Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
SLC – Conveyancing Risks
Neil Scriven
Fraud Policy & Strategy
April 2016
2 | SLC – Conveyancing Risks | April 2016
Contents
• Mortgage Fraud Risk - Property Hijack
What It is
Customer Identity
Proceeds of crime/ Latest MO
• Scams
Social Enginerring
Invoice Fraud
Phishing
Vishing
Malware
3 | SLC – Conveyancing Risks | April 2016
Property Hijack – What is it
• Impersonating genuine proprietor for remortgaged or sale
• Who is the victim – Lenders, Customers , LR, Insurers . YOU
• Purchasers are not always innocent parties
• Fraudsters usually have control of the property - if only temporarily
• Discovered on day of completion or months later
• If it look to good to be true ……
4 | SLC – Conveyancing Risks | April 2016
Property Hijack – Customer Identity
How do you identify customers
• Face 2 Face - Could you spot a false passport / Driving license
5 | SLC – Conveyancing Risks | April 2016
Property Hijack – Customer Identity
How do you identify customers
• Face 2 Face - Could you spot a false passport / driving license
6 | SLC – Conveyancing Risks | April 2016
Property Hijack – Customer Identity
How do you identify customers
• Face 2 Face - Could you spot a false passport / driving license
• Are 3rd parties identifying your customers - A letterhead is not proof
• Non Face 2 Face - Do you handle the originals
• Most e-kyc tools are built for money laundering
Confirm that the identity provided is genuine
Verify that the residential address provided is associated with that identity
That the person applying for a facility is the person with this identity and address.
7 | SLC – Conveyancing Risks | April 2016
Property Hijack – Customer Identity
How do you identify customers
• Face 2 Face - Could you spot a false passport / driving license
• Are 3rd parties identifying your customers - A letterhead is not proof
• Non Face 2 Face - Do you handle the originals
• Most e-kyc tools are built for money laundering
Confirm that the identity provided is genuine
Verify that the residential address provided is associated with that identity
That the person applying for a facility is the person with this identity and address.
• ID validation tools available
8 | SLC – Conveyancing Risks | April 2016
Property Hijack – Customer Identity
• Knowing your customer and understanding the transaction
Land Registry Information - Encumbrances, length of ownership,
Marketing of property , sale price and current use.
Correspondence & email communication
Purrunsing v A'Court & Co (a firm) & Anor [2016] EWHC 789 (Ch) (14
April 2016)
9 | SLC – Conveyancing Risks | April 2016
Property Hijack – Customer Identity
• Purrunsing v A'Court & Co
Property in Wimbledon sold for £460K in 2012 . Facilitated by a fake passport
The vendor gave an address of Maidenhead which not listed as one of addresses for service at the
LR one of which was the true owners
Vendor did not provide ANY documents linking then to the property – information that the purchasers
conveyancer was aware of ( in the view of the judge)
Vendor used the large discount to justify not providing normal responses
A request by the purchaser for further information about the vendor caused the vendor to temporarily
withdraw.
Funds paid to an account in Dubai
10 | SLC – Conveyancing Risks | April 2016
Property Hijack – Proceeds of Crime
Distribution of Sales Funds
Offshore Multiple Beneficiaries Name on the accounts Companies
Latest MO
• Deceased proprietor
• Let property
• Address for service unchanged
• Payment of funds to a limited company where listed as a director
• Removes the need for an account in the vendors name and companies house lack of KYC
11 | SLC – Conveyancing Risks | April 2016
Scams………… Setting the scene
£21.2bn – The cost of fraud to the private sector in the UK
1 in 4 businesses have been the victim of fraud
39% of businesses do not invest in any type of fraud prevention
Over one third of incidents are linked to cyber crime
82% of firms believe they are too small for a cyber-crime attack
12 | SLC – Conveyancing Risks | April 2016
Social Engineering
• “The manipulation of situations and people that results in the targeted individuals
divulging confidential information”
• 88% of digital fraud losses are due to social engineering
Invoice Fraud Phishing Vishing
13 | SLC – Conveyancing Risks | April 2016
Invoice Fraud
What is Invoice Fraud?
• You receive a communication claiming to be from your client, supplier or other
another firm
• Identify a genuine transaction via hacking or monitoring email traffic
• “We have changed our bank details”
• Usually only identified after the genuine beneficiary tells you they haven’t received
their payment
• Reports to police up 71% in 2015 to a value of £126M
14 | SLC – Conveyancing Risks | April 2016
Fraud smart tips – Invoice Fraud
Always confirm any changes in bank details with your usual contact
Use the contact details on file or from the official website, not the number and
email printed on the letters!
Do not assume that first details are correct or letterhead is genuine – Beware of
vendor firm impersonation- check them out
Consider setting up a ‘Single Point of Contact’ with the companies you pay
regularly
Communicate these messages to any staff with responsibility for making
payments
15 | SLC – Conveyancing Risks | April 2016
Phishing
• The fraudulent practice of sending emails purporting to be from legitimate
companies in order to trick people
• The emails typically contain an attachment or a link to a fake website which will
request that you input personal and financial information
16 | SLC – Conveyancing Risks | April 2016
Fraud smart tips – Phishing
Do not open emails that you suspect could be spam
Never enter any personal or security information on a site accessed via a link in an email
Never visit online banking through a link in an email
Be cautious about any changes to online banking screens
On a banking or online payment page, look for “https” in the website address
Be wary of any emails that:
• Request personal information
• Claim to be from your bank, credit card company or contain invoices
• Do not address you by name, but by “Dear Valued Customer” or “Dear Sir/Madam”
17 | SLC – Conveyancing Risks | April 2016
Vishing
• Vishing is telephone fraud that deceives people into revealing sensitive
information
• Fraudsters make an unsolicited call claiming to be from a reputable company
• They attempt to gain personal and banking information or dupe you into
transferring funds
“I received a phone call from the ‘Barclays
Fraud department’ telling me I had
fraudulent payments pending on my
account. The caller said they needed a
PINsentry code to verify and stop the
transactions. They then used the PINsentry
codes to steal money from my account.”
18 | SLC – Conveyancing Risks | April 2016
Fraud smart tips – Vishing
Never share your PIN, passwords or authorisation codes over the phone
Do not assume a caller is genuine because they have some basic information about you
If you are suspicious at all, terminate the call (it takes two people)
When calling back ensure the first call has been terminated
Always call back using official contact details held on file or the official website
Don’t always trust caller ID, it can be spoofed
Be extremely wary of the following:
• Any unsolicited phone calls
• Anyone who calls to discuss any banking details, payments, transfers etc.
• Callers who ask you to hang up the phone and call them back
19 | SLC – Conveyancing Risks | April 2016
Malware and Trojans
• Short for ‘malicious software’. It can give the fraudster access to:
• Personal information
• Account details
• Passwords
• Key logging and mouse movement
• Watch the victim's screen
• Trojans usually act as ‘backdoors’ to the affected computer, giving the fraudster remote
access.
• They are hard to detect as they remain passive when not in use
• Ransomware allows the fraudster to gain control of the victim’s system and encrypt their files.
• They demand a fee to unlock them otherwise they will be deleted
20 | SLC – Conveyancing Risks | April 2016
How does Malware get onto your machine?
• Email attachments
• Visiting false or infected websites
• Malicious links on popular websites
• Advertising content on popular websites
• Macros in documents
• External devices (USB, CD etc)
• Physical security breaches
• Fake anti-virus products
21 | SLC – Conveyancing Risks | April 2016
Malware Example
22 | SLC – Conveyancing Risks | April 2016
Keeping Your Computers Protected
Online security helps to prevent your computer from being infected with viruses or malicious
software.
Top tips:
•Use internet security software and a firewall
•Make sure you install all the latest updates for your internet browser
•Use powerful passwords and change your passwords regularly
•Think before you click – downloads, updates, pop-ups, links etc.
•Never pay money to release your files
•Consider setting up user privileges to restrict what staff can access using work IT equipment
23 | SLC – Conveyancing Risks | April 2016
What if I or my business does become a victim?
• Contact your bank immediately
• If you suspect property hijack or that mortgage funds have been paid
away incorrectly contact the mortgage lender as well
• If you are acting for the vendor you may wish to inform the purchasers
asap - embarrassing but improves chance of recovery.
Any questions?