Email interception scams – beware

This article https://www.theguardian.com/money/2017/oct/21/couple-lose-120000-email-hacking-fraud-legal-sector tells the store of a couple who lost £120,000 after they relied on banking details in an email which appeared to be from their solicitors. In fact, their solicitors’ email was a fake, and the couple had sent a tax payment to the bank account of a fraudster. The Guardian reports the couple may never get their money back.

The most important lesson from the story is not ever to trust banking details received in emails. Emails can easily be faked today, though the technology to defeat this has been available for some time. Always confirm bank details through a trusted channel, for example face to face with the intended recipient or in a phone call with someone whose identity you know for sure.

Email non-repudiation technology, which can confirm reliably that the sender is who they say they are, is widely available and proven. It hasn’t gained widespread acceptance because the big technology companies most of us rely on haven’t adopted it and rolled it out. If Apple, Google and Microsoft decided to implement it by default (as we have for many years with SSL / TLS encryption on websites) it would become normal very quickly, and the risk of this sort of crime would fall as a result.

Secure bank transfers would also be quite simple to implement – banks don’t today verify that the recipient’s name on a bank transfer is the same as that of the account the money is destined for. Given that banks have high ‘know your customer’ standards for opening an account, this simple check would reduce the risk considerably. If the transfer says ‘Steed & Steed Solicitors’ and the account is in the name of ‘Graceak Ltd’ it could (and should be returned to sender.

Ultimately, blockchain technologies offer considerable benefits in money transmission for businesses and customers. Traceability of transactions (because of the open ledger technologies used), coupled with strong cryptographic identification of sender and recipient, and robust delivery mechanisms, would greatly reduce the risk we all take when we send money through digital channels.