To provide you with the best possible experience this website uses cookies. For more information please read our cookie policy

Please note that by using this website you are agreeing to the use of cookies by Zurich on this and our other UK websites.

X

May 2015

New scam targeted at solicitors

In recent months, the banking scam whereby fraudsters contact firms impersonating staff from banks and attempt to elicit information to enable them to steal money from their client accounts has had a huge effect on solicitors.

And this scam is not going away. In fact, one insurer felt it necessary to write to its solicitor insureds on 2 February 2015 warning them of this fraud. It has been estimated that this so-called “Friday afternoon scam” (this being when the fraudsters most commonly target firms because it’s usually completion time for many conveyancing transactions) has cost firms and their insurers in excess of £5,000,000 in the past three months alone.

More recently, insurers have been notified of a new type of scam targeted at solicitors. Here is what happened to a firm acting for a client in the sale of a property in Essex.

Case study

On 27 January 2015, completion for a client was to take place and the balance of the proceeds of sale (a little under £100,000) was to be sent to the client’s bank account in the usual manner. Throughout the transaction, the solicitor at the firm had been communicating with the customer by e-mail and telephone. The firm’s terms and conditions state that e-mail is the preferred option for correspondence and that the provision of an e-mail address by the client is confirmation that the client is happy for the firm to communicate with the client by e-mail.

As part of the client care/due diligence exercise, the client provided bank statements for the bank into which the completion monies were to be paid. However, two days before completion, the firm received an e-mail from the client providing new bank account details (account number, sort code and account name) and requesting that the completion monies be paid into this new account instead. Upon completion, the firm duly remitted the monies to this account.

It transpired that, despite the e-mail in question emanating from the client’s e-mail account, the account had in fact been hacked and cloned by fraudsters and it was the fraudsters who had sent the e-mail with the new bank account details. The firm telephoned and left a voicemail message for the client confirming that completion had taken place and that the monies had been transferred to them. However, shortly afterwards, the client telephoned to say that he had not received the monies. When informed of the e-mail with the new account details, the client said that he had not sent this e-mail and knew nothing about it.

The insured contacted the bank into which it had paid the monies. The bank confirmed that, whilst the account number and sort code was correct, the account was not in the name of the client and in fact, the account had only been opened up a few days previously in the name of a limited company based in South London. The bank also confirmed that the monies had been withdrawn from that account immediately upon receipt.

The firm has pointed out to the bank that, given that the account name was incorrect, it should not have accepted the monies and is in the process of making a formal complaint to the bank. The bank, however, claims that it’s not responsible for the matter on the basis that it only has a responsibility to check the sort code and account number for payments being received and not also that the name of the account is correct.

This new scam is a very sophisticated type of fraud and it is currently unclear why the client’s e-mail account was targeted. Was it just luck that the fraudsters came across someone who was shortly to receive a large amount of money from a conveyancing transaction into their account? Was it the firm’s IT system which was targeted? We do not yet know, but investigations are continuing.

Not only did the fraudsters intercept incoming and outgoing e-mail correspondence, but they also imitated the language used by the client to convince the firm that the e-mails were from them. Most people will be aware that a large number of e-mail scams emanate from overseas, but there is usually an obvious language barrier which makes them easier to detect.

How to avoid this scam

What should solicitors do if a client provides new bank account details part way through a transaction? As these types of fraud are on the increase, a client providing new bank account details should raise an immediate red flag. If this happens, solicitors should call and speak to their client and request an explanation for the need for the change. As demonstrated by the above, if e-mails can be intercepted, so can letters, faxes and other forms of written communication (and even write-protected electronic documents can be hacked and altered), so solicitors should also request and obtain evidence that the new account details are genuine.

Another option would be for solicitors to ask for original bank statements for the new account, which once inspected, can be copied and retained on the file. Alternatively, solicitors can check with the bank to make sure that the account details and account name are correct. Some banks won’t be able to provide this information without the client’s consent, but can usually confirm if the account name matches what they have on their system.

For the latest insights, practical expertise and to accumulate CII CPD learning hours, visit www.insider.zurich.co.uk and follow us on Twitter @ZurichInsider

Get a ZIP

Get a Zurich Indicative Price in 60 seconds for SME Insurance on ZTrade now.



Ztrade Logo

Get the latest

Follow us on Twitter for our latest updates

@ZurichInsider

or visit Zurich Insider for more industry-leading expertise and insight
» Zurich Insider