This website uses cookies

We use cookies to improve your experience on our website. If you continue without changing your settings, we'll assume that you are happy to accept all cookies on the CLC website. You can change your settings at any time.

Watch out for fraud and scams

7 May, 2020

Fraud is everywhere and conveyancing scams can hit people really hard as large sums of money are involved in housing transactions. Stephen Ward, director of strategy at the Council for Licensed Conveyancers, explains what to look out for and how to protect yourself

We must always be on our guard for online fraud, especially when transferring money to buy a home. Just recently a criminal gang of online fraudsters was jailed for ‘payment diversion fraud’ offences worth nearly £10 million.

The North West London Economic Crime Unit identified a total of 235 separate frauds committed between 2014 and 2019, and totalling £9.2 million.

The cyber criminals would intercept emails before sending spoof messages and tricking victims into paying funds into UK based ‘mule’ bank accounts controlled by the fraudsters. The police said the fraudsters were actively claiming to be a buyer’s conveyancers when conducting the attacks.

Fraudsters and scammers are becoming ever more sophisticated and their methods of targeting people more varied. Homebuyers and conveyancers have increasingly been targeted by criminals with scams which have left homebuyers at risk and out of pocket.

The conveyancing process is of particular interest to criminals due to the nature of the transactions, namely one-off and sizeable, and given the sums involved in conveyancing transactions, consumers can be hit particularly hard.

So, what are some of the most common scams we see that consumers should be aware of and how best should they protect themselves?

Phishing, pharming, vishing, and smishing

They may sound like outdoor countryside pursuits, but these are the names given to some of the most common styles of online fraud being seen at the moment.


In a typical phishing attack, scammers send fake emails to thousands of people and it’s currently one of the most common forms of online fraud.

Essentially, attackers are looking for victims to reveal personal data to them. They might try to trick you into sending money, steal your details to sell on, or download malicious software to your computer.

They could be trying to get your bank account or card details, phone number, or login details to certain websites. Their ultimate aim is to usually find a way to access your online bank account or e-wallet to give them the opportunity to withdraw funds to their own accounts.

How does it work?

These types of scams work on social engineering, emails will be sent out that play on the recipient’s emotions. Examples include suggesting you’ve won a large sum of money, sending out ‘time-limited’ too good to be true offers to products, or including attachments or hyperlinks which contain viruses.

Phishers are able to send emails imitating the ‘Mail From:’ line, adding a layer of seeming legitimacy to their fraudulent activity.

How can you protect yourself?

  • Only ever open emails you know to be from a reliable source.
  • Check very carefully sender addresses, they are often very similar to genuine ones, but will have a very small difference in spelling; and hover your mouse over the email address – that way you will see the real address it has been sent from not whatever address the scammer has spoofed.
  • Never send personal information over email.
  • Don’t open attachments or click on hyperlinks without double checking them first. In particular the file extensions .exe, .msi, .bat, .pif, .com, .vbs, .reg, and .zip extensions most commonly install malicious software.


Similar to phishing, but done via a phone call. Vishers (a combination of voice and phishing), will call often posing as a manager from your bank, building society or even the police.

Vishing uses verbal scams to trick people into doing things they believe are in their best interests. They may try and panic and frighten you into trusting them so you hand over your information without being able to think it through too much.

For example, they may say that large sums of money are currently being moved out of your bank account and they want to check that it is you. Obviously, it won’t be. They will reassure you that they can stop and reverse this instantly by confirming a few details with you such as name, address, password, bank account details etc.

This type of scammer is becoming increasingly sophisticated and the fraudsters can use technology to spoof any number to appear on the caller ID display on your phone such as your bank. They may also suggest, if you seem hesitant, that you hang up and call them back on a number they provide.

How can you protect yourself?

  • Never give out personal or financial information over the phone. Your bank, building society or credit card provider will never ask for you to provide full details and they will never ask for your full password.
  • Don’t panic and don’t believe what you’re being told, there will always be time to verify details. Hang up and call back on a number you know to be genuine. If possible, call them from a different phone line or from a mobile phone


Smishing is fishing for information via SMS (or text messages), and most commonly involves being sent a text message that contains a malicious link or instructs you to make a phone call to a specified number.

This has become one of the fastest growing personal security threats, as more people become wary of emails and so more diligent in checking attachments and links, but tend to trust text messages more.

Once again tricksters use social engineering to either panic or win people over, and like vishing they can mimic who the message is from, making them appear to be genuine. Messages will often claim to be from your bank asking you to text or call back, this often leads to extortionate charges being applied to your phone bill. They can also contain malicious links, or may ask you to reply, providing personal or financial details.

Indeed, criminals are now using the publicity around coronavirus as a chance to pose as a genuine organisation, including banks, police officers, government or health service providers. Often the criminals are pretending to offer help and guidance, or claim they are dealing with an issue as a result.

How can you protect yourself?

  • Never respond to a text providing personal details, even if it appears to be genuine.
  • Recognise threats of financial issues or offers that seem too good to be true, for what they really are.
  • If in doubt, call the correct number of the organisation or individual from whom the text claims to have been sent, to check its authenticity.
  • Remember that even if the text message seems to come from someone you trust, their number may have been hacked or spoofed.


Pharming is the re-direction of users to a fake website, impersonating a genuine one. Sophisticated scammers produce website replicas which can mirror image the genuine site, lulling internet users into a false sense of security. They can then use this fake website to steal personal or financial information or download malicious software onto your computer.

How can you protect yourself?

  • Always type in the address manually, avoid following links
  • Be aware for any details which make the website appear ‘off’; double check the address in the address bar after arriving at the site and make sure it’s spelled correctly, to see that it matches the site you should be on; and be alert if the website asks for information which it doesn’t normally
  • Check that the website has a lock icon in the address bar. This indicates that it is a secure website. Clicking on the lock should display an up to date security certificate and the address should start with the letters https.
  • Use security software to ensure the sites you visit are trustworthy

What other steps can consumers take to protect themselves?

Most conveyancing firms are actively engaging with clients to ensure that their data and monies are well protected. They may insist that bank details are only sent by post and will advise clients to ignore emails or phone calls that claim last minute changes of bank account details.

If you have any concerns you should contact your conveyancer directly by phone on a number you know to be genuine, or, if local, you may wish to visit the office in person.

Consumers can also check the validity of websites through secure schemes such as the CLC’s secure badge scheme. These types of safety measures significantly reduce the risk of impersonation online through cloned or copied websites. It also helps to identify fraudsters setting up fake firms. These types of safety measures work by installing a unique piece of code on the website which makes it impossible for fraudsters to copy.

If in doubt:

Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.

Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.

Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.


This article was first published in What Mortgage