In recent years the press have featured many cases of email interception fraud, and the sums lost are scary.
- The Guardian “‘We lost £120,000 in an email scam but the banks won’t help get it back” – January 2017
- The Telegraph “Fraudsters hacked emails to my solicitor and stole £340,000 from my property sale” – May 2015
- The Sun”How hackers can pose as your email contacts to take your cash… and the banks will NOT refund you” – January 2017
The pattern is similar in each case. The fraudster monitors email traffic between client and professional, waiting for the critical moment in the high value transaction. They then intercept an email and amend the destination bank account details, or send an email posing as the other party requesting payment to a bank account. The unsuspecting email recipient makes the payment – and the money is whisked away before either the client or the solicitor realise.
The nature of property transactions make them an obvious target. There are big sums of money involved and all parties are keen to act quickly when the completion deadline approaches.
The fact that exchanges frequently take place on a Friday and all parties are keen to complete before the weekend presents an ideal opportunity for the fraudster. In fact, this form of fraud has even been dubbed “Friday Afternoon Fraud”.
ActionFraud – the UK’s national fraud and cyber crime reporting centre – keep a record of losses reported to the police. Their latest figures make for scary viewing.
In the last 2 years, the frequency of losses has more than doubled (Q3 2015 to Q3 2017). Perhaps unsurprisingly, the first quarter of 2016 saw record losses – as there was a flurry of property transactions to beat the deadline for stamp duty changes. But August 2017 (24 cases) is only just short of the record in any one month.
We are seeing losses at a rate of 4 every week. The average reported loss is just under £70,000 – seeing losses of more than £8m in 2017 to date.
The combination of high value transactions, a drawn out process and clients who are unaware of the threat create ideal circumstances to target. Add to this the inherent insecurities of email technology and we have a perfect storm.
Law Society and Solicitors Regulation Authority advice is for solicitors to avoid the use of email to exchange sensitive information. This leads many firms to rely on advice to clients and an email disclaimer.
The losses being reported to the police suggest that this is insufficient and a change of policy and procedure is required. Don’t Transmit!
You might find the following resources useful to learn more: