, Duties to Prospective Client)
An attorney who discovers that he is the target of an Internet-based trust account scam does not have a duty of confidentiality towards the individual attempting to defraud him, and is free to report the individual to law enforcement authorities, because that person does not qualify as a prospective or actual client of the attorney.
However, before concluding that an individual is attempting to defraud the attorney and is not owed the duties [of confidentiality] normally owed to a prospective or actual client, the attorney must exercise reasonable diligence to investigate whether the person is engaged in fraud.
What is Reasonable Diligence When Investigating Suspected Email Fraud?
Applicable KRPC 1.1, Competence)
[A]n attorney who receives an email solicitation from an unknown individual should conduct a reasonable investigation to ascertain that the email sender is a legitimate prospective client. The due diligence may include verifying the accuracy of the information provided by the email sender, such as names, addresses, telephone numbers, website addresses, and referral sources. The attorney should resist the temptation to depart from his customary intake procedures, such as performing conflict checks, verifying the prospective client’s business and financial status, executing a retainer agreement, and obtaining an advance retainer.
Client Trust Account Violations
(Applicable KRPC 1.15, Safekeeping Property, and 1.4, Communication)
[B]ecause Internet-based trust account scams may harm other firm clients, a lawyer who receives a request for representation via the Internet has a duty to conduct a reasonable investigation to ascertain whether the person is a legitimate prospective client before accepting the representation. A lawyer who discovers he has been defrauded in a manner that results in harm to other clients of the law firm, such as the loss of client funds due to an escrow account scam, must promptly notify the harmed clients.