TITAN, the North West Regional Organised Crime Unit, are urging estate agents, solicitors and home buyers across the region to be alert after a number of scams which have left solicitors and clients suffering significant financial losses.
Conveyancing Fraud is committed by criminals who hack into e-mail chains between sellers, buyers, solicitors and their estate agents. They wait for the right time, usually on the day of sale completion, then send a spoof e-mail informing interested parties that funds should now be paid into a different account and provide details of an account under their control.
In one recent incident in the North West a home buyer transferred nearly £200,000 to their conveyancing solicitor. The solicitor then received an e-mail purporting to be from the same individual asking for it to be transferred to a different account.
The funds were duly transferred only for the solicitor to learn that this account was under the control of the fraudster. In order to prevent similar offences, TITAN Regional Cyber Crime Unit are keen to ensure that the following Cyber Protect advice is distributed as widely as possible:
• Ensure all staff, not just finance teams are aware of this fraud.
• Always verify email payment changes to financial agreements with the organisation directly using established contact details you have on file. If called ask the caller to give you a main switchboard number for you to be routed back to them. Alternatively, hang up and call them back using established contact details you have on file.
• Have a system in place which allows staff to properly verify contact from their CEO or senior members of staff; for example having two points of contact so that the staff can check that the instruction which they have received from their CEO is legitimate.
• Always review requests to change ‘one off’ payment requests. Check for inconsistencies or grammatical errors, such as a misspelt company name or a slightly different email address.
• Ensure computer systems are secure and that antivirus software is up to date.
• Review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols.
• Do not use the same password for more than one application. If one application is compromised others become immediately vulnerable.