In this article, Adaku Parker, a barrister at Sterling Court Chambers, considers the latest fraud risk of which lenders, borrowers, conveyancers and the general public should be aware.
The new face of fraud
Many of us are familiar with ‘phishing’. This is the means by which fraudsters acquire sensitive information, such as bank account details, by posing as a known or trustworthy entity in an electronic communication. One of the latest pools in which fraudsters have decided to phish, however, is that of the e-mail accounts of real estate conveyancing solicitors.
It seems that this has been a lucrative recent development for cybercriminals because a combination of ignorance of the risks; the general public’s rightful trust in solicitors’ firms and the conveyancing process; the tempting prospect of purchase monies; and a lack of sufficient data security has meant that, just in the last few months, significant property transaction funds have fallen prey to fraud.
Property investors at risk
In what are being described as some of the most worrying scams seen by the Solicitors’ Regulation Authority, fraudsters are hacking into law firm e-mail accounts and intercepting e-mails between solicitors and their clients and between solicitors and their counterparts in conveyancing transactions.
Despite heightened awareness of, and action to combat, money laundering and ID fraud, it is nevertheless commonplace today for entire transactions to take place electronically. Increasingly, ID checks can be carried out via eVerification, which means that sensitive personal data is communicated electronically from the outset. Even where solicitors and clients meet face-to-face initially, the bulk of conveyancing transactions, whether residential or in a commercial real estate context, are conducted almost entirely over e-mail. Initial instructions and seller’s information packs contain personal and financial data for clients; and pre-exchange and pre-completion advice contain solicitors’ bank account details and payment instructions.
In one recent case which hit the headlines, hackers intercepted e-mails between a solicitor and client. Posing as the solicitor, the hacker then sent an e-mail telling the client that the firm’s usual client account was being audited, and so completion monies should be sent to an alternative account (that account being, of course, one of the fraudsters’ own). Very many people receiving such a message from the solicitor with whom they had conducted almost an entire transaction via e-mail would, at that point, simply transfer monies to the new account without question. The client in this particular case was more astute than most might be, and it asked the solicitor for confirmation of their unique client reference to try to ascertain whether the request was genuine. However, the hackers were several steps ahead. Because they had gained access to the solicitor’s whole e-mail account, they had all of the transaction communications to hand and so they sent a reply with the correct details. The client therefore transferred nearly £300,000 to the fraudsters directly.
How to minimise those risks?
What can be done to minimise the risks?
- Clients should be advised of the risks. It will always be in the clients’ interests to avoid fraud and if they are alive to the risks they can help.
- Where possible, meet and speak, rather than always communicating by e-mail. This can be particularly valuable when it comes to undertaking initial ID/anti-money laundering checks and providing or exchanging sensitive personal or financial information, documents and bank account details. Be extremely cautious of giving any sensitive information electronically.
- Parties can be asked to provide, at the outset of a conveyancing transaction, copies of bank statements for the destination accounts into which completion monies will be paid. Dormant or otherwise unusual-looking accounts should be treated with caution.
- Lawyer Checker can be used to verify solicitors’ accounts.
- Buyers and sellers should specifically advise at the outset that they will not be changing their bank account during the transaction or prior to completion.
- Bank account details should be confirmed in person or on the telephone. This should include asking security questions to which only the genuine party or solicitor would know the answer.
- Any instructions that are given to change bank account or payment details should be treated with the utmost caution, investigated thoroughly and ideally confirmed in person.
- Where time allows, corresponding via letters and faxes might be more secure than using e-mail.
- Where electronic communication is essential, encrypted e-mails and password protected portals offer a much greater level of data security.
- All IT and communication devices should be properly protected with adequate security software, which is updated regularly.
- Legal and financial firms dealing in conveyancing transactions should have clear policies and procedures in place for dealing with the risk of fraud. All staff involved with any stage of the conveyancing process should be made aware of the risks and trained on the firm’s policies and safeguards.
- If you do find yourself a victim of this type of fraud you should immediately notify the police. They may be able to recover some of the stolen monies and potentially take action against the fraudsters.
- In addition, you should seek immediate specialist legal advice.
Article Courtesy of: Sterling Court Chambers