Agents beware! Property fraudsters increasingly hacking into emails in both sales and lettings

There is an on-going police investigation into the theft of £309,000 which should have gone to a couple who sold their flat two years ago.

Police believe that Roger and Christine Wilkinson, of Maidenhead, Berkshire, may have been victims of an international crime syndicate.

Police are said to be particularly interested in knowing how the fraudsters even came to be aware that the couple were selling their home.

The police investigation comes as property email frauds rise sharply – with nearly 160 actual losses last year, up from 86 the year before.

In the case of the Wilkinsons, the thieves hacked into the couple’s email account and, posing as the couple, sent emails to their conveyancer – and did so at the very earliest opportunity.

The conveyancer in question was the highly reputable firm of The Partnership, in Guildford, Surrey.

Founder Peter Ambrose told EYE yesterday that his firm had asked the Wilkinsons to fill in a form asking for their signatures and bank details. The form is emailed but designed to be downloaded and posted back.

The form, claims Ambrose, was intercepted by the fraudsters, who returned it complete with a forged signature and their own bank details on it.

After the property was sold, the £309,000 proceeds were transferred into a TSB bank account. The Wilkinsons do not bank with TSB. They later managed to reclaim some, but not all, of the stolen money through insurers.

Ambrose said: “The Partnership was not found guilty of any negligence or dishonesty and we have the greatest sympathy for our clients, who were hacked.

“We never email our own bank details to clients, and stopped doing so two years ago. We also tell clients not to email theirs to us. Nevertheless, they still do so – often.

“Lawyers generally email their bank details to clients the whole time, and clients email theirs to lawyers.

“But I think the real question in all of this is what are the banks doing.”

The case was the subject of a report in yesterday’s Mail under the somewhat exotic headline ‘Estate agent sent my flat deposit cash to Mr Jihad in Istanbul’.

The Mail’s report quoted a second case – this time involving a tenant’s deposit and agents Winkworth.

The £685 deposit, which was being returned to the tenant, was intercepted by hackers, who in fact banked it not in Istanbul but in the UK.

A spokesperson for Winkworth said: “This fraudulent incident involving one of Winkworth’s tenants took place just under a year ago and was taken very seriously. It was reported immediately to both the police and the fraud squad who followed up with an investigation. The tenant’s deposit was refunded in full by Winkworth.”

While this is the first instance we know of where a rental deposit has been intercepted by hackers – normally the fraudsters go for the much larger sums yielded by house sales – letting agents should be aware of the possibility.

As letting agents are the ones actually handling money, you may well want to review your processes.

See also Rob Hailstone’s blog today, just below this story.


Email the story to a friend


  1. Robert May

    ‘hacked’ is probably a little aggressive a word  for what is possible, it conjures up some sort of physical or mental effort on behalf of the criminals. In the course of what has been a fairly traumatic 8 months at the hands of BT we have had an education into the levels of security offered by business broadband, the equipment, the staff and support that comes with it.

    “Gorged” is  probably a better verb;  business broadband is like an unattended pick and mix counter at a supermarket that has narcoleptic security staff.

  2. Skyhorse595

    How, pray, did they forge the Wilkinson signature though? There surely needed to be some checks and balances once the form was emailed back to the conveyancer? If mandates and forms are being ‘actioned’ on the basis of signed forms with flamboyant signatures I’d assume the bank/solicitor had some form of original sample and cross referencing in place. Good old fashioned clerking you might say. But perhaps I’m being old fashioned and naive again, I’m still buying CDs after all.

  3. Ryan Baker

    Was about to happen to my elder brother on his sale of a £340,000 property. The law firm AMT lawyers based in Chorlton quickly sniffed that this wasn’t the account information and got back to my brother saying did he just send an email, which he obviously didn’t ! Those guys saved his £340,000 . This happened last year and his emails were hacked and they very cleverly just edited the bank details in the email rest all was same as the lawyers webpage. They never ask for bank details over emails. They first wrote an email to my brother in which it was posed that it was from the solicitors and then themselves wrote a reply email. Don’t know how they did it but thank god to sharp eye and procedures laid down by them. They’ve earned themselves a place as our family solicitors now


You must be logged in to report this comment!

Comments are closed.

Thank you for signing up to our newsletter, we have sent you an email asking you to confirm your subscription. Additionally if you would like to create a free EYE account which allows you to comment on news stories and manage your email subscriptions please enter a password below.