Cyber Security and the Role of the Conveyancer

signing documents - cyber security for conveyancers

Did you know? Fraudsters forge a property and financial Lasting Power of Attorney document, and are given lasting power of attorney over an unsuspecting person. The fraudsters then have the right to manage the financial affairs of their victim, including, in one recent case, trying to sell their house

Luckily, the conveyancing solicitors dealing with this sale became suspicious, and refused to deal with the fraudster. However, it could easily have ended differently. The Office of the Public Guardian says it ‘intends to add further safeguards’.  

In another recently reported case, a fraudster managed to persuade the Land Registry to change the name of the owner of a property to his own, and then sold that property. The Land Registry says it depends on the checks that conveyancers do to spot impersonation. 

So, the role of the conveyancer in combating this kind of fraud is vital. 

There are other attacks on the conveyancing process too. For example, in recent weeks, a cyber-attack on conveyancing firms has meant that many property sales chains have been frozen, leaving many people stuck mid-transaction. And ‘Friday Afternoon Fraud’, in which cyber criminals intercept emails between a conveyancer and their client to steal funds, is now well known. 

Conveyancing is a high-value target for cyber criminals and fraudsters. As well as identity frauds and email interception, there are several other strategies in use:  

  • Phone calls and emails trying to collect confidential information, or pretending to be a bank 
  • Various methods of payment fraud (cheques and card payments) attempting to harvest funds, or launder money 
  • Change of bank details fraud
  • And attacks on your computer systems and networks. 

What can you do to protect your business and your clients? 

Together with the NCSC, the Conveyancing Association has created a document for business owners and their conveyancing teams, outlining a Conveyancing Cyberfraud and Fraud Protocol for England and Wales

The protocol should help everyone understands the risks and controls necessary to avoid becoming a victim of cyber fraud. The protocol will also help protect against money laundering and data breaches. This is important because all members of staff should have some security awareness training and there should be strong security policies in place to support them.  

Many of these recommendations are common to all businesses, such as: 

  • A strong password regime 
  • Regular data backups 
  • Securing your network  
  • Keeping software up to date
  • Using firewall and virus protection 

However, some are particularly relevant to conveyancers. For example: 

  • Do not rely on caller ID. If the caller claims to be from your bank, ring your bank on a known number from a different phone. Don’t allow the caller to stop you ringing your known banking contact. 
  • Do due diligence on ID documentation. Ask the estate agent to send a picture of the client holding their ID open at the photo page, and use an electronic ID search to verify it hasn’t been stolen.
  • Use a secure portal for all communication.
  • Consider dedicating a standalone computer with its own internet access to banking transactions, and don’t use it for anything else.
  • Do not send or receive bank details by email. As a matter of policy, exchange bank details at the beginning of the transaction, and tell your clients clearly that your bank details will not change. 
  • Get Cyber Essentials certified, to help get a good baseline for your security system. 

Do you need help with getting cyber security in place? Click and Protect can help you establish cyber security policies and procedures, as well as assessing your network and helping you with Cyber Essentials certification. Call us on 0113 733 6250 or send us an email.