Andrew Becconsall is our Head of Risk and Compliance
In this role he is responsible for ensuring everything the company does is compliant with the strict regulations that law firms have to adhere to, especially in prevention of fraud.
Here he looks at the risk of Cybercrime through intercepted emails.
In August last year a couple from Essex sent £120,000 to what they thought was their solicitor’s bank account.
Unfortunately, they had actually sent the money to a fraudster’s account. Over a six day period, all of the money was withdrawn from the account, and the couple have lost it all. So what went wrong?
The couple were due to pay their solicitors £120,000 in inheritance tax on their grandmother’s estate. They received an email from the solicitors with their bank details and they instructed their bank to make an electronic payment to the account. They received an email confirming receipt from the solicitors.
Unfortunately the email system had been hacked and the emails the couple received were not from their solicitors, but from fraudsters.
There is a flaw in the banking system that allows this fraud to happen. It may be a surprise but before carrying out payment instructions, banks do not always match the account name with the bank account number and sort code.
Even though this couple recorded the name of the solicitors on the payment request, the bank only relied on the account number and sort code to make the payment. This is not a one off case.
A common theme is that the clients are informed about a change of bank details. If you are dealing with a solicitor and they inform you of a change in their bank details, this should be a warning sign.
Is it very unusual for solicitors to change their client bank account, given less than 3% change bank accounts per annum?
In order to protect yourself, before you make a significant payment to your solicitor, you should always contact the solicitor by telephone using the number on their website, or the Law Society’s Find a Solicitor service, to confirm that the account details you have are accurate.
The interception of emails by sophisticated hackers, often based abroad, is likely to get worse, so please be careful before making any electronic transfers of funds.