The implications of recent payment instruction frauds, essential lessons to be learned from them, and steps that need to be taken to reduce the risk and impact of a fraud of this type

Transactions and client money handled by solicitors continue to be targeted by criminals. Almost every day, the team at Marsh is made aware of attempted frauds and scams which firms have detected and successfully thwarted. Currently, most of these adopt the same format – an email purporting to be from a client/colleague/supplier with bank account information for a direct transfer paying over free proceeds of sale, paying out entitlement in an executry estate or paying an invoice.

Most of these fraudulent payment instruction emails have two common features which are relevant to the subject of this article:

  • the emails are meticulously worded so as to mimic the language, layout and “look and feel” of a genuine email;
  • they are perfectly timed so as to be received at a point when payment instructions were awaited/expected by the solicitor.

These emails and their timing are designed to be utterly convincing so as to cause recipients to assume the emails are genuine. If such emails are acted on, fraudsters succeed in eliciting payment into bank accounts in their names or under their control. The fraudsters’ timing may be such that the funds have been transferred and withdrawn from destination accounts before the banks and police have been alerted in time to put a stop on the transfer.

From the most recent experience of these frauds, there are three crucial lessons to be learned:

  • don’t conclude that one of these emails is genuine merely because it looks genuine;
  • when taking steps to verify the genuineness of such email instructions, make sure the steps you take are actually effective;
  • in the worst-case scenario, if you do fall victim to a payment instruction fraud, ensure that you take action to activate your firm’s response plan immediately.

Let’s consider two scenarios.

Scenario 1: the plausible email

A rural firm acted for a client who was downsizing and purchasing a smaller property in a steading development. There were substantial free proceeds of sale due to the client after paying off a modest mortgage and deducting the firm’s fees and outlays.

A week before settlement, the solicitor handling both transactions received an email from the client with instructions for the direct transfer to his bank account of the free proceeds. There had been a great deal of email traffic between solicitor and client throughout the transactions and the solicitor was well used to the client’s very businesslike, but very clear, style of communication.

A few days later, the sale concluded on schedule. The client had already moved into his new property and was on holiday at the time the house sale concluded and, as arranged in advance, the solicitor sent an email to the client to confirm that everything had been concluded satisfactorily.

In response to the solicitor’s email, the client emailed back with a brief thank you and a request that the free proceeds be sent instead to a different bank account. The solicitor recognised the customary brevity in the client’s email, amended the bank transfer instruction and submitted it to the firm’s cashroom.

Early the following week, the client was in touch with the solicitor asking why the free proceeds hadn’t been transferred into his bank account. It then emerged that the client had sent no email response on the day of settlement and had not changed his original bank transfer instructions. By this time, there was no longer any prospect of putting a stop on the funds. When asked why he hadn’t queried the change of instructions and contacted the client for confirmation, the solicitor protested that:

  • the email with the amended instruction seemed completely genuine, down to the form of words the client always used;
  • he hadn’t wanted to trouble the client while he was on holiday;
  • he’d read all the fraud warnings but had never imagined that a rural firm would ever be targeted.

Risk management points

The sophistication of these frauds is such that it is not safe to assume that an email which seems genuine is actually genuine. Criminals have the ability to mimic convincingly the language used by clients, other firms, suppliers and even colleagues. They can send emails that appear to come from genuine email addresses. In other words, there may be no effective way of distinguishing a fraudulent email from the real thing.

All of this means that either:

  • payment instructions/bank details need to be elicited and hard-coded into the terms of the firm’s engagement at the start of the relationship/engagement; or otherwise
  • effective steps need to be taken to verify with the client, by means other than email, that bank details/payment instructions are genuine/correct. As the next scenario demonstrates, you need to be careful in how you go about obtaining such verification.

Scenario 2: the false phone call

Again, this concerned a house sale. In this case, the solicitors had obtained instructions from the clients, a married couple, regarding payment of the free proceeds of sale into the couple’s joint account. The firm had seen evidence of the bank account at the initial meeting with the clients, and the payment instructions and bank details were recorded in the engagement documentation.

Again, there was a change in payment instructions on the day of settlement – an email from the husband explained that the couple were going to be moving banks and had already set up a new account. With apologies for the late change of instructions, the email asked that the free proceeds be transferred to that new account.

In accordance with the firm’s standard approach, the assistant called the clients to confirm this instruction. Getting no reply initially, she tried twice more, unsuccessfully, before leaving the office at lunchtime for a week’s holiday.

The assistant left the file with a trainee, stressing that the revised payment instruction needed to be confirmed by telephone before the cashroom could action the bank transfer instruction, which she prepared and left with the cashroom before leaving the office.

No sooner had the assistant left, than there was a call from the client to confirm the email instruction. The trainee took the call, made a note for the file, marked up the transaction checklist and gave the go-ahead to the cashroom to proceed with the bank transfer.

It only became apparent that the email and the phone call were part of a fraud when, after noticing that they had missed three calls from the assistant, the genuine clients contacted the firm. The trainee immediately alerted the client partner and the cashroom. As the firm’s bank was alerted so promptly, it was possible to put a stop on the funds transfer.

Risk management points

The fee earner in this scenario did not act on the email alone and did take steps to verify the revised payment instructions and bank details received by email, in line with the practice’s policy, but the telephone conversation in this case was ineffective.

  • For a telephone call to be effective in providing satisfactory verification of instructions or revised instructions received by email, it needs to be a call made to the client.
  • If you do fall victim to a payment instruction fraud, ensure that you do what is required to activate your firm’s response plan (alerting the bank and other relevant parties) without delay – time is of the essence.

Nada Jardaneh and Marsh

Nada Jardaneh is a former solicitor in private practice, who works in the Finpro (Financial and Professional Risks) National Practice at Marsh, a global leader in insurance broking and risk management.

The information contained in this article provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisers regarding specific coverage issues.

Marsh Ltd is authorised and regulated by the Financial Conduct Authority.

The Marsh website for Scottish solicitors ( has a dedicated section on frauds and scams. As well as eLearning modules and other training materials, the website content includes reference materials including themed articles and risk alerts.

If you need a reminder of your firm’s login details, please email

Share this article
Add To Favorites