We take the security of our clients seriously, so when we are advised of risks by other responsible parties such as banks and mortgage lenders, we try to pass the advice on.
The advice below has kindly been issued by Santander, but it applies equally across the conveyancing sector.
Fraudsters are currently hacking into email chains between a house buyer or seller and their solicitors. The fraudster monitors the communications using malware that looks for key words like house purchase, deposit, buy and payment – and then they make their move.
They hack into the email account and contact the client disguised as the solicitor’s company they have been liaising with.
The fraudsters tell the client by email that the solicitor’s bank account details have changed or they amend the account number before the client gets it.
The fraudsters give the details of the ‘new’ account for the deposit to be sent.
Unknowingly, the client transfers their money to the ‘new’ false account.
The false account is owned by the fraudster, leaving the solicitor or client at a substantial financial loss. Unfortunately in these circumstances, the bank can’t recover the funds because they are authorised by the client to be sent to a particular account.
We follow the advice given by the banks in terms of safeguards, so we:
- Our client account details are not scheduled to change and the details are published on our care pack documents at the very start of the transaction. The details can be checked electronically by other solicitors.
- In general we do not change account details for when we are sending money out to clients. We only use the details provided at the outset.
Buyers/sellers protection advice
- Don’t feel pressured into changing any bank details. If you receive an email stating a change in the bank details, you should ring us on a previously used telephone number. Remember no change is scheduled.
- For any communication about your conveyancing check the email address carefully and if in doubt phone us to check the information is correct. Only use the details we provided at the outset - look out for little differences like single letters added.
- Buyers and sellers should avoid using public Wi-Fi systems to check emails when house purchases are being made. Fraudsters can easily hack into vulnerable Wi-Fi systems.
- Avoid sharing social media posts about buying/selling your house. Fraudsters may get hold of this information and know the next step is a large financial transaction. Think - if they can see that you are completing on 15 December, they can then use that information to convince others that they are you, or put it in an email so you are more likely to think it is genuine.
- Don't deal with your financial or legal business on open or insecure wifi, on shared emails, public computers, or by talking loudly in public.
- Keep your computer security up to date.