The cyber fraud that might steal your property money
Although many people have heard of e-mail based money scams, some of the more sophisticated scams are not common knowledge, although IT security professionals have been warning about them for years. An article in the Saturday Telegraph, (http://www.telegraph.co.uk/finance/personalfinance/borrowing/mortgages/11605010/Fraudsters-hacked-emails-to-my-solicitor-and-stole-340000-from-my-property-sale.html), gave horrifying details of a property transaction gone wrong, when the proceeds of a £340,000 London flat sale were transferred to fraudsters by the client’s solicitors acting on a forged e-mail.
What makes this more worrying is the reaction of the solicitor firm and the bank in question, both of which blamed the client. Ultimately, the client’s loss was reduced to £62,000 but this still represents a massive loss to a private individual.
Anyone using e-mail to manage their finances needs to understand that e-mail is about as secure as a post card. If you would not put that detail on a post card, then you should not put it in an e-mail. Not too many years ago, Jeremy Clarkson ended up making an involuntary donation to charity after he published his bank details in his national newspaper column, so the dangers of giving your bank details to all and sundry should be obvious, (http://news.bbc.co.uk/1/hi/7174760.stm).
For anyone with a moderate level of IT skill, it is easy to forge an e-mail header and make it look authentic to a recipient not already on their guard. Monitoring remotely someone else’s e-mails is also not a complex task, if you are willing to overlook the illegality of the process. Common mailer packages like Microsoft Outlook make it easy to arrange for copies of e-mails to be sent to a specified e-mail account, so getting and maintaining access is not difficult.
To give yourself some element of protection:-
Access your emails from a device that is kept up to date with the latest software and regular patches.
Install anti-virus, anti-phishing and malware software and use it. Keep it up to date and check it is running properly.
Keep your e-mails generally secure with a proper password. “Password” is just not good enough.
When online and setting up accounts on third party websites like Google, PayPal and your bank, do not use the same password for each one and change them regularly. If a hacker breaks your password on one account, they will likely try the same password on all your other accounts – you could lose everything managed online.
If you need to give someone your bank details, physically give them a cancelled cheque or a paying-in slip, as this places the onus on them for getting it right.
If you cannot give a cancelled cheque or paying-in slip, give the details by letter or over the telephone, making sure they are clear and confirmed back to you. Banks do not check whether the sort code and account details match the account payee, so make absolutely sure the numbers are recorded correctly.
If you are expecting a large receipt to be paid in, ask the sender to tell you when to expect it and the account details to be used. Listen carefully to the answer! Check your account as soon as it is due. If it does not appear, chase it with the sender and your bank. Recovering money sent in error will become much more difficult with delay.
Contact me with queries
If anyone is looking for general advice, then please write in to the blog and I would be happy to help with anonymous advice posted here. Alternatively, please call us on 0116 253 5600 and ask to speak to an IFA, (Independent Financial Adviser), for a no-obligation discussion.
If you know you need formal advice, have a look at http://bankfield.net/, or ask around for a recommendation, it might even be me.