Services

People

News and Events

Other

Blogs

A Test of Our Clients Funds Security Policies

View profile for S. Tariq Mubarak
Posted:

Cyber_Criminal

A Test of Our Clients’ Funds Security Policies

Cybercrime and property-related financial fraud has been on the increase recently. The Solicitors Regulation Authority (‘SRA’) said that £7 Million was lost in this way in 2016 alone. This year, in the first half of 2017, the SRA has circulated over 90 scam alerts, an average of almost three a week. There is also a large number of news articles about monies being lost to fraudsters on an increasingly regular basis.

In a recent article, Tony Fullbrook, Head of Purchase at Barclays Mortgages, published with mortgagesolutions.co.uk, said that “To further highlight this issue, research from Barclays suggested that 5% of the UK population have fallen victim to a conveyancing scam, a similar level to most other scam types.”  He goes on to state “Breaking this down regionally, the data showed that London was the UK’s worst city for conveyancing fraud – where 13% of homebuyers are faced with attempted scams.”

The Telegraph reported on 20th January 2017 that “Another homebuyer loses £67,000 as solicitors failed to warn of email fraud”. In the article, they referred to Mr Howard Mollett, “who was tricked into paying over £34,000 to a fraudster posing as his solicitor over email.”  The article goes on to state “Conveyancing fraud occurs when criminals intercept email exchange between homebuyers (or homesellers) and their solicitors.  The fraudsters then generate fake emails purporting to be from one of the parties, asking the other to make payments into a new bank account.  The payments are often very large, representing deposits on properties or in some cases, the entire proceeds of a property sale. Once the money has been paid, the criminals drain the accounts. The banks involved are frequently slow to act”. The article goes on to state “In December 2016, the [SRA] identified conveyancing fraud as the most common cybercrime in the legal sector. It suggested that a quarter of firms had been targeted by online fraudsters. In one in 10 of these cases, money had been stolen as a result, it said. Victims of conveyancing scams lose £101,000 on average.”

Such fraud and cybercrime is so rampant that the SRA has a name for this form of fraud - “Friday afternoon fraud”, primarily because such fraud usually tends to happen on a Friday.

Fortunately, we have never been the victim or associated with such cybercrime and fraud due to our robust internal policies and procedures. These policies and procedures were recently tested when on a Friday two weeks ago, we received a phone call from an individual claiming to be a former client of this firm. He said that he had mistakenly sent us £4,000 when he actually intended to send that money to another recipient. He asked if we received the funds and if we did, to return the funds to him. To expedite the repayment, he wanted to provide us with his bank account details over the phone. The initial phone call had been taken by our apprentice who, after checking with out accounts team, inform the “former client” that we had not received the funds. The “former client” then called back later that morning and asked the question again and again wanted to provide us with his bank account details. By this point, we still had not received the funds.  By the time the “former client” made his third phone call to us, all within an hour, the funds had in fact arrived into our client reserve account and as per our standard policies and procedures, our apprentice asked the “former client” to email or fax us his official or online banking, bank account statement so we that we can verify the sort code and account number belongs to the correct individual.  The “former client” then became very anxious and tried to explain that this will cause him some difficulty and insisted we just accept the bank account details that he was going to provide to us over the phone.

Our apprentice then escalated the call to myself, as the managing director. I spoke to the “former client” and repeated the request for him to email or fax us his official or online banking, bank account statement so we that we can verify the sort code and account number belongs to the correct individual.  I went on to explain that we have had these procedures in place for many, many years, even before the current proliferation of cybercrime and conveyancing fraud.  He went into a huff but eventually relented and said that he would be back in touch to provide us with the bank statement we requested.

A few days goes by and on Tuesday, having not heard from the “former client”, we ring fence the funds so as not to contaminate the rest of the client reserve account funds. Two day later, on Thursday, I receive a call from the actual former client (I know this because he gave me information which I know only he could know) who tells me his online banking had been hacked and two payments of £4,000 each had been sent to two recipients on his approved payee list. The fake “former client” who is in fact a cybercriminal, was not able to set up a new recipient and transfer the funds directly to himself because that would require the actual client’s debit card and card reader.

The scam therefore is the cybercriminal sends funds to an existing recipient on the payee list of the online banking and then calls the recipient to say that the funds had been sent mistakenly and to request for those funds to be repaid to the “former client” when in fact it would have been paid out to a bank account that belonged to the fraudster. Indeed, the actual client did not ask us to transfer the funds back to him but told us to escalate the matter to our bank who then told us that we were absolutely right in our procedures and commended us for this as this goes over and beyond what most other law firms do.

It gave me no little amount of pleasure to know that the procedures we implemented many years ago having foreseen this issue arising has been tested and proven itself. We will now improve the procedures even further and ensure all staff members are aware how robust the implementation of these procedures must be. We have also started carrying out checks via the Lawyer Checker Consumer Bank Account Checker which provides an additional level of protection for ourselves and our clients’ funds.

If you are concerned about any of the issues raised above, please do call and speak to us, as we’re happy to assist.  At the very least, you should ensure that you rotate or change your online banking passwords frequently and ensure they are difficult to hack. There are also some useful tips from www.takefive-stopfraud.org.uk.

About the Author 

Tariq Mubarak is one of the top property solicitors in England, and he has helped hundreds of clients achieve success with their property goals.

Read more about Tariq’s background and his client’s successes.

Feel free to message Tariq here or e-mail him on tariq@matrix-legal.com or call his direct line: 02071861601

Contact

If you are interested to discuss more about anything mentioned in the article above, please call us on: 020 7186 1600, or e-mail us on: property@matrix-legal.com

Comments