Email hacking and cybercrime in conveyancing transactions: Now is the time to become more vigilant

You will probably by now have heard about a type of “cybercrime” that is on the increase and which targets the significant sums of money often being transferred in the course of conveyancing transactions.

A recently highlighted case, reported in the Guardian, centred around a charity worker who has been the unfortunate victim of this very modern type of crime. The victim was purchasing a property and, as is usual in such a transaction, he needed to transfer funds to his solicitor in order to complete the purchase of the property.

Much of the communication between him and his solicitor was dealt with by email. Over the past few years, the volume of email correspondence between law firms and their clients has increased greatly, partly due to its low cost and partly due to its speed and convenience. It is the increasing use of, and reliance on, emails that has presented a new opportunity to criminals.

An exchange of correspondence over time does often help in the building of a relationship of trust between solicitor and client, and a degree of familiarity.

This inherent relationship of trust between client and solicitor and the apparent ease with which communications can fly back and forth by email is now precisely what criminals are targeting. Fraudsters have long been able to gain access to a person’s email account by “hacking” it, often in order to try to seize valuable or confidential and private information. Unfortunately, these fraudsters have realised that if they can hack email accounts of people involved in a conveyancing transaction, they might be able to intercept emails and enter the stream of correspondence by impersonating one of the parties. In other words, they are hijacking the email exchanges.

In the case of the charity worker, the fraudsters managed to enter the email exchanges, pretending to be the solicitor. They sent emails to the victim requesting that he transfer the required funds to other accounts (not to the solicitor’s genuine client account where the victim had previously transferred some of the funds). The victim duly obliged, unwittingly sending funds to accounts held by the fraudsters.

There have been other cases where a fraudster will enter an email exchange and pretend to be the actual client in a sale transaction, in order to trick the solicitor into sending sale proceeds to the fraudster rather than to the genuine selling client. As a result of these reported cases, many solicitors will now contact their clients by telephone to verbally confirm bank account details that they have already been given in writing, before then sending sale proceeds to their clients. We do this as a matter of standard practice and would hope that most, if not all, other firms do likewise.

It does now appear though that fraudsters have realised that solicitors are taking precautions to reduce the risk that they send funds to fraudsters, so the fraudsters are now targeting the clients themselves. The method is the same though – simply hacking email accounts and taking part in the communications, posing as solicitor rather than client. The emails will often appear to be genuine, though there might be subtle be changes in formatting or in the language used.

In order to reduce the risk of falling victim to this new type of crime, clients of any law firms should be as vigilant as possible and, if anything ever feels wrong, assume that it is. Solicitors do not often change client account details and would not usually operate more than one account. Therefore, if you are ever asked to send funds to a different account from one that you have already used, or are asked to split payments between different accounts, do not do so. Telephone your solicitors (using a known number or one obtained from the firm’s website or a telephone directory, but not from an email as that may have been altered), or go to see them if they are nearby, and verify the account details directly with the solicitor that you have been dealing with, or with a partner in the firm.

Another recent matter I have been made aware of (though it has not as yet been formally reported in the press) involves fraudsters hijacking a mortgage broker’s email account and requesting that a purchasing client sends them funds to enable a transaction to proceed more quickly.

If you are asked to transfer funds to mortgage brokers, or indeed to any party other than your solicitor, do not do so until you have verified the reason for this with your solicitor by telephone. In the course of a standard conveyancing transaction, you should not need to transfer any of the purchase funds (including stamp duty and other conveyancing disbursements) to anyone other than the solicitor.

Email is an amazing tool – fast, free, efficient and generally convenient. However, it is not always secure and therefore vital information (including bank account details and instructions on when and where to send money) should not be circulated by this method unless high levels of data encryption and/or password protection are used. One cannot help but feel for the victims who lose significant sums of money (possibly life changing sums) and we would urge you to be far more vigilant, and stay so, in order to reduce the risk of it happening to you.

This article was written by Lawrence Stolworthy. For more information, please get in contact with Lawrence on +44 (0)1483 252512  or via lawrence.stolworthy@crsblaw.com.