We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
PLEASE READ BEFORE POSTING: Hello Forumites! In order to help keep the Forum a useful, safe and friendly place for our users, discussions around non-MoneySaving matters are not permitted per the Forum rules. While we understand that mentioning house prices may sometimes be relevant to a user's specific MoneySaving situation, we ask that you please avoid veering into broad, general debates about the market, the economy and politics, as these can unfortunately lead to abusive or hateful behaviour. Threads that are found to have derailed into wider discussions may be removed. Users who repeatedly disregard this may have their Forum account banned. Please also avoid posting personally identifiable information, including links to your own online property listing which may reveal your address. Thank you for your understanding.
A warning to anyone sending their bank details to their solicitor via email.
Comments
-
To summarise:
1. Solicitor requested by email bank account details to send the proceeds of the property sale to.
2. Their client (seller) replied with their bank details.
3. Fraudsters intercepted communications and sent another email to the solicitor, posing as the seller, and provided other bank details.
4. Solicitor sent money to account provided by fraudsters.
The solicitor is denying responsibility, which IMHO is rubbish as they appear to have been negligent or at least handled sensitive information rather lightly, and in any case they are the ones who have actually been scammed.
The Solicitor Regulation Authority seems to see it the same way as they said that the solicitor was responsible and must replace the money.
The article says that the seller still hasn't recovered £62k so the solicitor seems to be dragging their feet as much as they can.0 -
Can't believe that the solicitor did not even phone to check the details.0
-
-
I am _very_ sceptical about this.jjlandlord wrote: »3. Fraudsters intercepted communications
eMail is used by millions of businesses, daily, for sending financial information including bank account details. I can't see any way in which this can happen, short of human muppetry of some description.
This similar fraud - http://www.thesundaytimes.co.uk/sto/business/money/Consumer/article1556497.ece - is far easier to explain. Somebody sent a totally faked email purporting to be from the customer.0 -
I am _very_ sceptical about this.
eMail is used by millions of businesses, daily, for sending financial information including bank account details. I can't see any way in which this can happen, short of human muppetry of some description.
I suspect the thing that the article doesn't mention is that the "intercepted" and "managed to send another email pretending to be the client" bits actually boil down to "the client had their own email account compromised by their password becoming known".
In other words, the message wasn't intercepted, someone nefarious just read it in the client's sent items. Similarly, a new email wasn't sent as though it came from the client, it was sent *from their account*.
This is much easier to explain than the article's scaremongering "email intercepted". Although email is all plain-text when being delivered between servers fraudsters cannot just magically pluck messages out of the internet at will. Doing so requires them to have full access to a server through which the message passed, which means working for the user's email host, the law firm's email host, or one of the ISP's through which the message was routed between the two.
It also ties in with the law firm's refusal to pay the bill, as if the updated message genuinely originated from the client's email account (and these days that can generally be verified easily) then they legitimately did nothing wrong, assuming you accept the premise that they should take instruction by email anyway.
I would imagine their professional indemnity insurance have already thoroughly investigated this, they wouldn't be washing their hands of it unless they had a solid reason to.0 -
I never send full bank details via email - either do it over the phone, or split the details between two different communication methods (eg sort code by text, account number on email).0
-
-
Agree with nidO.
Suspect the clients email was compromised.
I, along with many others I'm sure, have had those emails from legitimate contacts sending spammy emails. I think this is a more sophisticated version of that.0 -
This similar fraud - http://www.thesundaytimes.co.uk/sto/...cle1556497.ece - is far easier to explain. Somebody sent a totally faked email purporting to be from the customer.
Looks like exactly the same thing.
In both cases someone sent a 'faked' email. In both cases the question is indeed 'how did they know?'.
When the telegraph's article says that the email was sent from the same account, we don't know if indeed someone logged into that account and sent the email, or if the email was spoofed.
That said, it does seem that the most likely explanation was that the client's email account was compromised, but it could also be the solicitor's (which would seem like a better target).0 -
One possibility is the fraudster performs automated scanning of Facebook and other similar sites (perhaps even this one!) where people may post about the house they are buying along with information that allows them to be identified.That said, it does seem that the most likely explanation was that the client's email account was compromised, but it could also be the solicitor's (which would seem like a better target).
From there they try and get hold of an email address and from there they attempt to get the password.
Quite a lot of work but it's plausible and given the potential pay off from the fraudster, worth their while.
Compromising a solicitor's email account would yield a better 'return' for the fraudster but I suspect it's an order of magnitude more difficult then getting into one gmail account from a list of gmail accounts you've identified as related to a house purchase.
Ultimately to safeguard your own security you should advise your solicitor that any critical parts of the process are done over the phone or face to face. Phone is of course also liable to similar frauds though if your solictor calls you this is harder (fraudster needs to steal your phone or gain access to your phone number).0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards