By Legal Futures’ Associate Willis Towers Watson [1]
House buying is an expensive business and conveyancing solicitors hold large sums of money that need to be moved on swiftly which can make them and their clients a target for fraudsters. Headlines and statistics have clearly shown that this is a profitable area for criminals over recent years.
The Law Society Conveyancing Protocol 2019 [2] stipulates that solicitors ‘have a continuing awareness of potential cyber security issues.’ This is the first time that the protocol has been so explicit in this area, recognising the continual risks of conveyancing fraud. It’s important that law firms know what this fraud looks like and educate their clients on the scams and frauds that do take place.
[3]
The Modus Operandi
The most typical type of fraud is email modification. This method is low cost / low tech, but high reward for cyber criminals, making it a popular and lucrative means of theft. Typically, a client who is about to complete on a transaction receives an email, supposedly from their solicitor advising that their bank details have changed, and to pay the deposit to the new account.
The below diagram shows the process of email modification:
Examples Email modification fraud has occurred numerous times across the conveyancing profession, with individuals and/or law firms losing significant sums of money in the process. The fraud will also impact on the law firms involved in terms of time and costs in resolving the matter and potential reputational damage.
We are familiar with the examples across both the legal and mainstream press, and some of those can be viewed from the links below.
https://www.lawyerchecker.co.uk/news/law-firm-loses600k-in-conveyancing-scam/ [3]
The final link, for the Woodfords matter, is slightly different as it was the solicitors who were paying monies back to the client having been advised of new account details. Despite telephoning the client to verify their bank details, the client was pre-occupied packing for a holiday and did not pay full attention to the details of the account. Both the fraudsters’ account and the client’s genuine account were with the same bank.
Unusually in the case of Woodfords monies were recovered and penalties were imposed as the fraudster was caught and imprisoned for 5 years and the sum of £150,000 was recovered.
[7]
What can law firms do to help their clients
Law firms should ensure that all their staff are aware of the scams and tactics used. They are certainly more aware than their clients of both these tactics and the process of buying or selling a property, and so need to be constantly vigilant of anything unusual. Law firms can help prevent themselves becoming the latest firm named in a cyber scam by considering implementing the following:
Explain the process
Make it clear to clients how the process of buying or selling a property works from the outset.
Make it clear to clients when you will ask for monies, how much it will be for, the method by which it will be paid and provide bank details. This to some extent is an extension of the SRA’s Transparency Rules, about ensuring that clients know and understand the key stages in the process [8].
If clients are aware of the key stages of the process and the likely timescales, then it should alert them if they are then asked to provide further information or make a payment that sits outside of that process.
Educate clients on fraud
Explain to clients, at the earliest opportunity, how they can help prevent becoming the victims of fraud. This may include making them aware of the risks of posting information on social media, checking before making payments and making them fully aware of the common tactics used by fraudsters.
Communicate with your clients
Advise clients how you will communicate with them and continue to follow that process. For example, if you will only send emails from one person, or one email address, or via your client portal, then follow that particular method of communication.
If you are telling clients to be suspicious of emails that appear to have been sent outside of typical working hours then make sure that you do not do the same, as this may cause confusion and make a fraudulent email sent out of hours appear more legitimate to your client.
The Law Society Conveyancing Protocol stipulates, “agree at an early stage how you will communicate with all others involved [2]’ which as well as being good customer service may also help to identify fraudulent communication.
[7]
Showcase warnings on email templates
Many law firms have added simple taglines in the footer of their emails advising on the dangers of fraud. For example, that the law firm will not be changing bank account details via email, and what clients should do if they receive such an email.
The more warnings and information that you can provide to clients in this area, the better informed they will be. Certainly, including a tagline in the footer of your email is a simple and cost-effective method of doing this.
Train and educate your staff
Well educated and vigilant staff can help to spot and prevent problems. A culture of vigilance and caution within the firm will be an advantage to ensure that all staff can identify any abnormalities and quickly raise any concerns.
Staff should be aware of times when clients are most vulnerable, or times when they or the law firm on the other side may be most vulnerable, for example Friday afternoons or Monday mornings.
The 2019 Cyber Security Breaches Report showed that only 27% of UK businesses actively train their staff to avoid data breaches by recognising and identifying the warning signs and obvious red flags [7]. Given the statistics education and awareness is clearly an area that all firms could improve upon.
Sending payments to clients
If you are paying clients their proceeds of sale, or monies remaining on client ledgers then check that you have the correct account details, in the same way that you would expect your clients to do so.
This may include contacting the clients and double checking the bank details by telephone prior to making the payment. If you have any doubt, then consider whether you should be making that payment.
IT solutions
Consider whether there are any IT solutions that may assist.
This could include LawyerChecker’s client account checker (which may have prevented the Woodfords fraud mentioned previously [3]), having a feature on your website that confirms your bank account details, or whether an online payment portal should be utilised to transfer deposit monies.
[9]