1. The sender’s email address: What appears in the “from” line of an email may not be the sender’s actual email address. To check the actual address the email is from, hover over the “reply to” address with your mouse and the reply address should be shown. You could also start a reply to see where it will be sent to, but don’t send it!
2. Urgent language: Fraudulent mail often deploys urgent language, with headings like “Important account update” or “transaction suspended”. They may purport to be from a bank or building society warning you that your account has been compromised.
3. The request: Fraudsters will generally need you to perform an action before they can access your details. Therefore, it is commonplace for fraudulent emails to include a link for you to click to “reset your password”; “update your details” or “check your account”. NEVER CLICK a link in an email like this – your bank or solicitor will not send an email like this.
4. Bad spelling and grammar: Although it happens more often than they’d like, emails from professional companies don’t generally contain mistakes. Spelling errors, unusual or incorrect grammar, poor punctuation and missing/incorrect information should ring alarm bells.
5. If you are worried your email or bank account has been hacked, then log out of the email and open a new browser window to log into your account independently – better still pick up the phone.
What makes a cybercriminal or fraudulent email seem credible?
People are often targeted at random with mail claiming to be from a particular bank; don’t be caught out if this guesswork just happens to be correct and you do hold an account with that particular bank. Likewise, if your email account has been hacked, a determined fraudster could contact you by email or phone purporting to be any party in the transaction to draw out information from you, trading on one or two bits of relevant information or pretending to be someone who is genuinely involved in the transaction.
How do I know who to trust?
If you don’t recognise the name or acronym of a particular body or scheme, look them up. Many professional membership bodies will have listings or an online checker you can use to verify that your agent, lawyer, lender or surveyor really is accredited and hasn’t been disbarred or suspended. Online review sites can offer a guide, but remember these can be open to abuse so don’t take such recommendations as gospel.
Any other tips to help me prevent fraud?
What IT measures can help keep me safe?
Don’t click on links or give information away in an email, particularly about passwords or PINs. It is always advisable to change passwords regularly and to not use the same log-in details across multiple accounts. Where possible, use a strong password using a mixture of letters, cases, numbers and special characters. Never share them or write them down, and be careful who you copy in to your emails as you are potentially widening the exposure in the event that yours or their email account is compromised. Treat a property sale as the confidential business transaction it is, and never, ever share relevant or sensitive data – including addresses and exchange dates etc – via social media. Remember, a reputable business is unlikely to ask you to correspond with them at a webmail address such as @gmail.com or @yahoo.co.uk; they should have their own dedicated and secure mail server, such as firstname.lastname@example.org – if not, ask why not!
What should I do if I suspect fraud?
1. Report it directly to the company using a name or contact that you know to be correct.
2. If you think your account has been hacked then reset the password and delete non-essential correspondence, particularly from your “sent mail” folder.
3. Most email providers allow you to report suspect emails as junk or “phishing” scams easily online, while banks and building societies typically have whole teams to defend against fraud and cybercrime and will likely have a dedicated phishing@ or spam@ email address where you can forward suspicious emails to have them checked out – check their website to find the exact address. It’s much safer to incorrectly flag a genuine email as spam than trust a scammer and hand over sensitive information without verifying they are who they say they are.
4. Ask questions about and pay attention to relevant information which you’re given along the way about how to prevent fraud or identity theft. Estate agents, lawyers and financial organisations must all conform to stringent compliance legislation to this effect, which is designed to protect all parties involved.
Please note this is just a general guide to staying safe and secure online and in digital or phone communications during your property transaction. It is neither an exhaustive list of the sorts of techniques cyber criminals may use, nor a fail-safe defence against them. Remember, the best approach is always to build a trusted relationship with recognised and certified professionals, exercise caution and common sense throughout the process, and don’t be afraid to ask questions and query why you’re being asked to share information and with whom. If it doesn’t sound quite right, then it probably isn’t.