NOTE: “I am trying to help people make safe financial transactions but I take no responsibility for anyone’s financial loss. Reading and following this information is done at your own risk.” — HC
“The criminals hack into the email chains between sellers and buyers and their solicitors and estate agents. The fraudsters then send an email – usually on the day of sale completion – informing the parties that bank account details have changed at the last minute and that money should be deposited in a different account.” – Robert Mendick, and Nicole Blackmore, The Telegraph
The news is telling us about people who have been defrauded while making financial transactions where they have to exchange large sums of money, particularly when purchasing or selling real estate. This has made me think through the issues and give my two penny worth of advice about how to make safe financial transactions, particularly when email is involved. In particular I refer to the use of Digital Certificates otherwise referred to as Digital IDs (Identities) when sending emails.
Digital Certificates are used to digitally sign an email. When the process is performed correctly by all parties it would take a really massive effort by a fraudster to make his fake email appear genuine.
I cannot deny that steering clear of computers, mobile phones and other forms of IT would be the safest way. Beware of information passed in a phone call too. That could be fraudulent as well.
“We are getting more and more instances of this. The outcome for the fraudster is tremendous. They can earn £1m on the sale of a house in the south-east.” – Steve Proffitt, deputy head of Action Fraud. (Quoted from The Telegraph)
This Article About Safe Financial Transactions Covers:
- Methods used to get people’s money by using fraudulent communications,
- How to avoid being persuaded to send money to a fraudsters account,
- Use of email Digital Certificates (Digital IDs).
See these references to published articles on this subject.
What Is Happening?
People purchasing real estate or other valuable property have to give somebody else a large sum of money by some means. They could give them cash, pay with a cheque/banker’s draft or perform an online transaction.
Some fraudulent actions may appear to be online issues but could just as easily be performed offline. This is because the method, used by the fraudster, is to persuade people to deposit their money in the fraudster’s account rather than the correct recipient’s account.
“The method, used by the fraudster, is to persuade people to deposit their money in the fraudster’s account rather than the correct recipient’s account.” — HC
How does the fraudster know there is a transaction taking place? Well that’s another matter. The fraudster may have a job in a bank or with a solicitor or estate agent, or otherwise know the payer or payee. They could have hacked into the IT systems of any of these people. The fraud may be committed by a team, not just an individual.
Emails And Phone Calls
It would seem that the payers of money are being persuaded to deposit money into the fraudsters account by the fraudster’s emails or phone calls. The payers are being advised by the fraudsters that the payee’s bank account has changed or a mistake has been made in the original communication of:
- the Account Name,
- the Account Number,
- or the Sort Code.
The payer believes it is a genuine message from the payee or their representative. Then it turns out that the original communication was correct and there was no mistake, only a fraudulent attempt to divert the money to the fraudster’s account.
The original communication may well have been genuine and could have been in the form of an email, sent by snail mail letter from a solicitor or passed by hand in an obviously genuine way. Then the fraudster steps in to change the details to those of the fraudster’s own bank account by sending their own email or making a phone call to the payer and make it look as if it was sent by the originator of the correct instructions. The payer is tricked into thinking nothing is wrong with this and accepts the new account details and sends the money, often in haste, to the that account – the fraudster’s account. This is the point at which the payer must be aware they can be duped.
The fraudster also tries to speed the transaction up because they want to receive the money and move it on quickly (launder it) so they can escape detection.
Payers Must Protect Themselves
It is at this stage that the payer of money must protect themselves since the bank won’t usually compensate the payer if they voluntarily decide to send the money to another account.
NOTE: On receipt of any communication advising a change of account the payer should contact the payee directly on a phone number out of the phone book or otherwise known to be published in the public domain, not one given in an email or one passed to them in a phone call (that could be the fraudsters own number). Don’t trust the clerk – speak directly to the solicitor/payee who you know and have dealt with before. Alternatively meet them in person.
Be Cautious When Paying
Whenever the money is actually sent electronically/digitally the payer should just send a small amount first, e.g. £1, €1, $1, and check it arrives in the payees account correctly. Again ask the payee not the clerk. The clerk could be the fraudster but at the end of the day if it hasn’t arrived at the correct account only a small sum will get lost. The payer must be able to trust that they have communicated with the payee.
When that small amount has arrived then the rest of the money can be sent. It is important to use the same channel as used for the smaller amount in order to complete a safe financial transaction. Remember the smaller amount was sent to test the channel.
Using On-line Banking
With online banking the payment details will normally be set up in a way where the payee’s details are saved so that they can be re-used to send further amounts. So when the first transaction has proved satisfactory the rest should be sent using the payment method already set up. That way account numbers don’t have to be re-entered. This avoids sending the larger amount to the wrong account merely by making a typo.
When using online banking keep all software up to date and consider using extra security measures on your PC/device such as IBM Security’s Trusteer Rapport. This compliments other antivirus/Internet Security software and is recommended by many banks.
Using Digital IDs (Digital Certificates) To Digitally Sign emails
Anyone embarking on email communication regarding expensive purchases, perhaps via a solicitor, should validate their own identity and secure their email, and require other parties to do the same. All parties should get email Digital Certificates and use email clients installed on their computers that can deploy Digital Certificates to add Digital Signatures to emails, e.g.
After two parties have set themselves up with Digital IDs they will be able to digitally sign the emails they send to each other, or anyone else, to prove those emails are from them alone. They will also be able to encrypt emails sent to each other. Then they can hide there bank account details from eaves droppers.
NOTE: emails can only be encrypted when the sender and recipient both have Digital IDs.
What Are Digital IDs (Digital Certificates)?
Digital IDs (Digital Certificates) are:
- an invisible coded string of data which is sent along with the email like an attachment.
- NOT anything to do with the visual text/images, that are refered to as a signature. A person may create and hold these in their email client to automatically include at the end of the email text. See this example below:
Please read my other post Using A Digital Signature With Outlook 2010 to learn how to deploy Digital Certificates (Digital IDs) when digitally signing emails or encrypting them (in Outlook 2010 specifically and thus Outlook generally.)
From The Telegraph: