News

Photo of William Clerk discusses Friday Frauds in Fraud Intelligence

William Clerk discusses Friday Frauds in Fraud Intelligence

Date: December 11, 2017

Black Friday

Friday Fraud – a variation of CEO Fraud that targets lawyers – was recently described by The Law Society as the “biggest cybercrime afflicting the legal sector”. William Clerk, barrister at 2 Temple Gardens, explains how the scam is perpetrated and what victims’ speedy response should be.

There has been a recent epidemic of frauds, referred to as authorised push payment (“APP”) scams, which consists of tricking people into sending money directly to a fraudster.  Victims may be consumers or professionals acting in the course of business.

One of the most common forms of APP scam is the so-called “Friday Fraud”, whereby solicitors are enticed into sending their client’s funds to a fraudster’s account rather than to the client’s account (what the FCA terms a “maliciously misdirected payment”).

Given the sums at stake, there has been a corresponding increase in associated litigation to trace and recover the misappropriated funds from the fraudsters. This article will explore (a) the modus operandi of the fraud, and (b) appropriate responses to it.

The modus operandi of Friday Frauds

The name “Friday Fraud” comes from the modus operandi used by the fraudsters – who most commonly entice payments to be made to them on a Friday, so that the client is unable to report the missing funds to their solicitor over the weekend. This buys the fraudsters time to spirit away the funds (often out of the country).

In a Friday Fraud, fraudsters typically target conveyancing completion sums (i.e. the net proceeds of sale of property sold with the assistance of conveyancing solicitors).  Consequently, the sums at stake can be huge.

There are countless variations of Friday Frauds, but most rely on some form of email interception, and can be broken down into 3 basic stages.

Stage 1:

A client’s property has been sold and the solicitors have received the completion sums from the purchaser into their client account.  The solicitors deduct any professional or other fees, and request details from their client for payment of the net sale proceeds – this request is sent by email, a key weakness exploited by fraudsters.

The fraudster intercepts this email either (a) before it reaches the recipient (i.e. client) email account (possibly by intercepting the email in the solicitor’s email outbox); or (b) once it has reached the recipient’s email account, but before it is read (it can then immediately be deleted thereby avoiding a bona fide response being generated which would frustrate the fraud).

Stage 2:

The fraudster then replies to the solicitor’s email with a separate email providing details of the fraudster’s bank account for payment of the completion sums. This email is sent in such a way that it appears to have come from the client.

This can either be achieved by using a stooge email address that is very similar to the bona fide email address, but with a subtle change that may be overlooked: i.e. cl1ent@gmail.com rather than client@gmail.com; or by masking the real email address in the relevant header data so that the email appears to have come from the bona fide address. Fraudsters may also hack into the client’s email account and take control of it

Stage 3:

The final stage is for the solicitor to transfer the client’s funds from its client account to the fraudster’s account.

At this stage, both the solicitors and their client will be blissfully unaware that there is anything untoward. The solicitors will be labouring under the misapprehension that the sums have been validly transferred into their client’s account. The client will, at least initially, be unaware that any transfer has taken place (it is common for any confirmatory email sent by the solicitors to also be intercepted by the fraudster).

Stage 3 is designed to occur on a Friday, thereby buying the fraudsters time to dissipate the funds over the weekend and before the client can contact their solicitors on Monday to confirm whether any expected payment was made. Typically, the fraud will only come to light on Monday morning.

Efficient and appropriate responses

Where solicitors and their clients are concerned, clients will rarely be out of pocket: pursuant to rule 7.1 of the SRA Account Rules 2011, a solicitor is obliged to replace improperly withdrawn funds from its client account immediately on discovery of the same.

Avoiding conflict of interest

Of course, the corollary is that solicitors will be out of pocket as the onus is then on the solicitors (invariably via their insurers) to pursue the fraudsters and recover the funds. At this point, there will be issues of coverage and recovery to consider, and care should be taken not to conflate the two. Where an insurer brings a subrogated action for recovery of its insured solicitor’s loss, there is a clear conflict of interest between the insurer and the insured solicitor if coverage is being considered. Separate legal teams must consider the questions of coverage on one hand, and recovery on the other.

Communications with the banks

The first stage is to contact the solicitor’s bank and also the fraudster payee’s bank. This is commonly termed the “first layer account”, as the fraudster will invariably immediately transfer funds from this account into multiple other accounts (“the second layer accounts”).  Each subsequent transfer is into a different “layer” of accounts.

At present, there is no contingent reimbursement obligation upon the fraudster payee’s bank. If it is not possible to trace and recover the misappropriated funds, the bank has no regulatory obligation to reimburse the innocent payer. The FCA has recommended that “such a model has strong merit” and is investigating this further. Practitioners should keep a close eye on this area for future reform, with the FCA suggesting a deadline of September 2018.

Nevertheless, once the fraudster payee’s bank is contacted and put on notice that its customer has received misappropriated funds, this will engage the duties under inter alia the Payment Services Regulations 2009, the Money Laundering Regulations 2007, the Proceeds of Crime Act 2000 and the FCA Handbook. Furthermore, a bank will not be obliged to exercise a payment instruction from its customer where it is on notice that the customer or its agent is misappropriating funds[1].

As a result, the recipient bank will be able to freeze the fraudster’s account, if noticed of the fraud. If, following its investigation, the recipient bank determines that some of the misappropriated funds remain in the relevant account, it will return the disputed amount to the sending bank (subject to an indemnity provided by the sending bank to protect the receiving bank from any claim brought by its account holder).

Urgent applications to court for interim injunctive relief

  • Norwich Pharmacal relief

In a case of high value, legal proceedings should be immediately and simultaneously commenced with the communication with the bank to recover the misappropriated funds, and urgent injunctive relief should be sought.

The starting point will be an application for Norwich Pharmacal Relief[2] in the form of a Bankers Trust order[3] against the fraudster’s first layer bank. This order will compel the bank to disclose the identity of the account holder and associated information.

In order to obtain this Norwich Pharmacal relief, an applicant must satisfy three conditions, summarised in Mitsui v. Nexen Petroleum[4] by Lightman J. It must show that (a) a wrong has arguably been carried out; (b) there is a need for the order to enable action against the wrongdoer; and (c) the person against whom the order is sought is mixed up in the wrongdoing and able to provide the information necessary. The applicant must then establish that the court should exercise its discretion to grant the order sought, addressing the considerations set out by Lord Kerr in the Rugby Football Union v. Consolidated Information Services Ltd[5] Supreme Court judgement.

In an appropriate case, the applicant may wish to return to the court to seek further Norwich Pharmacal orders in respect of the second (and other) layer accounts.

  • Freezing Order

Once the identity of the fraudster (or at least the holder of the recipient bank account) is established, the victim may apply for a freezing order against him. It must show (a) a good arguable case on a substantive claim against the fraudster[6]; (b) the existence of assets to be frozen; (c) a real risk of dissipation (evidence of dishonesty is usually enough to establish this[7]); and (d) that it is just and convenient to make the order sought[8].

In addition to freezing the fraudster’s assets  (not limited to the funds within the recipient bank account), the standard form of freezing order will also generally require the fraudster to reveal what assets they have. This may lead to a swift capitulation and conclusion of the case.

  • Proprietary Injunction

The victims may also wish to apply for a proprietary injunction, to assert that the assets held by the fraudster (in the recipient bank account) are in fact their property[9]. In the case of a Friday Fraud, the proprietary interest in the legal and beneficial interest in the misappropriated funds is vested in the solicitor’s client (and not the solicitor), and thus the client must bring any claim for proprietary relief.

Substantive proceedings

Finally, the victim will need to bring substantive proceedings against the fraudster.  From the outset of these, care should be taken to consider enforcement of any judgment obtained – there is little point and much wasted expense, particularly in the age of increased court fees, in obtaining the pyrrhic victory of an unenforceable judgment.

APP scams, of which Friday Frauds are one example, are becoming more commonplace. The appropriate responses to them will vary depending on the facts of each case, but will typically include the use of appropriate urgent injunctive relief. The key factor for such frauds is always speed of response – any delay will be fatal to recovery.

[1] Barclays Bank plc v. Quincecare Ltd [1992] 2 All ER 363

[2] Norwich Pharmacal v. Customs and Excise Commissioners [1974] AC 133

[3] Bankers Trust v. Shapira [1980] 1 WLR 1274

[4]  [2005] 3 All ER 511

[5] [2013] 1 All ER 928 at [17]

[6] The Niedersachsen [1983] 1 WLR 1412

[7] VTB Capital Plc v. Nutritek International Corp [2012] EWCA Civ 808

[8] Charles Russell v. Rehman [2010] EWHC 202 (Ch) as per Roth J

[9] Madoff Securities International Ltd v. Raven [2011] EWHC 3012 (Comm)

William Clerk, Barrister at 2 Temple Gardens.

This article was originally published in Fraud Intelligence, and can be accessed here behind a paywall.

Back