Ben Zurawel secures 6 figure settlement for victim of fraudulent bank details email scam



“Mr G” had instructed his usual local conveyancing solicitors, “H & Co” in relation to the sale of his late mother’s house. A few days before completion (in early 2015), H & Co received an email from Mr G providing details of a new bank account at a different high street bank, to which H & Co were to transfer the proceeds of sale. H & Co replied, confirming the arrangement, and a few days later duly made an electronic transfer of the monies to the requested account.

Mr G, however, did not receive the funds. He had not sent the email. H & Co contacted the destination bank to find that the bulk of the monies had immediately been withdrawn by an unknown third party. It was suggested that Mr G had been the victim of fraud. However, Ben Zurawel and Laura Cavill of DLG Legal Services, acting for Mr G, were ultimately able to persuade H & Co’s insurers that in reality H & Co had been the victim of fraud whereas Mr G had been a victim of H & Co’s negligence.

This was an example of an increasingly prevalent form of fraud, typically targeting property conveyancing transactions. An unknown third party had opened a new bank account using fake details and then hacked the email accounts of both Mr G and H & Co so as to cause an email purportedly from Mr G to be sent to H & Co, stating that instead of using his account with “X” (the bank with whom Mr G did indeed have an account), he wished the proceeds of sale to be sent to the account opened by the third party at “Y” bank.

H & Co replied to Mr G, confirming where funds would be sent. This might have been enough for the scam to come to light, but that email itself was then intercepted by the hacker and the reference in an attached Word document to “Y” bank changed back to “X” bank, such that Mr G was under the impression that H & Co had simply confirmed that the monies would be sent to his normal bank account, the details of which H & Co held having acted for Mr G in previous conveyancing transactions.

The difficulty facing Mr G was that as far H & Co were concerned they had acted upon their client’s instructions, which they had confirmed with their client; as far as the police and the destination bank were concerned, it was H & Co, and not Mr G, that was the victim of the fraud – making it difficult for Mr G to obtain either information or adequate redress.

In the first place, Ben argued that the Solicitors Accounts Rules 2011 made H & Co strictly liable to account to Mr G for the missing money; alternatively that by acting upon the purported email from Mr G, H & Co had acted negligently and in breach of its retainer. H & Co ought to have been suspicious about the particular email in question (for example because it was unsolicited and not written in Mr G’s usual style); and in general it ought to have procedures in place that precluded relying upon bank details received by email (for example, it ought to have rung Mr G to confirm the arrangement).

After many anxious months for Mr G, H & Co’s indemnity insurers were persuaded that it was H & Co that was responsible for this scam succeeding, leading to a substantial settlement. 

This was just one example of an increasingly common kind of fraud, which newspapers have been reporting for over a year – see for example: Likewise, the Solicitors Regulatory Authority has for over a year been warning firms of the risk of such scams – see:

Firms of solicitors ought to have robust procedures in place to guard against such attacks: for example, checking bank account details against ‘Know your client’ / money-laundering information already held and only accepting notification of changes over the telephone after security questions have successfully been answered or by signed mandate accompanied by appropriate documentation. 

Firms should establish robust and secure means of communicating with their clients – for example protecting any documents attached to emails containing sensitive information with passwords. And firms should be on the look-out for tell-tale signs of fraud in relation to particular emails: for example, is the message unsolicited? Does it contain spelling or grammar mistakes that are uncharacteristic of the client? Is the message sent on the eve of a transaction? Does it refer only to other details that could have been obtained from previous emails?

In general, both firms and their clients must remember that email is a fundamentally insecure means of communication, that may have been sent by someone other than the purported author, that may be read by someone other than the intended recipient and that may contain attachments vulnerable to manipulation.

Further advice can be found here:

Ben Zurawel was instructed by DLG Legal Services on behalf of the claimant, Mr G.

Latest News & Events

Consultation Paper Seeks Reform of Limitation Law in Child Sexual Abuse Cases

The Ministry of Justice has released a consultation paper seeking views on potential reforms to the law of limitation in child sexual abuse cases in England and Wales. Under the current law, child sexual abuse cases in civil courts are subject to the same three-year…

The Dekagram: 20th May 2024

We trust that our readers have been enjoying the Spring sunshine; the team have spent their time in the sun wisely, reading cases so you don’t have to. First we noted a decision which considers the interplay between English and Scottish guardianship; secondly we read…

The Dekagram: 13th May 2024

Last week brought the news that the Australian airline Qantas and the Australian Competition and Consumer Commission have agreed to resolve their dispute over cancelled flights by asking the court to impose a $100 million fine, together with an undertaking by the airline to pay…

Subscribe to our mailing list

Deka Chambers: 5 Norwich Street, London EC4A 1DR

© Deka Chambers 2024


Portfolio Builder

Select the expertise that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)