Payment Diversion Fraud (PDF) has become one of the most devastating forms of cybercrime affecting the property market, with victims losing an average of £82,000 over the past year. The National Crime Agency (NCA), in partnership with The Law Society, has launched a new awareness campaign to combat this threat.

How the Fraud Works

PDF is a specialised form of Business Email Compromise targeting property transactions. The mechanics are deceptively simple yet devastatingly effective.

Criminals impersonate trusted entities in the conveyancing process—typically solicitors, conveyancers, or estate agents. At critical moments when large sums are about to be transferred, victims receive what appears to be legitimate communication providing "updated" bank account details. Trusting the apparent source, buyers transfer funds to what they believe is their solicitor's client account. In reality, the money flows directly to criminals, often disappearing within hours.

Fraudsters employ two primary methods:

Account Hijacking: Criminals compromise legitimate email accounts through phishing attacks, malware, or credential stuffing. Once inside, they monitor conversations and send fraudulent payment instructions that appear completely authentic.

Email Spoofing: Criminals create lookalike addresses that closely resemble legitimate ones (solicitor@lawfirm.co.uk becomes solicitor@lawfrim.co.uk). These subtle differences often go unnoticed when recipients focus on content rather than scrutinising the sender's address.

The Devastating Impact

Nick Sharp, deputy director fraud at the NCA's National Economic Crime Centre, emphasised the human cost: "Average losses when this happens during a property sale are more than £80,000. That is a life changing sum to lose for most people – but it also does enormous harm to the trust and faith that people place in the legal and financial systems that they rely on."

The £82,000 average represents years of careful saving destroyed in moments, forcing many victims permanently out of the property market whilst causing psychological trauma and relationship breakdowns.

Why Property Transactions Are Vulnerable

Several factors make property purchases attractive targets:

• Large sums involved: A single successful fraud can net criminals hundreds of thousands of pounds
• Time pressure: Tight completion deadlines lead to hasty decisions and reduced scrutiny
• Complex communication chains: Multiple parties create numerous opportunities for criminals to insert themselves
• Limited security: Many smaller law firms lack robust IT security resources
• Infrequent transactions: Buyers' unfamiliarity with the process makes it harder to recognise warning signs

Essential Protective Measures

For Solicitors and Conveyancers

Verify bank details directly: Instruct clients to confirm account details through separate communication channels (phone calls to known numbers) before transferring funds.

Implement strong security:

• Require strong, unique passwords for all accounts
• Enable multi-factor authentication on all email systems
• Deploy up-to-date antivirus protection
• Implement email authentication (SPF, DKIM, DMARC)
  
  

Establish verification procedures: At the start of conveyancing, agree on specific protocols for any payment instruction changes, such as code words or in-person confirmation requirements.

Educate clients proactively: Warn buyers about PDF risks before criminals strike, explaining how attacks work and what verification procedures will be used.

Avoid unsecured networks: Never access sensitive systems via public Wi-Fi.

For House Buyers

Always verify independently: Contact your solicitor using previously verified phone numbers (not numbers in suspicious emails) to confirm any payment instructions.

Use graduated payments: Transfer small amounts initially and confirm receipt before proceeding with larger sums. If criminals provided fraudulent details, the test payment will disappear, alerting you before major funds are transferred.

Scrutinise sender addresses carefully: Check every character in email addresses, not just the display name.

Limit social media disclosure: Avoid posting about property purchases or mortgages, as criminals monitor social media for targets.

Be suspicious of urgency: Fraudsters often create artificial time pressure. Legitimate solicitors understand the need for careful verification.

The Professional Responsibility

Sharp observed that "Solicitors and conveyancers are the first line of defence in protecting both themselves and their clients from becoming victims." This places significant responsibility on legal professionals to implement robust cybersecurity measures alongside their traditional legal duties.

For smaller firms with limited IT resources, this presents genuine challenges. However, the alternative—clients losing life-changing sums—is unacceptable both ethically and from a professional liability perspective.

Recovery Prospects

The harsh reality is that most PDF victims never recover their losses. By the time fraud is discovered, criminals have moved funds through multiple accounts across jurisdictions. Banks can sometimes freeze funds if notified within hours, but this window closes rapidly.

Professional indemnity insurance may cover losses if solicitor negligence is proven, though this can be difficult to establish. Most victims face abandoning their property purchase or securing additional funding at considerable hardship.

The Bottom Line

Payment Diversion Fraud succeeds because it exploits fundamental aspects of property transactions: large sums, tight deadlines, and inherent trust in legal professionals. With average losses of £82,000, the impact is catastrophic.

Protection requires vigilance from all parties. Solicitors must implement robust security measures and proactive client communication. Buyers must verify every payment instruction through independent channels, no matter how legitimate communications appear.

The inconvenience of verification procedures pales in comparison to losing one's life savings. In an era when criminals can convincingly impersonate trusted professionals, verification isn't paranoia—it's essential protection.

As the NCA's campaign emphasises, everyone involved in property transactions must recognise that payment instructions—particularly any changes to previously provided details—require careful scrutiny. Only through sustained awareness, robust security practices, and consistent verification procedures can we restore confidence in the safety of property transactions.

Protect Your Property Transaction from Fraud

Payment Diversion Fraud represents a serious threat to house buyers and legal professionals alike. At Altiatech, our cybersecurity experts help law firms and conveyancing practices implement robust security measures to protect clients from PDF and other cyber threats.

Secure your practice and protect your clients. Contact our team:

• Phone: +44 (0)330 332 5482
• Email: innovate@altiatech.com



Don't wait for a client to lose their life savings—implement proper security measures today.