Too Busy? Don’t fall victim to email modification fraud
We were recently at the SRA’s ‘Protecting your firm, protecting your clients’ event in Cardiff. The audience were told of a recent conveyancing case in which the SRA took action.
A firm was emailed through a last-minute change of bank account details, on the day of completion. The property was being purchased in a sleepy village in central England. The bank account details were changed to a fraudster’s bank account in South Korea. At the event, there were lots of heads shaking and mutterings of “we would never fall for that”.
Think about it for a moment, while you may not have fallen for this specific example of email modification fraud, are you sure you aren’t leaving your firm open to similar but more convincing scams?
Think of those times when you are extremely busy or have a pressing time-dependent action to complete (like on the day of completion). Are you certain you have enough robust processes in place to minimise the likelihood of being the victim of such a scam?
Particularly at a time like Easter, when you are rushing to complete transactions, you are a target for email modification fraudsters. Should they be successful they will have four days to spirit-away the stolen funds.
In this instance, the business in question failed to identify that the new bank details linked to an account in a foreign country at the last minute – this should have been a red flag. They were probably extremely busy and wanting to ensure the transaction went through on schedule. It isn’t always this obvious.
If someone had spoofed the email sender, so it looked on the surface as if the request to change the bank details was legitimate and via a UK bank account, would you pick up on this on every occasion, in every situation?
You can never have too many processes in place to reduce the risk of a successful email modification fraud scam. Using your own safe list is simply not enough to stop this happening. Even the most comprehensive internal list (including bank account details) could unwittingly be updated to the incorrect details by someone in your firm who has been the victim of a fraudulent attempt. Perhaps your list will be overlooked when your staff are in a rush. One mistake is all it takes to be defrauded of your client’s funds and to have a hugely negative impact on your firm’s reputation.
Lawyer Checker’s Account & Entity Screen should always be a part of your everyday anti-fraud processes. Just because you had a burglar alarm on your house, you wouldn’t then feel safe to leave your front door unlocked while you went out, even on one occasion.
Lawyer Checker’s Account & Entity Screen should routinely be used for every transaction you conduct. Without this layer of protection, you leave yourself and your firm more vulnerable to email modification fraud.
This article was submitted to be published by Lawyer Checker as part of their advertising agreement with Today’s Conveyancer. The views expressed in this article are those of the submitter and not those of Today’s Conveyancer.