With commercial property transactions, where there may be a whole team working on each side, the risk is perhaps greater: more people to unwittingly disclose information.
The following steps can help to stop you or your organisation becoming a victim of cyber crime:
These materials and content have been prepared for the benefit of their viewers/readers. They are intended for marketing purposes only and are of a general nature and do not constitute legal advice applicable to any particular facts or circumstances. Kidd Rapinet LLP and/or the author(s) accept no duty of care, responsibility or liability for any loss or damage which you or any third party may suffer as a result of any reliance or use by you or they of these marketing materials and content, except to the extent it is not legally possible to exclude such liability. If you require legal advice on your own situation, please contact us so we can discuss how we may assist.
- Put in place anti-cyber crime policies and procedures, and ensure all staff are trained in them. In particular, restrict the disclosure of bank account details and limit the number of people able to authorise bank account payments/transfers.
- Ensure your IT systems are protected by security software and keep it updated. Use encrypted emails and password protected portals. Ask colleagues to change their IT passwords frequently (some systems can be set so as to require users to do this).
- Resist the temptation to announce future property transactions online (via social media or your website), for example that you will be moving to a new office building or taking on more premises. Wait until after the transaction has completed.
- Avoid communicating sensitive information like bank account details by email, as it could be intercepted by hackers. Do so in person, by secure letter, or by telephone if you know the person you are talking to.
- If someone you do not recognise calls to discuss the transaction, tell them you will call back. Then try to figure out whether they are genuine e.g. if they say they are from one of the organisations involved, contact someone you know there to check.
- Train your colleagues to recognise fraudulent emails:
a. Check the sender’s address by clicking the “reply” option (but do not reply). It might turn out to be different from the address that appears in the “from” box. A business email address usually incorporates the business name. Be suspicious if the address is from a free email account provider like hotmail, gmail, yahoo.
b. Be wary of emails that urge you to take immediate action and warn of negative consequences if you do not, such as the sale/lease falling through.
c. Be wary of emails that ask you to do something like click on a link or enter information, as doing this may enable the fraudster to access your email account.
d. Look out for poor spelling and grammar which may indicate a fraudulent email.
- Beware of instructions you receive to change bank account or payment details. In one case, fraudsters posing as solicitors acting in a transaction stole funds by claiming that their main bank account was being audited, and completion monies should be sent to a new account.
- If you become suspicious that your organisation may be the target of cyber criminals, alert your colleagues, those acting for you in the transaction and those on the other side. If there is no innocent explanation for the suspicious behaviour, contact the police.