Keeping you safe.
Fraud prevention guidance for clients.
You, and your money, are targets of fraud. Transactions between professionals and their clients are currently being actively targeted by fraudsters, due to the large sums processed by us on your behalf. This is particularly true of lawyers that conduct conveyancing transactions, debt recovery actions and estate administration (payment of beneficiaries) but can apply to any type of professional practice
where client money may be held.
As you have instructed us to act for you, it is important that you understand:
what we do to help ensure that you do not become a victim of fraud
your responsibilities to reduce the risks of fraud.
Our Commitment to You
We will ensure that we know you, our client
We undertake careful checks before taking on any piece of work, to ensure that you are who you say you are. For example, if you are selling a property, we will check that you do own the property to ensure that we do not transfer sale proceeds to a fraudster.
When we send you money, we will check to ensure that we transfer funds to your account
We will always ask for your bank account details, by telephone call to a number that you have given to us at the outset of your matter, either in a face-to-face meeting, or by hard copy letter sent by registered post. We can only make a payment to you as our named client, so please do not ask us to split monies across various accounts, pay other parties etc. as we do not allow it and you will be able to do this quickly once monies are in your account.
We will provide our bank details at the start of the work, and will not email you with changes
Our bank account details are provided in our Letter of Engagement. You should always call us to confirm our bank details prior to making payment.
We will use secure methods of payment
This invariably means CHAPS rather than immediate faster payments which are fairly impossible to freeze if a fraud is later discovered.
We will take all reasonable steps to keep your data safe
We have strict policies and procedures in place to keep your data safe. We store your data on encrypted systems that are fully compliant with the current Data Protection Regulations.
We will keep our electronic systems secure and up to date
We have professional-grade anti-virus and anti-malware software and firewalls in place to help protect from ‘phishing’ and other cyber threats. We also have a policy of promptly installing relevant software updates and security patches on all work devices, including portable devices such as tablets and smart phones.
We will advise you of any known security breaches that may impact you
One of our advisers, staff or partners specifically allocated to your work will contact you to advise you of any known security breach that may have compromised your information security.
We will only email you regarding your case or transaction using the following company email address:
Your Security Obligations
You will provide us with best contact details
On or before the start of our work, we will ask for your contact details, and a preferred way of addressing you in communications. You should use the same email address, telephone number/s, mailing address wherever possible, and anticipate further checks from us should you use other contact details in future.
You will communicate urgent instructions in person or by telephone
You should not rely on us receiving or reading your emails, particularly if you are providing time-critical instructions.
Account details sent by email
We will not accept your bank account details via email unless we have verified them with you in person or via telephone call instigated by us to a number that you detailed to us at the outset of your matter. Please be understanding should we need to double-check anything that we think looks suspicious – this is for your benefit.
You will take all reasonable measures to keep your data and systems secure
You will keep your computer and mobile devices updated with the latest operating system updates, security patches, anti-virus software, and MFA.
You will inform us at the earliest opportunity if your email or devices become infected with a virus or other malware, or you think you’ve been hacked, or your security otherwise compromised.
Twelve key steps to prevent cyber fraud
Ensure that your PCs and other devices are protected behind an effective firewall, and up-to-date anti-virus and software updates are applied. Guidance at https://www.ncsc.gov.uk/cyberaware/home is relevant for all to follow, to help protect your home and business from cyber-attack and fraud.
Try not to use public Wi-Fi as you may be vulnerable to data interception. If you do need to use it to access email, online banking or make payments then use a VPN installed on the device.
If you use webmail for communicating with your professional advisors (Solicitors, Accountants, Financial Advisers etc.), then create a separate account for sharing information. Do not respond to any messages other than those from the professional you are dealing with. Confirm the legitimacy of other messages by phone. Always check the sender’s email address carefully.
Enable multi-factor authentication (MFA) on email accounts and any other online accounts or apps where sensitive information is stored or accessed.
Create strong, unique passwords for each online service, especially email accounts. e.g. by using 3 random words (ideally including capital letters). e.g. mountainFestivalpidgeon or creating a memorable passphrase enhanced with a mix of letters, numbers and special characters, e.g. 5hopp!ng@Harr0ds. The longer the words or phrase/sentence, the more secure it’s likely to be.
Where possible, use a password manager protected by MFA, for most of your accounts (but not your online banking accounts).
Never give out your usernames, passwords, or your one-time codes (from your Banking Security Token or mobile device) to anyone no matter who they claim to be.
Pay little heed to unexpected emails. If your Bank or Solicitor (or anyone else legitimate) has something truly important to tell you (like they have detected fraud or need to verify your details) then they will contact you in a more reliable way - they will not use email. If you have concerns, call them using a telephone number from a reliable source (e.g. a printed bank statement or bank card will have phone numbers for your bank).
Exchange sensitive information with your professional advisor only once at the outset of your instruction or engagement, and ideally in-person. If you need to make a change then do so securely.
If you use online banking, then your bank will have included a message centre enabling you to send & receive messages securely. Only accept notifications and advisories from them using this method of communication; Do not act on telephone or email requests.
Be alert to social engineering and phishing emails – do not click on links or attachments before verifying legitimacy of the email/links with the person separately.
You can also validate calls from your professional advisor using a shared secret word or phrase, established with them at the outset of your engagement / instruction.
Do not invite anyone to remotely connect to your computer for any purpose, including IT support or security help, unless you personally know and trust them. Unsolicited callers are always fraudsters.
Use ‘Block’ features available on your mobile phone and landline to blacklist any unsolicited callers or those who withhold their number. For example, in the UK the following service can be used: https://www.tpsonline.org.uk/