The remortgaging couple were duped into transferring almost £50,000 pounds over three separate transactions to a fraudster who passed himself off as their broker, then instructed money transfers.
In a common scam, the conman cloned his email to look like that of the broker – using the same email address – and hijacked the conversation between the adviser and the client.
HL Partnership told Mortgage Solutions it had seen three separate cases of the fraud within its network of around 470 advisers.
The Worthing-based network has now made a number of changes to routine operations, including communications between advisers and their clients.
FOS ruled against HL Partnership
In the case taken to the FOS, clients complained HLP had not kept its data safe and secure, which allowed the fraud in the first place.
After the first transfer, the clients emailed their broker referencing the payment, but the adviser did not initially spot anything was amiss.
As part of their complaint, the couple said the adviser had not reacted quickly enough to their reference, which meant they were not stopped from making a further two payments to the fraudster.
In a final ruling, the ombudsman took the side of the complainants, referred to as Mr B and Miss S.
HLP were told to pay £20,000 – the amount the couple had lost and failed to recover from the scam.
The ombudsman didn’t pass judgement on the broker or HLP’s data or security systems.
But said the adviser should have picked up on the reference to the payment in the email, which included a screenshot of the transfer.
The FOS said had this happened, the clients would not have made the additional transfers worth £30,000.
HL argued the broker had been expecting bank statements from the clients and couldn’t see the screenshot.
Ombudsman Jeff Parrington said: “I don’t think an email referring to a bank transfer should reasonably have been mistaken for an email enclosing copy statements.”
He added “the only reasonable and prudent reply” would have been a message asking why Mr B and Miss S were trying to transfer money.
Parrington said the couple made the second and third transfer “because of the shortcoming in HLP’s response to them telling it they’d made the first transfer”.
He added: “This wasn’t a breach of duty with regard to data protection and security procedures; it was simple maladministration.”
Helping to prevent fraud
Following the spate of fraudsters targeting its broker clients, HLP has put in place measures to help protect its advisers and clients from scammers.
The network promotes the use of encryption when emailing personal data between clients and advisers to brokers.
This software can help prevent emails being intercepted and read by malicious third parties.
At the initial meeting with clients, brokers now give customers a leaflet on email scams, which has been produced by HLP.
A ‘Cyber Crime’ warning had also been added to the data protection statement provided to every customer and features on the suitability letters.
The warning specifically tells customers not to respond to emails asking for money. Clients are also told to call and validate any payment requests independently with their call.
HLP is also strongly encouraging broker firms to add the warning to their email footers.
The network has also issued a compliance update using the FOS complaint as a real case study, giving guidance on how brokers can avoid this situation themselves.
HLP compliance director Gavin Earnshaw told Mortgage Solutions the network introduced measures to help make sure this scam doesn’t happen again.
He said: “There’s been a proliferation of these scams and we’re aware a lot of money is being lost… We do believe the best solution is education and awareness.”
In most situations brokers wouldn’t be on the hook if customers fall for these scams, according to Earnshaw.
However, he said the recent tightening of data regulations does put more responsibility on adviser firms to protect clients from fraudsters.
He added: “Firms do have to accept responsibility for ensuring their customers are aware of these scams and also have responsibility for ensuring their systems are as protected as they can be.”