Friday afternoon fraud

Criminals often target conveyancing firms with a scam called “Friday afternoon fraud”. This is a form of phishing attack.

Criminals hack into emails between you and your client and then:

  • contact the client pretending to be you, asking them to pay their completion funds into the fraudster’s bank account, or
  • contact you pretending to be the client or the client’s bank, to get access to the client’s bank account details

It’s called Friday afternoon fraud because many conveyancing transactions take place on Friday afternoons. But these scams can happen at any time.

How to recognise Friday afternoon fraud

You should check communications are genuine if:

  • you receive unusual instructions that appear to have come from your client
  • you receive instructions that change at short notice, for example you’re sent new bank details
  • your client’s bank contacts you to report a security breach and asks for their account details

How to protect your clients

You should:

  • tell your client not to email you on public wifi (public wifi is not password protected, so criminals can easily get hold of information)
  • give your client your firm’s client account bank details at the start of any transaction and tell them they’re unlikely to change. You can give this information to your client directly, in a letter or over the phone. You should not do this by email as it is not a secure form of communication
  • tell your client not to transfer money to a bank account whose details don't match the ones you gave them
  • confirm any change in your bank details using a secure method. This might be in person or over the phone on a trusted number
  • call your client before and after they send you money. This allows you to confirm the transaction is genuine and the money has arrived safely
  • ask the client to send a small amount first – for example £1 - and check that your firm has received the money before they send the larger sum

How to protect your firm

If you’re suspicious of an email:

  • call the client on a trusted number to confirm they sent the email
  • pay a small amount – for example £1 – into the bank account and check it has been received before sending any more

You may want to ask your client to give you a password when you first start working for them.

If you’re suspicious about any communications later, you can ask them for the password to confirm they’re the person contacting you.

You may also want to think about investing in an encrypted email service.

What to do if you’re a victim of fraud

Resources

Joint property and title fraud advice note – practical guide on how to spot potential fraud

The biggest cyber-threat of all – Friday afternoon fraud case study from the Law Society

IT Security: keeping information and money safe – advice from the Solicitors Regulation Authority (SRA)

Cyberfraud and Fraud Protocol for England and Wales – guidance from the Conveyancing Association

> Next section: Phishing

> Back to contents list

Cybersecurity news digest

Stay up to date with all things cyber with our weekly cybersecurity and GDPR newsletter.

Recommended

professional development centre
GDPR for managers: an introduction

New online course, GDPR for managers featuring downloadable checklists and valuable resources from the Law Society and ICO.

GDPR for managers: an introduction > More