SLC Conveyancing Risks · 2019. 5. 15. · How do you identify customers • Face 2 Face - Could you spot a false passport / driving license • Are 3rd parties identifying your customers

SLC – Conveyancing Risks

Neil Scriven

Fraud Policy & Strategy

April 2016

2 | SLC – Conveyancing Risks | April 2016

Contents

• Mortgage Fraud Risk - Property Hijack

What It is

Customer Identity

Proceeds of crime/ Latest MO

• Scams

Social Enginerring

Invoice Fraud

Phishing

Vishing

Malware


Property Hijack – What is it

• Impersonating genuine proprietor for remortgaged or sale

• Who is the victim – Lenders, Customers , LR, Insurers . YOU

• Purchasers are not always innocent parties

• Fraudsters usually have control of the property - if only temporarily

• Discovered on day of completion or months later

• If it look to good to be true ……


Property Hijack – Customer Identity

How do you identify customers

• Face 2 Face - Could you spot a false passport / Driving license




• Face 2 Face - Could you spot a false passport / driving license





• Are 3rd parties identifying your customers - A letterhead is not proof

• Non Face 2 Face - Do you handle the originals

• Most e-kyc tools are built for money laundering

Confirm that the identity provided is genuine

Verify that the residential address provided is associated with that identity

That the person applying for a facility is the person with this identity and address.





• Are 3rd parties identifying your customers - A letterhead is not proof

• Non Face 2 Face - Do you handle the originals

• Most e-kyc tools are built for money laundering

Confirm that the identity provided is genuine

Verify that the residential address provided is associated with that identity

That the person applying for a facility is the person with this identity and address.

• ID validation tools available



• Knowing your customer and understanding the transaction

Land Registry Information - Encumbrances, length of ownership,

Marketing of property , sale price and current use.

Correspondence & email communication

Purrunsing v A'Court & Co (a firm) & Anor [2016] EWHC 789 (Ch) (14

April 2016)



• Purrunsing v A'Court & Co

Property in Wimbledon sold for £460K in 2012 . Facilitated by a fake passport

The vendor gave an address of Maidenhead which not listed as one of addresses for service at the

LR one of which was the true owners

Vendor did not provide ANY documents linking then to the property – information that the purchasers

conveyancer was aware of ( in the view of the judge)

Vendor used the large discount to justify not providing normal responses

A request by the purchaser for further information about the vendor caused the vendor to temporarily

withdraw.

Funds paid to an account in Dubai


Property Hijack – Proceeds of Crime

Distribution of Sales Funds

Offshore Multiple Beneficiaries Name on the accounts Companies

Latest MO

• Deceased proprietor

• Let property

• Address for service unchanged

• Payment of funds to a limited company where listed as a director

• Removes the need for an account in the vendors name and companies house lack of KYC


Scams………… Setting the scene

£21.2bn – The cost of fraud to the private sector in the UK

1 in 4 businesses have been the victim of fraud

39% of businesses do not invest in any type of fraud prevention

Over one third of incidents are linked to cyber crime

82% of firms believe they are too small for a cyber-crime attack


Social Engineering

• “The manipulation of situations and people that results in the targeted individuals

divulging confidential information”

• 88% of digital fraud losses are due to social engineering

Invoice Fraud Phishing Vishing


Invoice Fraud

What is Invoice Fraud?

• You receive a communication claiming to be from your client, supplier or other

another firm

• Identify a genuine transaction via hacking or monitoring email traffic

• “We have changed our bank details”

• Usually only identified after the genuine beneficiary tells you they haven’t received

their payment

• Reports to police up 71% in 2015 to a value of £126M


Fraud smart tips – Invoice Fraud

Always confirm any changes in bank details with your usual contact

Use the contact details on file or from the official website, not the number and

email printed on the letters!

Do not assume that first details are correct or letterhead is genuine – Beware of

vendor firm impersonation- check them out

Consider setting up a ‘Single Point of Contact’ with the companies you pay

regularly

Communicate these messages to any staff with responsibility for making

payments


Phishing

• The fraudulent practice of sending emails purporting to be from legitimate

companies in order to trick people

• The emails typically contain an attachment or a link to a fake website which will

request that you input personal and financial information


Fraud smart tips – Phishing

Do not open emails that you suspect could be spam

Never enter any personal or security information on a site accessed via a link in an email

Never visit online banking through a link in an email

Be cautious about any changes to online banking screens

On a banking or online payment page, look for “https” in the website address

Be wary of any emails that:

• Request personal information

• Claim to be from your bank, credit card company or contain invoices

• Do not address you by name, but by “Dear Valued Customer” or “Dear Sir/Madam”


Vishing

• Vishing is telephone fraud that deceives people into revealing sensitive

information

• Fraudsters make an unsolicited call claiming to be from a reputable company

• They attempt to gain personal and banking information or dupe you into

transferring funds

“I received a phone call from the ‘Barclays

Fraud department’ telling me I had

fraudulent payments pending on my

account. The caller said they needed a

PINsentry code to verify and stop the

transactions. They then used the PINsentry

codes to steal money from my account.”


Fraud smart tips – Vishing

Never share your PIN, passwords or authorisation codes over the phone

Do not assume a caller is genuine because they have some basic information about you

If you are suspicious at all, terminate the call (it takes two people)

When calling back ensure the first call has been terminated

Always call back using official contact details held on file or the official website

Don’t always trust caller ID, it can be spoofed

Be extremely wary of the following:

• Any unsolicited phone calls

• Anyone who calls to discuss any banking details, payments, transfers etc.

• Callers who ask you to hang up the phone and call them back


Malware and Trojans

• Short for ‘malicious software’. It can give the fraudster access to:

• Personal information

• Account details

• Passwords

• Key logging and mouse movement

• Watch the victim's screen

• Trojans usually act as ‘backdoors’ to the affected computer, giving the fraudster remote

access.

• They are hard to detect as they remain passive when not in use

• Ransomware allows the fraudster to gain control of the victim’s system and encrypt their files.

• They demand a fee to unlock them otherwise they will be deleted


How does Malware get onto your machine?

• Email attachments

• Visiting false or infected websites

• Malicious links on popular websites

• Advertising content on popular websites

• Macros in documents

• External devices (USB, CD etc)

• Physical security breaches

• Fake anti-virus products


Malware Example


Keeping Your Computers Protected

Online security helps to prevent your computer from being infected with viruses or malicious

software.

Top tips:

•Use internet security software and a firewall

•Make sure you install all the latest updates for your internet browser

•Use powerful passwords and change your passwords regularly

•Think before you click – downloads, updates, pop-ups, links etc.

•Never pay money to release your files

•Consider setting up user privileges to restrict what staff can access using work IT equipment


What if I or my business does become a victim?

• Contact your bank immediately

• If you suspect property hijack or that mortgage funds have been paid

away incorrectly contact the mortgage lender as well

• If you are acting for the vendor you may wish to inform the purchasers

asap - embarrassing but improves chance of recovery.

Any questions?

Documents

SLC Conveyancing Risks · 2019. 5. 15. · How do you identify customers • Face 2 Face - Could you spot a false passport / driving license • Are 3rd parties identifying your customers