Criminals are actively targeting conveyancing purchases to trick you into transferring your house deposit and/or the balance of purchase monies to them. In today's digital day and age, you may think this is impossible; however, these schemes can be highly sophisticated, and almost always involve the criminals pretending to be your lawyer in order to con you into sending your payment to an account they control.
In June 2024, Lloyds Bank Plc reported:
- Conveyancing scams increased 29% in 2023.
- Victims losing £47,000 on average, but for some it’s more than £250,000.
- Around 45% of victims aged 39 or under, so first-time buyers may be at particular risk.
Source: Lloyds Bank Plc
For clients who believe they can rely on their solicitor, this can raise the question of how you can be 100% sure when sending money. The good news is that the only way for fraudsters to win is if you do not stop it vigilantly. This article will explain how to spot Payment Diversion Fraud, how to make bank transfers to your solicitor, and what to do if you suspect fraud.
What is Payment Diversion Fraud?
Payment Diversion Fraud is where a fraudster targets and impersonates your solicitor. The fraudster will first look to obtain the personal information relating to your transaction. They'll do this by:
- Hacking your email
- Hacking your solicitor's email
- Hacking your estate agent or broker's email
The criminal will then be aware you are buying a property through the email you send, and this would include the address, purchase price and other related details. With this information, the criminal impersonates your solicitor by:
- Email from an Incorrect Email.
Case study: Victim of conveyancing fraud loses £640,000
A client was scammed into handing over £640,000 during a conveyancing purchase. This happened because criminals had intercepted emails between the client and their solicitor. As a result, the criminals collected all of the information relating to the client's house purchase.
The criminals then used a spoofed email account (made to look like that of the solicitor) to request payment. Payment details were provided on headed solicitors’ paper via the spoofed email, and the amount requested was precisely what the house-buyer had expected to pay. The genuine solicitor later advised the victim that these payments had not been requested. Most of the money was never recovered, all but wiping out the victim’s equity and savings, leading to the collapse of their purchase. The fraud had a devastating lifelong impact on the house-buyer and their finances.
Source: The Law Society
A woman lost almost £80,000 in a conveyancing scam when fraudsters diverted her completion monies to their own account.
Some weeks before, the
Law Society of Northern Ireland warned conveyancing firms in the province that hackers were making attacks on their IT systems. It advised the firms to review their email and internet security software and procedures.
Amanda Jackson of County Down received an authentic email from her solicitors with the bank details for the transfer of £76,959 to complete her house purchase. She then received a subsequent email which appeared to be from the same solicitors, advising that the previous bank details were incorrect, and giving alternative account details.
Ms Jackson went to her bank personally to instruct the transfer of money, sensing that something was not right. Some days later she was contacted by her solicitors saying they had still not received the money, and she then realised that she had been duped by felons using a vicious conveyancing scam. The money has not yet been recovered and the Police Service of Northern Ireland are continuing to investigate the matter.
How do fraudsters gain access to a firm's email communications?
Cyber attacks are increasing in sophistication and the exact method used to carry out this crime is still a matter of debate. One expert in cyber attacks on business, speaking in press reports about the crime, said that it was likely that fraudsters had targeted the firm involved "for weeks" and had either full access to the firm's mail server or one of the computers in the their office via, for example, the opening of a fake attachment.
The potential for being hacked like this is high and it is now every solicitors' firms responsibility to make sure that they take every form of precautionary measure to protect themselves from 'online attack' to both protect themselves and their clients. The reality however is that because an online attack cannot be seen, the threat is felt to be less real. Ignoring the threat leaves the conveyancing practice exposed to claims. On online attack should be viewed as real an attack as someone breaking in the front door; you should not only check the front door is locked at night, but also ensure your online systems are equally protected and safe.
Which payments are at greatest risk?
The conveyancing process is a prime target for this kind of conveyancing scam with such large sums of money being transferred from clients, mortgage lenders and solicitors. The greatest areas for risk will be when the client sends in their completion monies on a purchase (deposit and balance to complete) and the release of the sale proceeds.
Update: 9 October 2018 - Potential conveyancing scam through email impersonation (law firm's email client hacked)
We've received an actual email which resulted from a scammer hacking into the conveyancing firm's email systems. Printed below, what is particularly worrying is the growing level of sophistication in terms of the addresses and standard of English (although a trained eye might still have suspicions).
The message is clear: if you're not expecting an email from your solicitor you should always be suspicious and you should never follow a direction to pay over money to a different account or using a different method before you've actually spoken to your solicitor by telephone.
We've removed any identifying information from the following email; however please accept on trust that the 'from' address was the actual solicitor's email address and the 'reply-to' address was a close variant:
From:solicitor@solicitorfirm.com
Date: 8 October
To:
Subject: [actual correct conveyancing address of the client that the email was sent to]
Reply-To: solicitorsolicitorfirm@send.com
I confirm that the Property that you are purchasing has got good and marketable title and there are no adverse conditions affecting it.
You are required to make payment of outstanding funds of purchase price for completion to occur, what date do you intend to make payment, do you have funds in place ? what date is suitable for completion to take place, i will advise completion should take place before the end of next business week, let me know so i can forward [solicitor firm's name] client care account for receiving funds.
I look forward to hearing from you in due course.
Regards
[actual solicitor's name in the case]
What can I do to guard myself against this type of fraud?
Andrew Boast, Co-founder of SAM Conveyancing, advised:
"You should never make a transfer of funds if you receive an unusual email or phone call informing you that your solicitor's banking details have changed. You should always double check directly with your solicitor by phone before making any money transfer to your solicitors. A verbal confirmation of the sort code and account number will rule out the chances of a 3rd party replacing the correct bank details with fraudulent details. This is something we tell all our clients.
"From the conveyancing solicitors' perspective, they should put in place vigilant systems to protect their clients and have regular meetings with their staff to inform them of the potential risks. Regular training, password changes, strict internal admin rights to the company servers limited to key members of staff and a designated manager responsible for protecting against cyber attack, will aid in reducing the threat of cyber attack."
