Builders And Solicitors Are Hacked Off – But We Can All Be Victims Of Cybercrime And Phishing Fraud
In the past couple of months we have had four enquiries relating to online or phishing fraud. In the 5 years before that we had none. This is a worrying trend. Three cases involved builders and one a solicitor at Mayflower conveyancing.
In each case someone has been tricked by the fraudster into sending a large payment to a fraudster’s bank account. The trick may well depend on an initial phishing fraud or other breach of online security.
The builder cases
The fraud works this way; At some point the fraudster has obtained access to the email of the builder and/or customer. The fraudster can then monitor correspondence looking for large payment requests. When the builder sends his invoice to the customer for £20,000, the fraudster can see that a large sum is due to the builder. At that point the fraudster sends an email from the builder’s email account or an email account that looks like it has come from the builder. The fraudulent email informs the customer that the builder’s account details have changed and gives the fraudster’s account details. Assuming that this email is from the builder the customer pays the money to the fraudster’s account.
The result is that the customer has not paid the builder and may have to pay twice. If they refuse, the builder will be faced with expensive and risky litigation to recover the payment.
Fraudsters target high value transactions because they carry the prospect of higher rewards where the fraud is successful. Solicitors deal with high value transactions every day and so it is no surprise that solicitors themselves can be the target of fraudsters. We have dealt with situations targeting conveyancers dealing with property sales and purchases. In one example fraudsters obtained access to the solicitors’ emails and waited for a point where the solicitor asked the client, by email, for their account details. The solicitor needed to send their client the proceeds following the sale of a property. The proceeds were over £300,000. The fraudster intercepted the email and replied, also via email, with their bank account details. The fraudster’s email looked as though it had been sent by the client, but it hadn’t. The client had never seen the email. The client didn’t receive the proceeds of sale and by the time the client became aware of the problem, the monies had all been removed from the fraudster’s bank account.
The result is that the client did not receive the proceeds of sale of their property and they are now seeking recovery of the proceeds and their costs from their conveyancers.
You should look at your cyber security and devise tight procedures for ensuring the customer or solicitors have the right account details from the outset and that they know your account will not change.
Details should not be sent via emails and should also be sent via post. Account details should also be verified over the telephone and where you have not dealt with the client or firm previously you might consider sending (or requesting) smaller sums initially, so that the recipient can be asked to acknowledge receipt offline before larger sums are transferred. This all ensures correct details are in hand.
Always draw the customer’s attention to this potential risk from the outset in your quotes and correspondence and make clear throughout that your account details will not change. Consider sending any invoices or account details by post to the customer’s known address instead of by email. Consult with your bank about additional payment security.
If you become aware of any irregularities whatsoever act quickly. In the solicitor example above, in error the conveyancer thought they might be able to resolve the problem with the bank directly. This led to further delay. Precious time was lost and by the time the client became aware of the issue, the monies had already been removed from the fraudster’s account. In some case you may be able to freeze the money and/or seek information from the banks by way of an emergency court order. We act for people in these situations under variety of different fee arrangements. Initially we are always happy to give free diagnostic advice so please contact us if you think any of the above might apply to you