The scale and sophistication of internet conveyancing fraud in the UK has been highlighted with the recent case of fraudsters who hacked into clients’ accounts to divert funds intended for their solicitor. Five men were sentenced at Southwark Crown Court for their part in a £10m ‘payment diversion fraud’ scheme. Officers based in the Met Police’s specialist crime team identified 235 separate frauds committed from 2014 to 2019. The gang used Malware to steal log-in details of email accounts of businesses and private individuals worldwide. They would monitor the chosen email accounts for high-value financial transactions, then intercept conversations and send spoof emails so that victims were duped into paying funds into one of 100 UK-based ‘mule’ bank accounts controlled by the fraudsters. The Met Police confirmed that victims included property buyers who thought they were paying money to their conveyancing solicitor. Detective Constable Chris Collins, said: ‘This has been a long trial due to the defendants’ refusal to accept their guilt despite overwhelming evidence. A common feature in this case was the use of mule bank accounts. I advise anyone conducting financial business by email to verify the bank account they are sending their money to by contacting the intended recipient by means other than email.’
The Solicitors Regulation Authority has identified email modification fraud – where criminals intercept and falsify emails between a client and their firm – as one of the most common types of cyber crime affecting the profession. In its risk outlook for 2019/20, the SRA said it may be better for firms to ask ‘when, not if’ they will be targeted by online criminals. In the first nine months of 2019, law firms reported a loss of around £4m of client money to online fraud which in turn means clients have lost house deposits, inheritance funds and life savings.
Firms are advised to replace and update systems regularly, use antivirus software ensure systems have appropriate firewalls. They should use two-factor authentication for email and log-ins where possible and make sure staff avoid predictable passwords. The Government backed Cyber Essentials scheme is one-way firms can help to guard against the most common cyber threats and demonstrate commitment to cyber security. Firms should have Cyber Essentials accreditation as a minimum to ensure up-to-date cyber defences. Redbrick Solutions is working towards Cyber Essentials Plus accreditation and Redbrick Solutions use the very latest technology to make the conveyancing process as efficient and secure as possible. We take a serious stance on fraud in order to offer as much protection to our clients as possible. Our document sharing portal has the highest level of security available using two-part authentication. This enables you to share sensitive data, such as bank details, with your client whilst removing the risk of email interception and fraud. Redbrick Solutions also provide full identity checks. All of our AML/ID checks are fully compliant with the FCA, HMRC and SRA. You can also choose to accept proof of ID electronically via our secure portal and make use of electronic signatures.