Whilst the majority of legal areas have felt the impact of fraud, conveyancing seems to be the one that has been hit the hardest.
The large sums of money involved, paired with the often remote nature of the transaction mean it has become a common target for fraudsters, with more and more cases being highlighted in the media. As well as having the potential to destroy a firm’s reputation, a successful attack from a criminal can have a devastating impact on the consumer.
Highlighted in the recent Risk Outlook from the Solicitors Regulation Authority, protection of client funds is paramount, with failure to adopt prevention methods resulting in sanctions for the firm.
So why has fraud become so prominent in the sector and what action needs to be taken to reduce, and eventually prevent it altogether?
In this article sponsored by Lawyer Checker, we explore how fraud in the conveyancing industry has grown and the measures protective measures firms have adopted, as well as considering how it could be prevented in future.
A threat within clicking distance
As has been recently reported, online fraud remains a prominent threat.
Whilst the internet revolutionised the way we find information and communicate with people from across the globe, it simultaneously exposed us to a whole new range of risks. Namely, someone we don’t want being able to access this data and using it to harm us – or our bank balances.
Nevertheless, the ease of transacting online seemed to outweigh these potential pitfalls; access to online banking gives us freedom, and greater control over our finances. Email correspondence allows us to respond to someone in our own time, ensuring that we don’t miss that important message.
However, the convenience which the online world offers us has been taken advantage of, and the impact has been detrimental.
For businesses, banks and legal service providers, criminal cyber attacks have always been a threat. Whether this is through an unsophisticated hacking attempt or a refined email interception campaign, the threat of fraudsters infiltrating a business through their online presence has always and continues to be imminent.
So why is conveyancing such a tempting target?
Whilst high profile businesses and organisations across the globe have reported data breaches over recent months, these have mainly resulted in reputational damage.
Reports of law firm attacks, however, have seen hundreds of thousands of pounds of client money being lost, affecting both the firm and its potential for future business.
Where conveyancing is concerned, this increased appeal for criminals has been attributed to the money and the level of stress involved in a transaction. Reduced awareness, increased vulnerability and potentially high rewards are just what the fraudster is looking for.
In addition, a great deal of valuable correspondence between law firms and consumers is sent electronically. Above anything else, this is for the convenience of both the consumer and the professional dealing with their legal matter.
However, it’s this which can present a real problem.
Usually in the midst of email correspondence, the keen buyer or solicitor will receive a message allegedly from the other side. Purporting to be a legitimate party, the email will request a change of bank details and to ensure that funds are transferred to this new account. Rather than from the client or conveyancer though, the email will be from a fraudster.
Whilst many would like to think they would query this questionable correspondence, others wouldn’t – and that’s not surprising. As awareness around fraud grows, criminals are refining their techniques, with emails becoming more believable and interception becoming more sophisticated.
Stress, lack of time, and eagerness to complete also play a part, meaning that even the most vigilant professional could be duped, putting client money at risk with just a single click.
The issue of email interception was highlighted by Paula Higgins. The chief executive of the Homeowners Alliance stated: “Cybercrime targeting conveyancing transactions has seen a big increase over the last few years. This is becoming a serious problem and much more needs to be done than currently is being to mitigate the risks to an acceptable level.
“The main problem surrounds misdirection of fund transfers whereby a fraudster impersonates either the buyer or the solicitor, by hacking or spoofing their email account, then corresponds with the other party to persuade them to transfer funds (something they are expecting to do anyway) to a bogus bank account.”
However, despite the risks that ultimately stem from the use of email correspondence, they’re still heavily relied upon, with legal professionals being expected to respond to consumer queries immediately. Commenting on growing consumer expectation in relation to this point was solicitor Victoria Marshall from Pearson Solicitors and Financial Advisers LLP. She stated: “ It is a worrying time as clients expectations are for us to use modern technology to speed up the process, using tools such as online portals and emails for example. However, this means we are potentially open to the risk of ‘cybercrime’.”
As was previously mentioned, reports of fraud surrounding law firms are continuing to hit the headlines, having a devastating impact on both the business and the consumer. However, as was pointed out by easy convey’s director, Tom Durbin St George, the rest of the industry can often suffer too.
“Press and public perception mean that when a rogue slips through, the industry as a whole is tainted. As the values are normally so high and the individual impact so great, it’s vital that everything that can be done, must be done, to prevent it.”
In the SRA’s Risk Outlook, the regulator recently updated its priority risks section which sets out areas deemed to present the most prominent risks and where they are focussing their attention.
One of the key areas highlighted was the protection of client money, stressing that this is one of the basic duties of a legal professional.
Reporting on trends witnessed, the Outlook highlights that despite the fall in misappropriated client money, the risk is still prominent, with an average of 43 being reports being received each quarter.
Conveyancing is noted as a key targeted area, namely involving email modification from a scammer, who will then impersonate one of the parties. The SRA references a significant number of instances where the fraudster has masqueraded as the solicitor in requesting the modification of bank details. This could go some way to explaining the addition of recommended services such as Lawyer Checker when transferring client monies.
This was one of the preventative tools Victoria Marshall highlighted that which had been adopted by her firm: “We have invested in our IT system and as a growing team we are aware if the importance of regular training for all staff members. We make phone calls prior to transferring any funds, check banks details on more than one occasion and make use of tools such as Lawyer Checker.”
Paula Higgins also highlighted the practices that firms are starting to implement in order to prevent against fraudulent attacks: “Many solicitors are adopting secure email systems and new security policies in order to minimise the risks.
“We’re seeing robust processes put in place around the transfer of money such as running electronic bank account checks on all previously unused accounts and contacting the other party by phone before making transfers.”
She went on to comment on the steps she felt should taken to prevent against fraud to a higher degree, particularly on the side of the consumer.
“I think more needs to be done on the consumer side. We need to raise customer awareness of this type of crime so they’re aware when something looks suspicious.
The Conveyancing Association is taking steps to make this happen.
“It’s Cyber Safe Scheme and the Cyber Protocol it implemented have produced a significant reduction in misdirected deposits due to the initial warning card to clients advising that bank details will not change and that they should refer to their conveyancer on a trusted telephone number if they receive any communication to indicate that the bank details have changed.”
Mike Bowen, Head of Residential Property Service at Jevons Riley & Pope highlighted the possibility of biometric scanning of passports or driving licences being introduced, requiring the documents to validated against the person themselves. This would go further than simply verifying a confirmation of the number’s existence.
Drawing on the need for firms to take steps to prevent against fraudsters was Rob Hailstone. The CEO and Founder of Bold Legal Group stated: “Fraud is not going to go away, as the sector develops solutions, criminals find new ways to defraud the clients and/or conveyancers. Too many firms are still not adopting even the simplest of solutions to protect themselves making the legal profession vulnerable. Ultimately, unless the profession as a whole adopts the highest levels of anti-fraud protection conveyancers will always be targets.”
Also stressing the need for firms to respond to the growing threat of digital fraud was Jennifer Davies. The Legal Services Director at Lawyer Checker stated: “Whilst there are continuous developments in digital technology, fraudsters will always be ahead. This highlights the importance of staff training and awareness, as people are often the weakest link in the security chain. The SRA has suggested considering the use of Lawyer Checker. Lawyer Checker can help protect client money and firms should consider using a blanket policy, as opposed to merely using it where a firm is not on a conveyancers ‘safe list’.”
Tom Durbin also highlighted that it is not just conveyancers that need to take action, stating that the “Government, regulators, universities, conveyancing professionals, the private sector and the property buying & selling public all have a part to play to mitigate risk.”
Looking to the future
In response to the utilisation of technology from fraudsters, firms and legal service providers are equally taking advantage of the protective benefits that virtual tools have to offer.
Rob Hailstone drew attention to this, describing it as a shift which the industry is starting to adopt.
“Some conveyancers have adopted the efficiencies that new technology brings to the process. Indeed we find that more and more clients are insisting that their conveyancers utilise the best and most up to date technology. It is a seismic change as to how we operate. In a lot of cases however internal processes and risk management culture have not improved, meaning that some are using outdated processes to try and stop 21st century crime.
“Whilst it is unlikely that anything will be included in any recommendations coming out of the Government’s attempt at ‘Improving the Home Buying Process’, it is hoped that the Government and the conveyancing sector will look at ways to protect both the purchaser and a vendor of a property during the transaction.”
Commenting on the ways in which his company had adopted technology was Simon Bath. The CEO of When You Move stated: “The right technology can facilitate anti-fraud measures. We have regimented processes built into the When You Move platform, with a robust API to Anti-Money Laundering providers that runs on every single case. This means every case is protected. We’re already exploring future tech too, such as facial recognition.”
He also drew attention to the additional benefits that technology could have for the consumer, stating: “Technology can also massively improve the customer experience at the same time as mitigating fraud-risk. In the current process, the client has to give their ID on three separate occasions. In the future, I hope to see the client ID being held as a verified entity and then passed to those that need it in the transaction.”
Commenting on the unquestioning reliance so many of us place on technology, Tom Durbin St George also highlighted the importance of correspondence offline, stating: “My personal view is that we should combine new technology with old fashioned contact and instincts. In fact, as human beings, we are pretty good at sniffing out a rogue, our guts remarkably, are pretty good advisors. However, we tend to naively trust technology unequivocally, which is where the old and new should be merged.
“Equally, conveyancers and the public shouldn’t be afraid of picking up the phone if even the slightest concern arises. We should also ensure, we know our clients. Using secured, verified client ID is invaluable.”
Looking ahead, he also predicted that whilst artificial intelligence could be utilised in the fraud prevention process, human intervention will always be key, stating: “Further on down the line, I expect Artificial Intelligence to play a part. I have no doubt somewhere in silicon valley a program exists which will decide you are who you say, just from the wording of your correspondence, the time of your email or where they were sent from. AI will not be the deciding factor, human intervention will always play a significant part in the conveyancing process, but technology will eventually defeat the fraud that exists at the level we see today.”
During the last year, the SRA stated that £12 million of client money has been taken by fraudsters.
In order to target this risk and reduce this figure further, the SRA provides guidelines for what actions professionals should take.
Where client money is held, it is essential that systems and controls are in line with the SRA Accounts Rules in order to protect it properly.
The advised steps are as follows:
- Proper management and audit of accounts
- Appropriate vetting, training and supervision of staff
- Appropriate control of client accounts; this includes awareness of access
- Awareness of email modification fraud and how to combat against this. The SRA encourages firms to do the following:
- Exchange details with the other parties at the start of the transaction
- Considering the use of a system such as Lawyer Checker to verify the bank information of a law firm
- Appropriately training staff to be alert to fraudulent emails and to verify a change of bank details using another method of correspondence
- Appropriately protecting client information
Why prevention is protection
Commenting on the need for firms to take preventative steps sooner rather than later was Chris Harris. The Managing Director of Lawyer Checker stated: “Criminals will continue to target lawyers for three key reasons. Firstly, because clients trust lawyers and criminals take advantage of this.
Secondly, criminals can see that many lawyers have large client account balances with relatively little security protection, and thirdly because of the confidential information that lawyers hold.
“New products have come into the market over the last few years to protect lawyers against these issues. Here at Lawyer Checker’s we have seen the majority of very small conveyancers and very large conveyancers using Account and Entity Screen and Consumer Bank Account Checker as a routine measure to help protect against fraud. Sadly, the medium sized firms seem to be the ones that place themselves most at risk by not adopting appropriate controls.
“Moving forward more and more firms will be expected to adopt Cyber Essentials Plus as a Government supported framework for information security and achieve ISO 27001 which help create an information security conscious culture in your businesses.
“Over the next 12 months firms will be encouraged to look at DKIM and DMARC services which stop firms having their emails cloned or hi jacked. Lawyer Checker can help you implement these standards and stop your firm being victim to an email hi-jacking attack.”
This article was sponsored by Lawyer Checker, market-leading provider of risk management solutions. To discover how Lawyer Checker could help protect your client’s money, click here.