The Lloyds Banking Group is warning conveyancing firms to be aware of fraudsters targeting them at busy times for completions.
Conveyancing firms are always going to be at their busiest on a Friday with people wanting to move in just before the weekend, and when there’s a bank holiday due, it only increases the demand for completions.
Firms are under pressure to work quickly on these days and fraudsters of course know this.
Paul McCluskey UK Head of Professional Practices for Lloyds Banking Group, SME Banking said: “We’ve seen fraudsters target conveyancing firms with a number of different scams on these really busy days and if they manage to catch a firm’s employee off guard, the financial and reputational damage caused can be severe, due to the significant amount of client funds they hold. With the spring bank holiday approaching at the end of May, we recommend that all firms remind their employees about how to spot the common scams.”
What is the phone scam?
A fraudster will call a firm and purport to be phoning from their Bank’s Fraud Department. They may use various reasons for calling but often they say they need to check suspected fraudulent payments, or suspicious online log-in activity.
Having usually carried out research before the call, the fraudster will attempt to convince the firm’s employee that they are a genuine Bank employee by quoting details such as client names or actual payments the firm have made. They might even use spoofing technology to make the incoming caller display show a genuine bank phone number.
The fraudster’s aim will be to get the firms employee to divulge passwords or payment security codes which are only normally used to log –in and make online banking payments.
They will say they need this information to stop fraudulent payments or unblock an account, but in fact they will use the credentials divulged to actually make fraudulent payments from the firm’s accounts.
Make sure employees know how to prevent a phone scam:
- Never divulge online banking passwords or payment security codes to anyone on the telephone, even if you think you’re talking to the bank.
- Don’t rely on your phone’s caller display to identify a caller. Fraudsters can make your incoming display show a genuine number. Always check a caller by phoning the bank yourself using a number you know is correct.
- Be aware that a bank will never call you and tell you to transfer your money to a “safe” account, or ask you for online banking passwords, user numbers or ask you to generate payment security codes.
What is the email scam?
- Fraudsters hack into and monitor email messages sent between conveyancing firms and clients at a point when bank account details are being agreed for deposits and completion payments.
- At the point where fraudsters detect that a deposit is about to be paid by the buyer, or a completion payment is about to be made from one conveyancer to another, they send a fake email asking for the payment to be made to an alternative bank account.
- They make the email look genuine by sending it from an email account which is either identical to or very similar to that of the genuine conveyancer, buyer or seller due to receive the payment.
- If the buyer or the conveyancer making the payment doesn’t realise that the changes to beneficiary account details are fraudulent, any funds lost by sending payment to the fraudsters account are likely to be their liability.
Make sure employees know how to prevent an email scam:
- Have a documented process for employees to follow which ensures that email requests to set up or amend payment details are verified as genuine. They should use known contact details, other than e-mail to make these checks and apply the same caution to all payment related emails from both external and internal sources.
- Firms should consider how they communicate with all clients who are sending them funds, so that their clients can be sure that they are sending their money to the correct account. This might involve encrypting emails and being clear up front about how payment details will be provided or amended. Where possible payment method and bank account details to be used should be agreed right at the outset of the transaction.
- All PCs should be protected by a quality Anti-Virus suite which is updated regularly. Operating systems and software should be upgraded to the latest versions as soon as they become available.
For more information, check out the Take Five campaign.
This article was shared on behalf of the Lloyds Banking Group Professional Practices team.