Skip to main content
CybersecurityFinancial Fraud

payment diversion fraud: Must-Have Critical Alert

payment diversion fraud: Must-Have Critical Alert

“How do you know the bank details on that email really belong to your solicitor?” That simple question sits at the heart of an urgent warning from the National Crime Agency (NCA): house buyers in the United Kingdom are increasingly targeted by a form of business email compromise known as payment diversion fraud, with individual losses topping £80,000. The combination of high values, tight timelines and routine reliance on email makes property transactions a particularly attractive target for organised criminals.

Why property transactions are appealing to scammers
Property deals are time-sensitive and involve significant sums—deposits, stage payments and completion funds frequently run into six or seven figures. That pressure to move quickly creates opportunities for fraud. In recent months, the NCA has recorded cases in which attackers intercept or spoof communications between buyers and conveyancers, then provide fraudulent bank details that look legitimate. Buyers, anxious to complete, transfer funds to the wrong account; by the time anyone realises, the money has often been moved offshore or laundered through multiple accounts, making recovery difficult.

H2: Understanding payment diversion fraud and how it works
Payment diversion fraud has evolved from low-tech social engineering into sophisticated, targeted campaigns. Criminals use several methods to manipulate or impersonate legitimate parties:

– Compromised email accounts: Attackers break into solicitor or client accounts and alter payment instructions from within genuine threads.
– Lookalike domains and spoofing: Slightly altered email addresses or domains make fraudulent messages appear authentic at a glance.
– Interception and account takeover: Emails are intercepted en route or accounts are taken over to send revised bank details.
– Social engineering: Fraudsters exploit familiarity, urgency and the stress of transactions to prompt hurried transfers.

Because emails between solicitors and clients often contain real transaction specifics, a fraudulent amendment can seem plausible. The result is a devastating financial hit for individuals and cascading disruption across conveyancing chains.

Systemic risks and wider consequences
This is more than a private loss. When trust in solicitors’ communications is undermined, mortgage lenders, estate agents and other parties in the housing market feel the impact. Single fraudulent transfers can halt completions, frustrate entire chains, and expose firms to reputational and regulatory scrutiny. From a public-policy perspective, regulators and law enforcement must balance prevention, investigation and disruption while providing clearer routes to redress for victims.

Technical and procedural defences
Technologists and cyber specialists point to a mix of technical and procedural measures that can significantly reduce exposure:

– Email authentication: Implementing DMARC, DKIM and SPF helps reduce spoofing and domain-based impersonation.
– Multifactor authentication (MFA): Strong MFA on email and client accounts reduces the chance of account takeover.
– Secure client portals: Encrypted or authenticated portals for sending payment instructions eliminate the weaknesses of unprotected email.
– Anomaly detection: Banking and conveyancing platforms can use systems that flag unusual payment patterns or last-minute changes.

Equally important are clear professional procedures: requiring independent verification of payment details, freezing non-urgent transfers until confirmations are made, and training staff in cyber-hygiene.

Practical steps for buyers, sellers and conveyancers
The NCA and banking bodies recommend concrete, everyday actions to mitigate risk:

– Independently verify payment changes: Always call a previously verified phone number—never numbers supplied in the most recent email thread—to confirm new bank details.
– Use secure channels: Request encrypted or authenticated client portals from your conveyancer instead of relying solely on email.
– Treat last-minute changes as a red flag: Delay non-essential transfers and seek confirmation through alternate means.
– Ask about protections: Check whether your solicitor has anti-fraud procedures and professional indemnity coverage for such events.
– Report suspicious activity promptly: Notify local police and file reports with Action Fraud so incidents are logged and investigated quickly.

Why prevention remains challenging
From the attacker’s perspective, the calculation is simple: the cost of launching these schemes is relatively low while the potential payoff can be enormous. As long as email remains a weak link and financial processes rely on simple written instructions, fraudsters will continue to focus on property transactions. Even well-implemented precautions can fail if one participant in the chain is lax or unaware.

Conclusion: acting together to reduce payment diversion fraud
The NCA’s warning is stark but not fatalistic. By combining better technical controls, robust professional procedures and informed consumer behaviour, the risk of payment diversion fraud can be reduced—though not eliminated entirely. Stakeholders across the housing market must act swiftly and cohesively: conveyancers must harden their communications, lenders and estate agents must adopt stronger verification practices, and buyers must remain vigilant. If these steps are taken together, the conveyancing chain can become far more resilient; if not, isolated victims will continue to bear the cost of a shared problem.