Time to enhance clients’ fraud protection
It’s quite probable that you and your colleagues know your phishing from your smishing from your vishing, that you’re well aware of the threats from malware and ransomware, that you’re au fait with the numerous ways in which fraudsters – online or otherwise – are targeting your business each and every day.
That’s clearly a positive – however what about your clients? Given the depth and breadth of people you undoubtedly deal with in the conveyancing process, are you certain there is even a basic level of knowledge about the ways in which they could quite quickly become victims of fraud, ultimately costing them hundreds of thousands of pounds?
While conveyancing firms have undoubtedly ramped up their efforts in protecting themselves against the threat of fraud, it only takes a momentary lapse from the client and the damage can be done. It won’t need me to point out conveyancing has become a growing target for fraudsters and they have been successful – a quick look through the national press in recent months will provide a number of examples where clients were duped and the results are horrendous for all concerned.
This is why the CA has worked incredibly hard on the introduction of our Cyber Safe Scheme to support CA member firms and their clients in reducing not just their exposure to cyber-crime, but to ramp up their protection against all manner of fraudulent activity. At the heart of Cyber Safe for firms is the Cyber Protocol which provides practical information on how criminals operate and the measures which can be taken to avoid being victims of fraud and cyber-crime.
But also, we wanted to ensure that firms are communicating with clients about the risks and what they should be doing to protect themselves. Let’s be honest about this, most of the fraud attempts are unsophisticated but clients can still be taken in, especially if the fraudster has been tracking their social media, infiltrating their email and has the basic software in order to send emails which look legitimate. Most of the cases we’ve seen have essentially been based on this premise, with clients responding to emails which suggest the conveyancing firm has changed its bank account details and sending their deposit monies to the new account rather than any they might have received previously.
Again, in order to counter this, we are urging our members to provide each client with a ‘Client Warning’ factsheet – it’s not complicated but instead spells out in plain English the risks involved and what to be aware of in terms of fraud attempts. Rather crucially, it also includes the conveyancing firms’ bank details and an assurance that these will not change regardless of any communication that is subsequently sent to them. On top of this, it gives some tips to the client about staying safe during (and beyond) the transaction and some fail-safes that can be followed if they have any suspicions.
Crucially, and I think this is a simple exercise that all conveyancing firms should be introducing, is to insist that customers send only the smallest amount of money possible in their first payment to the firm. They can then follow this up to ensure the money has arrived, providing them with confidence that the much larger amount is going to the right place, rather than the fraudsters’ accounts. It of course is common sense but we have been surprised by how few firms insist on this.
Common sense is the right words to use here, for both firms and clients. It’s common sense for firms to put everything in place to reassure themselves and their clients that they are ‘Cyber Safe’ and following our Protocol, gaining the Cyber Essentials Certification (perhaps going beyond this), attaining Cyber Safe Accreditation, and proving to your clients via the ‘Cyber Safe’ logo that you have achieved all of this, should be a natural first step. Putting in place the ‘Client Warning’ factsheet, delivering this to clients and following this up by checking they are aware of the risks and the process they need to follow, also seems to be a common sense approach.
The introduction of the Protocol and Scheme has certainly been a popular one for CA member firms with a number in the process of applying for their Cyber Essentials. The next step is to grow this beyond our membership so it becomes an industry-standard that hits home with both firms and clients alike. We know the fraudsters are not going to stop targeting our sector, and our clients, but with this in place, a growing awareness of the risks, and a commitment to meet the challenge, I’m sure we will be able to cut down on the risk and the heartache that too many clients have unfortunately felt.