Home buyers are being warned about a spike in scams which have seen victims defrauded out of hundreds of thousands of pounds.
The Law Society of England and Wales has joined forces with the National Economic Crime Centre (NECC), which is housed within the National Crime Agency, and Action Fraud, to issue flyers warning of the risk of payment diversion fraud.
Criminals are actively targeting property purchases, with the aim of tricking people into transferring over their house deposit and/or the balance of purchase monies to them.
The frauds almost always involve the criminals pretending to be the victim’s lawyer to con them into diverting their payment to an account the crooks control.
“We are urging our members to share these flyers with their clients in order to help protect them from these highly-sophisticated and cruel schemes,” said Law Society president I. Stephanie Boyce.
“These frauds can involve huge sums of money and have a devastating lifelong impact on the home buyer and their personal finances. Solicitors and their clients can all play a part in making such crimes more difficult for the criminals.”
One house buyer was scammed into handing over £640,000. Emails between the buyer and their solicitor had been intercepted by criminals, who were able to collect all the information relating to the house purchase.
They then used a spoofed email account (made to look like that of the solicitor) to request payment. Payment details were provided on headed solicitors paper via the spoofed email, and the amount requested was exactly what the buyer had expected to pay.
The victim was later advised by the genuine solicitor that these payments had not been requested. Most of the money was never recovered, all-but wiping out the victim’s equity and savings, and leading to the collapse of their purchase.
“Buyers should be extremely vigilant if there appears to be any change of payment details, and always double-check by calling their lawyer before they transfer their money, as emails can be intercepted or diverted,” added Stephanie Boyce.
Jon Shilland, fraud threat lead at the NECC, said:
“Payment diversion fraud is increasing and it is vital to be alive to the threat as criminals are targeting home-buyers due to the scale of the transactions.
“Whenever a client is making a payment to their solicitor for a house purchase, they should be highly suspicious of any change in account details or new instructions.
“Remind them to always check with a trusted known contact, and if they have any doubt not to transfer the money.”
This has been happening for years already.
All those responsible for the delivery of conveyancing services know it exists and have known for a long time.
The more depressing question is why hasn’t there been a reasonable public information campaign on it?
One of my clients lost a cool £1m like this (2019) and another a year earlier £140k.
Its irresponsible to request funds from a customer/client without first asking them to transfer £1. Then, confirm receipt.
Such a ridiculously simple request may save a lot of heartache.
My understanding is that the fraudsters ‘sit’ on the firm’s server and hold emails up before they leave. They edit the bank details and then the email leaves the server
The client that lost £1m did say that they noticed the email was ‘misplaced’ in that the placing within their email inbox wasn’t right. The time said ‘x’ but it was out of place in terms of order of emails received.
That it looked and seemed genuine, and was straight off the back of a conversation with their solicitor regarding transfer of funds….meant they simply trusted it.
Transfer £1 first. If you’re requesting funds then request a £1 transfer first. Just to confirm correct details.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Jon Shilland: “Whenever a client is making a payment to their solicitor for a house purchase, they should be highly suspicious of any change in account details or new instructions.”
Not only are emails being intercepted, but scammers are imitating the email addresses of the law firms and telling the client that their (the law firms) bank account details have altered. Some clients then send their money to the wrong account. The majority of law firms have had notices plastered all over their emails and letterheads etc for some time stating that their bank account details will not change throughout the course of the transaction. My understanding is that this action has stopped an awful lot of money getting into the wrong hands. More often than no thought, it is the client’s email that is hacked, and not the law firms.
It would be helpful if estate agents also pointed out that if their buyers or sellers receive an email telling them that their law firms bank account details have changed, it is likely to be incorrect, and is possibly coming from a fraudster after their hard-earned money. Why can’t estate agents also be asked to share the flyers?
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Indeed – it’s the spoofing of email addresses that is the most dangerous and impossible to eradicate 100%.
The only effective solution is to eliminate the client’s expectation of ever getting an email from their lawyer – I reached this conclusion 5 years ago. Seems there’s a bit of catching up to do by the rest of the industry …
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
The link to the flyer doesn’t seem to work – “Page Not Found”
It would be helpful if PIE could correct this
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Sorry – Law Society said the link would be live ‘on Monday’. We have requested clarification of exactly when on Monday.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Many years ago we had a client scammed out of £340,000.
We told people about this – we had a piece in the Daily Mail talking about it.
We started telling all our clients that emails are not safe and should not be used – we stopped using them 5 years ago, and only use a portal.
Reality is that those lawyers that are still using email with their clients ( the VAST majority ) are contributing to the problem and they need to stop and use a secure portal instead – there are a few around.
And secure emails don’t work – one client received a spoofed email and nearly lost £600,000 – the only way is to remove the expectation from clients that they will hear from their lawyer by email.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
You’re right Peter – and it looks like we need to keep training and training on this point (even when we think it must be “old hat”!)
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Hi Peter,
Are you able to let us know which portal you use, or which ones you considered.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Hi Bosky – more than happy to talk ! Please email me directly on pambrose@thepartnershiplimited.com
Peter
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Rcently completed a purchase by email with solicitors in Burnham-on-Sea. Paid my solicitors a small amount £5 and waited for confirmation before transferring the rest. They have adapted well to online working since lockdown started and it is so much faster than snail mail.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
If a hacker wants to get into your system, they will. No two ways. Don’t be naive. They are seriously clever and well funded. Encrypted is simply naive.
Instead, quite simply –
Don’t send bank details or ever react to being sent bank details….by email. EVER.
Hackers intercept emails from the client. Their systems are never good. It’s the key words (dark web hackers) they monitor for out on the internet – why it is called phishing – and their hacking system buzz when someone uses say ‘bank details’ and ‘conveyancing’
Yet, some of you reading this now, will still send your bank details by email – TA13 replies for instance, or in their contract when they send that electronically. Madness!
Our opening letter to all clients warns not to. And then throughout a purchase.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Just to.clarify – phishing is where a user is sent a speculative email with the intention of eliciting personal data, either through social engineering or convincing people to click on a link to collect more data or deliver a bot on the host machine, such as keylogging.
Good systems typically ARE secure, but are compromised by phishing attacks.
Giving clients the expectation that they could receive an email is poor practice.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
Best not to google definitions as some sort of reassurance.
Reliance on encrypted emails will simply catch you out and push everyones PII through the roof.
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register
“Better to remain silent and be thought a fool than to speak and to remove all doubt.”.
Now that one I DID Google !! 🙂
You must be logged in to like or dislike this comments.
Click to login
Don't have an account? Click here to register