We regularly receive emails and calls about cybercrime and what some refer to as email payment fraud. Unfortunately, it is a growing form of crime so here is an updated post on what email payment fraud is and what readers should look out for. Our previous post on the topic can be read here.
Email payment fraud occurs when a fraudster hacks into email communications between a client and a company. It is understood that in some cases hackers place malware into a computer which is designed to detect certain words and phrases. Once hackers become aware of the transaction, they will then intercept the emails and suggest that funds are transferred to an alternative account. For obvious reasons sales and lettings agents are a particular target due to the nature of their businesses and the frequency with which money changes hands. This is not the only way that hackers intercept email communications however, this is the type that is currently on the rise.
Unfortunately, due to the rise in this type of crime fraudsters have been able to articulate their communications so that they appear genuine. Furthermore, once they receive the funds they are quickly moved to another account, which could be abroad, making it impossible for your bank to freeze the funds and recover the money sent.
Agents should advise clients that any change in bank account details should be communicated in writing and sent by first class post or courier. Once this communication is received agents should confirm the details with the client directly. We do appreciate however, that some agents may still receive emails from clients advising them of an alternative bank account. If this is the case and the agent takes the risk of accepting the communication then they should still confirm the instructions with their client directly. Ideally this means in person or calling them and if necessary, leaving a message asking that your call is returned. It is important that a client’s contact details are kept up to date and that when you call them you use those details and not those which may be included in the recent communication.
Other matters that should be considered include:
- Check the style of the email. Is it similar to previous emails i.e. does it use an agents first name, how is it signed off, poor grammar etc.
- Check the email address, if it is even slightly different the client should be contacted directly to ensure its legitimacy.
- Is the email attempting to pressure you to send the money quickly? Again, this is a tactic used by fraudsters to ensure that money is sent and checks not carried out.
We have been advised by agents that these checks are not always possible for one reason or other. However, given that money is involved and ultimately it is an agent’s responsibility to ensure that the money is sent to the correct recipient it is vital that care is taken. Where agents feel that clients will not appreciate a delay in receiving funds, they should consider including a clause in their terms of business advising them of their processes and procedures to ensure that they are not held liable for this type of fraud. Painsmith Helpline members can access this clause for free on the document vault, a charge is applied for non-members.
There are products which exist to protect against this type of malware and other cybercrime. Agents are advised to ensure that their computers have the latest protection and that their staff is trained on how to deal with this type of fraud.
Finally, most High Street banks have signed up to the Contingent Reimbursement Model Code (CRM). Unfortunately, agents cannot benefit from this code because it only applies to individuals who have been tricked into authorising a payment to what they believe is a legitimate account. However, the code has some useful information which may benefit agents’, so it is certainly worth a look.
The contents of this blog post is not legal advice and is provided for general information purposes only. If legal advice is needed readers should contact a solicitor. No responsibility for any information contained within this post is accepted and PainSmith solicitors accepts no liability in respect of the contents or for action taken based on this post.