Cyber-crime is a major international threat to global commerce and a real headache for banks, utilities firms, online retailers and the like – not to mention their customers. Given the large amounts of money involved, cyber-criminals are very keen to target property transactions.
Chestertons presents a list of FAQs which we hope will keep your personal and financial details safe and secure when conducting a house purchase or sale, or negotiating a tenancy agreement:
It is generally the later stages of a transaction that involve the exchange of sensitive details and, as a rule of thumb, the later the stage, the more sensitive the information you will need to share, generally culminating with an electronic transfer of funds. Cyber-criminals are aware of the timelines involved in buying and selling property or completing on a lease agreement and will ultimately be looking to intercept at the point that money is being transferred between parties. However, they could gain access to your email at any point during a transaction and then wait until funds are due to be transferred before trying to intercede, so it's best to remain alert throughout the entire process.
When simply searching on property sites, the opportunities for hackers are very limited, however, as soon as you start registering to receive details from websites and estate agents, you should be careful about how much information you share, especially if there is no pre-existing relationship with the firm that you're contacting. Remember to give just enough details for agents, surveyors or lenders to get in touch with you as required and understand your basic requirements. Do not give any bank details at this point.
Treat all communications via email, online forms or social media as potentially visible to hackers and fraudsters. If you want to talk about sensitive details including names, addresses, bank details etc, then it's probably best to pick up the phone or better still go into a branch where you can talk confidentially and there will be no electronic trail for criminals to expose or exploit.
A fraudulent email will, at first glance, often look exactly the same as an email that you would expect to receive, complete with official-looking headers or footers, long chunks of small-print or compliance statements about FSA regulation etc. However, there are a few things that you should look out for:
The sender's email address: What appears in the "from" line of an email may not be the sender's actual email address. To check the actual address the email is from, hover over the "reply to" address with your mouse and the reply address should be shown. You could also start a reply to see where it will be sent to, but don't send it!
Urgent language: Fraudulent mail often deploys urgent language, with headings like "Important account update" or "transaction suspended". They may purport to be from a bank or building society warning you that your account has been compromised.
The request: Fraudsters will generally need you to perform an action before they can access your details. Therefore, it is commonplace for fraudulent emails to include a link for you to click to "reset your password"; "update your details" or "check your account". NEVER CLICK a link in an email like this – your bank or solicitor will not send an email like this.
Bad spelling and grammar: Although it happens more often than they'd like, emails from professional companies don't generally contain mistakes. Spelling errors, unusual or incorrect grammar, poor punctuation and missing/incorrect information should ring alarm bells.
If you are worried your email or bank account has been hacked, then log out of the email and open a new browser window to log into your account independently – better still pick up the phone.
Some email scams are very sophisticated, and rely on using a few pieces of relevant information such as your name, address or financial details (many of which may be in the public domain) to win your confidence and to prevent your suspicion.
People are often targeted at random with mail claiming to be from a particular bank; don't be caught out if this guesswork just happens to be correct and you do hold an account with that particular bank. Likewise, if your email account has been hacked, a determined fraudster could contact you by email or phone purporting to be any party in the transaction to draw out information from you, trading on one or two bits of relevant information or pretending to be someone who is genuinely involved in the transaction.
Take the time to get to know the names of everyone involved in your transaction and, wherever possible, meet them in person and at their place of work. Then, if someone calls or emails pretending to be from or working on behalf of your solicitor, bank, estate agent or surveyor, you can ask for their name and if you've never heard of them then alarm bells should start to ring. Don't inadvertently give away relevant information, for instance by giving away the name of the person/people you have dealt with when querying an email or call. If in doubt don't reply to emails you weren't expecting or don't recognise, but directly contact the relevant person or firm to verify they are trying to get in touch.
Always check professional credentials when selecting who you will instruct to act on your behalf, and ask for personal recommendations or professional referrals if you don't have an agent, conveyancing solicitor or mortgage lender that you've used before.
If you don't recognise the name or acronym of a particular body or scheme, look them up. Many professional membership bodies will have listings or an online checker you can use to verify that your agent, lawyer, lender or surveyor really is accredited and hasn't been disbarred or suspended. Online review sites can offer a guide, but remember these can be open to abuse so don't take such recommendations as gospel.
Don't be afraid to query every communication you receive. Wherever possible give relevant sensitive information in person or via secure post, not over the phone (should the call be an unverified inbound call) or via email. Ask lots of questions up front – get to know the team you are working with by name, and agree a timeline so if an unsolicited email asking for a large cash transfer comes up out of the blue you'll know it probably isn't genuine. It's not always possible, but more secure to do the main key parts of the transaction in person and in branch.
Don't click on links or give information away in an email, particularly about passwords or PINs. It is always advisable to change passwords regularly and to not use the same log-in details across multiple accounts. Where possible, use a strong password using a mixture of letters, cases, numbers and special characters. Never share them or write them down, and be careful who you copy in to your emails as you are potentially widening the exposure in the event that yours or their email account is compromised. Treat a property sale as the confidential business transaction it is, and never, ever share relevant or sensitive data – including addresses and exchange dates etc – via social media. Remember, a reputable business is unlikely to ask you to correspond with them at a webmail address such as @gmail.com or @yahoo.co.uk; they should have their own dedicated and secure mail server, such as firstname.lastname@example.org – if not, ask why not!
Report it directly to the company using a name or contact that you know to be correct.
If you think your account has been hacked then reset the password and delete non-essential correspondence, particularly from your "sent mail" folder.
Most email providers allow you to report suspect emails as junk or "phishing" scams easily online, while banks and building societies typically have whole teams to defend against fraud and cybercrime and will likely have a dedicated phishing@ or spam@ email address where you can forward suspicious emails to have them checked out – check their website to find the exact address. It's much safer to incorrectly flag a genuine email as spam than trust a scammer and hand over sensitive information without verifying they are who they say they are.
Ask questions about and pay attention to relevant information which you're given along the way about how to prevent fraud or identity theft. Estate agents, lawyers and financial organisations must all conform to stringent compliance legislation to this effect, which is designed to protect all parties involved.
Please note this is just a general guide to staying safe and secure online and in digital or phone communications during your property transaction. It is neither an exhaustive list of the sorts of techniques cyber criminals may use, nor a fail-safe defence against them. Remember, the best approach is always to build a trusted relationship with recognised and certified professionals, exercise caution and common sense throughout the process, and don't be afraid to ask questions and query why you're being asked to share information and with whom. If it doesn't sound quite right, then it probably isn't.