The most effective way to stop conveyancing fraud is to assume that any email asking to change bank details could be fake, and to verify it through a separate, trusted channel before a penny moves. Back that habit with strong email security, multi-factor authentication and regular staff training, and you close off the route criminals use most.
Conveyancing is a prime target because large sums move on a known date. Criminals watch for completion, then send a convincing email, often from a real but compromised mailbox, asking your firm or your client to send funds to a new account. The money is gone in minutes. Here is how to protect your firm and your clients.
1. Lock down email
Email is where these attacks begin. Put advanced filtering, impersonation protection and link-checking in place, and enforce multi-factor authentication on every mailbox so a stolen password alone can’t be used to read or send mail. MFA is now the single most important control, and the absence of it is a recurring factor in successful attacks on firms.
2. Make bank-detail changes hard to fake
Set a firm rule that no change to payment details is ever accepted on the strength of an email. Verify it by calling a known, pre-agreed number, never a number from the email itself. Tell clients at the start of every matter that your bank details will not change, and that they should call a named contact to check anything that says otherwise.
3. Train your people and your clients
Short, regular training and simulated phishing help fee earners and support staff spot a fake before they act on it. Clients are targeted too, so clear written warnings about payment fraud, repeated near completion, protect both sides.
4. Monitor and be ready to react
Account monitoring can flag unusual mailbox activity, such as new forwarding rules or logins from odd locations, which often signal a compromise in progress. Have a simple plan for who to call, including your bank, if money is sent in error, because speed is everything in a recovery.
A real example: security that wins work
Strong controls protect you and reassure clients. We helped a client become cyber security compliant to meet a customer’s requirements and win a large tender, which grew their business. For a law firm, the same evidenced security that prevents fraud also shows clients and referrers that their money and data are safe with you.
Why law firms choose First Stop IT
First Stop IT has supported businesses since 2002 and specialises in security for professional service firms. Our credentials include:
- Cyber Essentials Certified
- IASME Cyber Assurance (Gold)
- NCSC Assured Service Provider (Cyber Advisor for Cyber Essentials)
- Microsoft Partner
- Crown Commercial Service Supplier (G-Cloud)
- Quality Principles Certified
We look after more than 2,000 endpoints across 50 companies, we’ve been named a Top 50 UK MSP for three years running, and we support organisations with 10 to 100 employees across Essex, Hertfordshire and London, including Harlow and Bishop’s Stortford.
Book a free IT and cyber security review
Worried about payment fraud on your matters? Book a free IT and cyber security review with First Stop IT and we’ll check your email security, your verification process and your team’s readiness.