Home > Business > Builders And Solicitors Are Hacked Off – But We Can All Be Victims Of Cybercrime And Phishing Fraud

Builders And Solicitors Are Hacked Off – But We Can All Be Victims Of Cybercrime And Phishing Fraud

3 April 2018

In the past couple of months we have had four enquiries relating to online or phishing fraud. In the 5 years before that we had none. This is a worrying trend. Three cases involved builders and one a solicitor at Mayflower conveyancing.

In each case someone has been tricked by the fraudster into sending a large payment to a fraudster’s bank account. The trick may well depend on an initial phishing fraud or other breach of online security.

The builder cases

The fraud works this way; At some point the fraudster has obtained access to the email of the builder and/or customer. The fraudster can then monitor correspondence looking for large payment requests. When the builder sends his invoice to the customer for £20,000, the fraudster can see that a large sum is due to the builder. At that point the fraudster sends an email from the builder’s email account or an email account that looks like it has come from the builder. The fraudulent email informs the customer that the builder’s account details have changed and gives the fraudster’s account details. Assuming that this email is from the builder the customer pays the money to the fraudster’s account.

The result is that the customer has not paid the builder and may have to pay twice. If they refuse, the builder will be faced with expensive and risky litigation to recover the payment.

Solicitors

Fraudsters target high value transactions because they carry the prospect of higher rewards where the fraud is successful. Solicitors deal with high value transactions every day and so it is no surprise that solicitors themselves can be the target of fraudsters. We have dealt with situations targeting conveyancers dealing with property sales and purchases. In one example fraudsters obtained access to the solicitors’ emails and waited for a point where the solicitor asked the client, by email, for their account details. The solicitor needed to send their client the proceeds following the sale of a property. The proceeds were over £300,000. The fraudster intercepted the email and replied, also via email, with their bank account details. The fraudster’s email looked as though it had been sent by the client, but it hadn’t. The client had never seen the email. The client didn’t receive the proceeds of sale and by the time the client became aware of the problem, the monies had all been removed from the fraudster’s bank account.

The result is that the client did not receive the proceeds of sale of their property and they are now seeking recovery of the proceeds and their costs from their conveyancers.  

Recommendation

You should look at your cyber security and devise tight procedures for ensuring the customer or solicitors have the right account details from the outset and that they know your account will not change.

Details should not be sent via emails and should also be sent via post. Account details should also be verified over the telephone and where you have not dealt with the client or firm previously you might consider sending (or requesting) smaller sums initially, so that the recipient can be asked to acknowledge receipt offline before larger sums are transferred. This all ensures correct details are in hand.

Always draw the customer’s attention to this potential risk from the outset in your quotes and correspondence and make clear throughout that your account details will not change. Consider sending any invoices or account details by post to the customer’s known address instead of by email. Consult with your bank about additional payment security.

If you become aware of any irregularities whatsoever act quickly. In the solicitor example above, in error the conveyancer thought they might be able to resolve the problem with the bank directly. This led to further delay. Precious time was lost and by the time the client became aware of the issue, the monies had already been removed from the fraudster’s account. In some case you may be able to freeze the money and/or seek information from the banks by way of an emergency court order. We act for people in these situations under variety of different fee arrangements. Initially we are always happy to give free diagnostic advice so please contact us if you think any of the above might apply to you

Posted by:

Alex Cook
Solicitor

Request a Call Back

People frequently tell us that we’re approachable and offer great advice.

They also tell us most solicitors are hard to get hold of whereas we’re happy to listen. The reason for this is that we value long term relationships and we’re happy to speak with business people, to invest our time in understanding your business and whatever your concerns are. Only at that point can we understand whether we’re the right people to help you.

Related Blogs:

What Happens to Directors When a Company Is Struck Off?
A company can be struck off the register of companies (in England and Wales; Companies House) for a number of reasons. These ...
18 April, 2024
Read More
What Are Restrictive Covenants?
The inclusion of restrictive covenants in commercial, employment, and property contracts or agreements is increasingly commo ...
22 March, 2024
Read More
How To Fill Out Your Directions Questionnaire: A Basic Guide
Updated: 14 March 2024 Are you stuck filling out the form? Do you need clarification about Forms N180 and N181? Simple mistak ...
14 March, 2024
Read More