A couple have lost a £45,000 house deposit after transferring money to a bank account fraudsters had told them belonged to their conveyancers.
Sarah and Richard Tough, who live near Bishop’s Stortford, received an email asking them to transfer their deposit. A few days later on Thursday 17th December they received another claiming to be from their conveyancers Advantage Property Lawyers (APL) informing them their bank accounts were changing due to an audit.
They duly transferred the money to the new account. However on Monday, Sarah contacted Advantage Property Lawyers who told her the money had not arrived, and the second email was not from them.
According to the Daily Mail, Sarah said: “‘I was sitting at my desk in pieces. I couldn’t stop shaking. I was just in complete disbelief that everything we had saved had gone.”
Sarah then contacted the new bank, Barclays, whose fraud team managed to claw back £22,000 but the remainder of the deposit has been lost.
It is unclear whether the criminals hacked into the Tough’s emails or those of the solicitors.
However APL say as their IT has been given a clean bill of health, meaning encrypting their emails would not have been helpful.
Stephen Coupland at Advantage Property Lawyers said: “Clearly we feel very sorry about our client’s loss – it’s a terrible situation for them. However, we have been assured by independent IT experts that our systems and procedures are robust and that the fraudulent e-mails definitely did not originate in our system. We completed over 8000 transactional completions last year and this is the only instance of fraud we have come across.
“We are also advised that if – as we believe was the case – the client’s e-mail had been hacked then the use of encrypted e-mails would not have helped.
“Unfortunately criminals are getting cleverer with cybercrime activity, so even though we have been given a ‘clean bill of health’ in relation to this incident we shall continue to have our systems audited and checked on a regular basis by third party experts in a similar way to our best practice, compliance and risk reviews carried out by Legal Eye.
“We all need to learn the lesson that no matter how robust our systems are, the modern cyber-criminal will continue to look for ways to commit fraud, so firms must review and update their policies and systems on a regular basis.
“We are participating in the Conveyancing Association’s inaugural ‘Cyber Security and Fraud Campaign’ meeting later this month and moving forward I think it will be very important for all serious conveyancing firms to work together and share best practice.”
Ritchie, 34, who works at Ware-based, Village Wines, said: “Losing this money is bad enough, but what makes it worse is that this could have all been avoided if our emails had been encrypted.
“It seems crazy to ask us to transfer such huge amounts by sending a bank account number.”
The Solicitors Regulation Authority (SRA) say around four companies a month are targeted by fraudsters.
SRA Chief Executive, Paul Philip, said: “This is an issue that is not going away. Law firm client accounts are being targeted and solicitors and their clients are suffering disruption and potential loss.
“It’s essential that firms understand the risks and take precautions to avoid falling victim to these attacks.”
A Barclays spokesman said: “Barclays had no way of knowing that the account would be used for fraudulent purposes.
“As soon as we are alerted to suspicious account activity or it is picked up by our transaction profiling work, we investigate the circumstances and if we are satisfied that the accounts are being used to launder the proceeds of crime, we act as quickly as possible to close the accounts.
“Customers who transferred funds into the account after fraud has been detected would receive a refund.”