Friday 18 August 2017

Home buyers stand to lose thousands in new cyberattack

Cybercriminals are hacking the email accounts of Irish solicitors in an attempt to steal tens of thousands of euro from unsuspecting home buyers, the Sunday Independent has learned. Stock photo: PA
Cybercriminals are hacking the email accounts of Irish solicitors in an attempt to steal tens of thousands of euro from unsuspecting home buyers, the Sunday Independent has learned. Stock photo: PA
Mark O'Regan

Mark O'Regan

Cybercriminals are hacking the email accounts of Irish solicitors in an attempt to steal tens of thousands of euro from unsuspecting home buyers, the Sunday Independent has learned.

The Law Society has confirmed a number of Irish-based legal firms have been subjected to this kind of high-tech assault.

Dubbed 'Friday Afternoon Fraud', the conveyancing scam has been known to take several forms, but generally occurs when the hackers intercept emails between home buyers or sellers, and their solicitors.

They generate lookalike emails which allow them to pose as the solicitor involved.

During the final stages of a property purchase or sale, they inform potential victims by email that certain bank account details have changed.

They then instruct that payments be moved to a different account, allowing the criminals secure control over deposits.

A solicitor's own email may be hacked or impersonated, so clients are directed to send money to accounts other than the solicitor's client account.

Alternatively, the lawyer may receive a telephone call, purportedly from the bank's anti-fraud team, asking for account details and passwords.

They may be told to transfer the contents of an account elsewhere. The criminals then withdraw the money.

The amounts involved can be substantial, representing a down payment on a property, or possibly the proceeds of a sale.

The activity typically takes place on a Friday afternoon, when the scammers know client accounts are likely to hold large amounts of cash.

This particular conveyancing scam is currently the number one cybercrime in the UK legal sector.

But it has now been confirmed that conveyancing fraudsters are also targeting Irish firms.

In a statement, the Law Society of Ireland said legal practices here have been subject to similar "attacks".

While it is believed the number is "small", the prevalence of such activity is unknown as "exact statistics are not available."

In order to "protect solicitors against these frauds" the society has launched a new cybersecurity section on its website, to advise members on how to protect themselves from cybercriminals.

A recent survey found a near 50pc increase in the number of cyberattacks reported by Irish firms in the past year. And three firms out of every 10 have been subject to a cyberattack in the past 12 months

Rory O'Neill, an investigating accountant with the society, says the continued integration of technology has "significantly increased the risk" of attacks.

He highlighted cases in which "external emails" between solicitors and their client have been "intercepted" and read by criminals.

"When a genuine email is sent with bank account details enclosed, the fraudster intercepts and amends the details of the bank account. This amended email is then forwarded to the appropriate recipient from the spoofed email account."

If the recipients "act on the emails", the money will be transferred to the fraudulent account.

Sunday Independent

Also in Business