We became aware of this scam in 2014 and, notwithstanding several warnings to the profession, several practitioners unfortunately still fall victim to this scam. The modus operandi of the perpetrators can be better explained by using the following example:
After a property sale had been cancelled, the conveyancer needed to refund the deposit to the purchaser. He sent an e-mail to the purchaser’s Gmail address, advising her that the refund would be paid into the FNB account from which the payment had been generated. He received an e-mail response stating that the FNB account had been temporarily discontinued. He thereafter received an e-mail with details of an account held with Nedbank, into which the refund should be paid and he duly made the payment using electronic banking.
In the meantime, the purchaser received e-mails (ostensibly from the conveyancer) apologising for the delay in the transfer of the funds.
By the time the conveyancer became aware that the Nedbank account did not belong to the purchaser, all the money had been withdrawn from the account.
On closer examination, it became clear that the e-mails sent to the conveyancer, ostensibly by the purchaser, in fact came from a Gmail address that was almost identical to the purchaser’s address. One letter in the email address had been swapped around – for example the address firstname.lastname@example.org became email@example.com. The conveyancer did not notice the slight discrepancy.
E-mails which the real purchaser received, ostensibly from the conveyancer, also came from an almost identical address – for example the email address firstname.lastname@example.org became email@example.com. The purchaser did not notice the slight discrepancy.
The fraudster was somehow able to intercept the emails sent to the purchaser’s genuine Gmail address.
He then appears to have opened email-accounts with similar addresses to those of the conveyancer and purchaser. This enabled him to send messages to the conveyancer and the purchaser, which at first glance, came from their real e-mail addresses.
Although these scams involve a different modus operandi every time, the main and constant factor remains that the scammer attempts to defraud the conveyancer to change the banking details into which the proceeds or deposit refund have to be paid.
Many conveyancers’ normal safeguard is that any change in banking details must be in writing, either via an e-mail or fax. However, this safeguard is no longer effective as e-mails are being hacked by the scammer or the signed letter received via fax is a forgery. Even the second safeguard, of a bank statement with a recent bank stamp or a letter from the bank, is useless as these documents can so easily be forged.
The earlier scam that made the rounds could very easily be identified as the scammer sent an e-mail from a completely different e-mail address from that of the seller or the purchaser, preceded by a telephone call to the conveyancer with an explanation that the relevant party is experiencing problems with his/her existing e-mail account.
The latest scam e-mails come from an e-mail address that looks like and appears to be the valid e-mail of the seller or the purchaser. However, these e-mails have either been hacked or spoofed, thereby creating the illusion that the conveyancer is communicating with the existing seller or purchaser. The scammer will even provide the purchaser with fake banking details for the conveyancer, into which the deposit or purchase price must be paid.
Some conveyancers are all too susceptible to these scams as unsound and archaic procedures are no longer effective risk management tools. Unfortunately the mistake is only realised when the scammer has already withdrawn all or most of the funds from the fraudulent account, leaving the seller without his/her proceeds and the conveyancer with a possible PI claim.
We warn all practitioners to be extremely vigilant when receiving any instructions via e-mail, particularly where there are instructions to make payments.
Carefully check the e-mail address to ensure that it is IDENTICAL to the one on file.
Please give the party who ostensibly sent the e-mail a call at a verifiable contact number. Do not use a number provided in the e-mail concerned! Do not pay out on an e-mail instruction alone.
Attorneys should not have potentially risky e-mail addresses like Gmail, Yahoo, Webmail, Ymail and Hotmail. If the client has such an address, then it might be a worthwhile precaution to follow up any e-mail sent to that address with a short telephone call to ensure that important correspondence has in fact been received by the correct recipient.
Never pay trust money into an account without verifying the banking details. You need to have a FICA policy in place and to follow it to the letter without exception.
Your best safeguard will be for the client that wants to change his/her banking details to come into your office to sign the instruction in front of you. It might be an inconvenience, but it is the best way to protect your client and your firm. Explain to the client that this is a risk management measure aimed at protecting all the parties having an interest in the transaction.
See the article by Zelda Olivier titled “Normal practice or unsound and flawed routines” in De Rebus, October 2015. p 26
UPDATE ON CONVEYANCING SCAMS 2016
Scammers are now approaching conveyancers asking them to do conveyancing work for them and sending them “protected” PDF documents which, when opened may direct them to an “Adobe site” that asks for their e-mail address and e-mail password. Once this is done, they can set up a duplicate of the practitioners email account and keep a check on all the conveyancer’s e-mail correspondence and find out about all transactions. In some instances it is the email account of a staff member or even the estate agent that is phished in this way.
WARNING: Never open “protected PDF” documents or attachments from unknown sources. Do not give out your e-mail password to anyone.