We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
PLEASE READ BEFORE POSTING: Hello Forumites! In order to help keep the Forum a useful, safe and friendly place for our users, discussions around non-MoneySaving matters are not permitted per the Forum rules. While we understand that mentioning house prices may sometimes be relevant to a user's specific MoneySaving situation, we ask that you please avoid veering into broad, general debates about the market, the economy and politics, as these can unfortunately lead to abusive or hateful behaviour. Threads that are found to have derailed into wider discussions may be removed. Users who repeatedly disregard this may have their Forum account banned. Please also avoid posting personally identifiable information, including links to your own online property listing which may reveal your address. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Dastardly email scam
pjn100
Posts: 18 Forumite
I am wondering if I have any case against my solicitor as a consequence of what has occurred. In a nutshell my solicitor's system was cracked and I received an email - as these things inevitably go - indicating that I should transfer funds into their client account and details were given etc. The detail of this is interesting. The email came from the EXACT same domain as usual, and it was part of an email exchange that she and I were already having precisely about where to direct some funds. So the "answer" I received was not in any way an unexpected one, and it dovetailed in with previous legitimate emails. Fortunately I spotted a spelling mistake and further scrutiny suggested that it was a spoof email.
My issue is that for this level of compromise to have occurred in my solicitors email system suggests a level of carelessness or incompetence that represents a failure of the duty to safeguard my personal data. As the fake emails were in a string (and highlighted as such by my email software) it seems clear that fraudsters had gained access to the email exchange for long enough to be able to set a very specific trap. They therefore my know quite a lot about my situation. The practice secretary let on that emails were missing from their system - further confirmation of the extent of the hack. The email headers within the fraudulent emails indicate them issuing from the solicitors domain name through Microsoft. My understanding is that to gain access would require the absence or failure to implement a number of security checks prior to a remote device gaining access to an email account . It could have turned out really badly but fortunately it didn't. It doesn't quite feel right to say these things happen - so be it.
My issue is that for this level of compromise to have occurred in my solicitors email system suggests a level of carelessness or incompetence that represents a failure of the duty to safeguard my personal data. As the fake emails were in a string (and highlighted as such by my email software) it seems clear that fraudsters had gained access to the email exchange for long enough to be able to set a very specific trap. They therefore my know quite a lot about my situation. The practice secretary let on that emails were missing from their system - further confirmation of the extent of the hack. The email headers within the fraudulent emails indicate them issuing from the solicitors domain name through Microsoft. My understanding is that to gain access would require the absence or failure to implement a number of security checks prior to a remote device gaining access to an email account . It could have turned out really badly but fortunately it didn't. It doesn't quite feel right to say these things happen - so be it.
0
Comments
-
What evidence do you have that the breach of security was at the solicitor's end rather than yours?
In any event, if you haven't suffered any actual loss I'm not sure what "case" you think you might have?0 -
No competent solicitor would rely on email to instruct where to direct funds in either direction, regardless of the security or otherwise of their email server.0
-
-
Solicitors are wise to these scams and you'll most likely find some instructions in your paperwork not to be taken in by any instructions to pay into a bank account whose details you received via email. Our solicitor posted account details to us, with a warning that the account details would never be changed and that if we received such a request to report it to them urgently.Make £2025 in 2025
Prolific £841.95, Octopoints £6.64, TCB £456.58, Tesco Clubcard challenges £89.90, Misc Sales £321, Airtime £60, Shopmium £52.74, Everup £95.64 Zopa CB £30
Total (1/11/25) £1954.45/£2025 96%
Make £2024 in 2024
Prolific £907.37, Chase Int £59.97, Chase roundup int £3.55, Chase CB £122.88, Roadkill £1.30, Octopus ref £50, Octopoints £70.46, TCB £112.03, Shopmium £3, Iceland £4, Ipsos £20, Misc Sales £55.44Total £1410/£2024 70%Make £2023 in 2023 Total: £2606.33/£2023 128.8%0 -
I tell clients in my client care letters about bank details and they won't change. I now also deliberately send my clients a separate sheet of paper in duplicate containing bank details and telling them that they will NEVER change. I also make them sign and return one copy precisely to cover my firm against the compensayshun brigade.
It's amazing how much paperwork client's don't read! :mad:
Email is NOT secure and no one should ever accept bank details, no matter who they purport to come from, via email!0 -
The evidence that the fraudulent emails came from the solicitors server is embedded in the emails themselves. It's possible to see the source of an email and the route it's taken between sender and receiver and it's entirely clear where these came from in this case.0
-
... it's also easy to spoof those, and so the hack would come from your own computer...
Their being missing from the solicitors computer increases this likelihood.
What has this actually cost you, financially? That's the only sum you should be compensated for, if (IF) the attempted fraud was from their end.
If the answer to that is nothing, then why are you wasting anyone's time?0 -
1) you've suffered no loss so have no 'case' against the solicitors
2) as others have said, you have no evidence the hack came from them - it may have been your email that was compromised
3) you should inform your solicitor of what has happened so they can take appropriate precautions.
4) apart from the advice others have given about not relying on email for bank details, you should always start by sending £1.00, and confirm safe receipt before sending the full transfer amount0 -
Thank you all for taking the trouble to respond. I have had the fraudulent emails independently analysed and indeed they did originate from the solicitors server and not my side. They was the very first thin that I established. I have informed the solicitors but their response gave no acknowledgment of there being a problem their side whatsoever - but that's not suprising. I will report the matter to the information commissioners office and leave it at that.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.4K Work, Benefits & Business
- 601.2K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards