There has been a worrying increase in fraudsters posing as known clients or regular service providers in various property transactions and, as you can imagine, the losses can be substantial.
This email fraud takes many forms but one of the the most common and easily overlooked is when you (or a client) receive an email that looks exactly like it comes from a known party in one of your deals, whether buyer, seller or conveyancing attorneys, requesting payment to a specific account or “confirming” bank details for the payment. This is called spoofing, and unfortunately, it is actually pretty easy to do: displaying a name in the sender line that is different to the actual address is not hard if you know a little about it. Following the instructions in this email will result in you paying the fraudsters directly into their bank account. Bye-bye funds!
A while back fraudsters did this with an email account belonging to one of SA’s leading estate agents. Despite appearing to have been sent from the agent’s official Seeff address, it was fake and contained bank details of the fraudster, not the appointed conveyancer. This resulted in the buyer being defrauded by close to R1m.
So, what’s the bottom line? Do not let your guard down. Rather start from the assumption that any email in your inbox regarding payments could be a targeted attack from a criminal.
These situations can be well managed simply by having protocols in place in your office (and for your clients) for whenever bank details are involved or money is transferred to a new beneficiary. We strongly recommend putting these protocol into place immediately!
- Make it part of every sale/rental routine to contact all parties involved to inform them of the possibility of this fraud. Attorneys, conveyancers, buyers, sellers, real estate agents, etc have all been targeted in these scams
- If possible, do not send sensitive information via email
- Immediately prior to paying any money, ensure that the payer calls the recipient to verify the details.
- Call the recipient on a well known telephone number (legitimate number)
- Ask them to verify the amount AND the bank details
- Only load the recipient onto your banking system and make payment if all is well
- Trust your instincts. Tell everyone involved that if an e-mail or a telephone call ever seems suspicious or not quite right, that they should stop until the communication has been independently verified.
- Clean out your e-mail account on a regular basis. Your e-mails may establish patterns in your business practice over time that fraudsters can use against you.
- Change your email usernames and passwords on a regular basis.
- Never use usernames or passwords that are easy to guess, like the password “password.”
Please be aware that these emails can be extremely convincing. Many intelligent, well informed people have been duped. No one should assume that they are “too savvy” and no one should assume that they are “too small a target” to be defrauded.
Why not talk it through as key role players in your agency and ask yourselves what you can do to foolproof your system?
This information is very important. For some it will be a useful reminder and for some it will be the first time you have thought to double check. Either way, we hope that you will make sure the people responsible for making payments in your transactions are 100% sure the instruction is legitimate each time.
Please don’t hesitate to contact us if we can help you with any of this.