Impersonation fraud is becoming the number one risk for legal practices, particularly conveyancing firms and can result in firms and their clients losing hundreds of thousands of rands.
Impersonators prey on the fact that clients choose to communicate with their attorneys by email. This has many advantages as it is fast, convenient and hassle free but it also creates an opportunity for cyber-criminals if you are not careful
It can be a particular issue for first time buyers, because they are likely to be less familiar with the conveyancing process and will normally be transferring large amounts of money from their own banking account to the conveyancing attorneys to cover the deposit, rates, transfer fees and duties and the like for the property.
The scam starts with an email that appears to be from the attorney asking the purchaser to transfer these monies for the property which he/ she is buying. However, the email is a fake and the bank details are those of an account belonging to the fraudster, not the attorney.
The email appears to come from the attorney, either because the cyber criminal has hacked into the purchaser’s email account or because they have “spoofed” his/ her email address. Spoofing means the email appears to come from him/ her (looks the same) when in fact it has come from an email account controlled by the scammer.
Sellers are however also at risk at the end of the conveyancing process when the conveyancing attorney needs to pay out the net proceeds of the sale.
Here the email appears to come from the client requesting that the sale proceeds be paid to a different account than the one they nominated at the outset. The instruction comes from what appears to be the client’s email address, when in fact his/ her email account has either been hacked or spoofed.
The staff of the law firm then pay out on the fraudulent instruction only to find out this was the scammer emailing and the scammer’s account which you paid the funds into.
If you fall for the scam and pay the money into the criminals account, they will normally move it quickly to a different account. This means that the money often cannot be recovered once the fraud has been identified.
Many practices have learned this hard way. Be cautious and take action to protect yourself against the risk of Impersonation fraud.
Here are some tips…
- Get your client’s bank details in writing when you first agree to pay into them and when a change of banking details is requested.
- If you do get an email asking you to transfer money to a different account, confirm this with your client in person or over the phone. Do not reply to that email or follow the instruction.
- Once you have transferred the funds, immediately call your client to check that he/ she has received the funds.
For more information on the impersonation fraud cover Shackleton Risk offers, please contact your broker.
Share this article
VAT explained Value Added Tax (VAT) is a secondary tax that is charged on the consumption of goods and services in the economy. In the context of medical practitioners, VAT is charged on the consumption of your services (the provision of healthcare). This means that a portion of your revenue is paid to SARS as…
There are two key features of a claims-made policy. Firstly, the policy limits coverage to claims first made during the policy period. A claim is typically “made” on the date that you notify your broker or the Insurer. A claim made before the policy inception date or after the expiration date is not covered unless…
A reportable circumstance is any occasion when the Insured first becomes aware of any of the following: an intimation of a possible claim for damages, including correspondence intimating that the Insured was at fault in relation to performing any service or is liable for costs incurred or losses suffered by a third party; or the…