A mother and daughter from Kent have told Telegraph Money of their horror at discovering they had been tricked into sending £113,665 to a criminal – instead of to a solicitor who was dealing with their home purchase.
The fraud was discovered only a fortnight ago and Nikki and Jill Douthwaite – along with their six cats and two dogs – are now living with friends.
They cannot buy the £182,000 Cambridgeshire bungalow they were expecting to move into.
Within days of their shocking discovery Britain’s payments watchdog – the Payment Systems Regulator – finally addressed the widespread problem of “transfer fraud” in a long-awaited report that set out tentative proposals to help victims such as the Douthwaites.
Barclays said the money was gone and that was that
But the proposals, which are unlikely to be mandatory or retrospective, were quickly condemned as being “too little, too late”.
Even if they were in force today it is unlikely they would assist in cases like the Douthwaites’, experts said.
Transfer fraud, which banks sometimes refer to as “push payment scams”, usually involve the victim being tricked either over the phone or through email interception into making payments to the accounts of criminals.
Because the victims authorised the payments, the banks involved claim no liability.
As much as £100m was lost through such fraud in the first half of this year, official figures show – and these pages have highlighted scores of cases where families’ finances have been blighted, often for life.
Among other reforms, Telegraph Money has been campaigning for banks that provide account services to fraudsters to take more responsibility for the losses of victims.
The Douthwaites’ case mirrored many others – but had an ironic twist in that they were alert to the risk of email interception and tried to check with their solicitor, Dollman & Pritchard, a firm in Caterham, Surrey, before sending the payment.
On September 19 they noticed an email purporting to be from the solicitor that appeared to have a slightly different address. Instead of ending “dollman.co.uk” it was “dollmen.co.uk”.
The “solicitor” from the secondary email address asked the Douthwaites to transfer a 10pc deposit into an alternative, Santander account.
Concerned, the Douthwaites responded to both email addresses to confirm the contact details and bank details were legitimate.
Nikki, 40, who crews on a boat, said Dollman & Pritchard verbally confirmed that it did have two email addresses and different bank details for the “Client Conveyancing Account”.
Satisfied, the Douthwaites transferred £18,200.
On September 23 they received an email requesting further funds be paid into an HSBC account in order to speed up completion.
They attempted to transfer £45,455 but this was blocked by their bank Barclays.
Jill, 64, received a call from Barclays’ fraud department querying the payment – and so she paid the sum into the Santander account as before.
A few days later, following further email exchanges with the “solicitor”, the remaining £50,000 was transferred to the Santander account, totalling £113,655.
It was only on October 25 that Jill spoke to the solicitor to find out when they would be completing. He told her he had received just £1,000 – an initial payment made in August.
They contacted Barclays immediately, as well as Action Fraud – the fraud and cybercrime reporting service – and the police in Bromley.
“Barclays said the money was gone and that was that,” said Nikki.
“We received a letter dated October 26 which meant they had closed the case in 24 hours.”
Having lost all their savings, Nikki and Jill are now lodging with friends.
“It’s been a living nightmare. We did everything we could to check with the firm that the details we had were correct and they reassured us they were,” said Nikki.
“It’s everything we’ve worked for. We’re in devastation.”
Other cases similar to the Douthwaites’ include that of Agi Gamski.
Her bank, NatWest, refused to refund the £73,759 paid to a fake supplier after her company’s email system was hacked – as the payment was authorised.
She argued that if the bank had cross-checked the name of the payee and the account details, the money would not have been lost.
One of the worst cases of a bank not co-operating involved victim Ellen Wright. She was tricked into transferring more than £137,000 to a fake solicitor, but when she called her bank, First Direct, to report the crime she was told “the fraud team has gone home”.
Former Metropolitan Police detective Suzanne Raftery, who is now head of investigations at Requite Solutions, which works to recover assets for fraud victims, said Santander has “many questions to answer” for enabling the fraud.
She said: “Where have the funds gone? What was the genuine account name? Questions need to be asked concerning the type of account that received and dispersed these funds. Has the account holder been spoken to?
"If the funds were not withdrawn in cash where have they been transferred to, and has a report been completed ready to pass to the police for investigation?”
Victims of push payment fraud, like the Douthwaites, can apply to the High Court for an order to the third-party bank to reveal details about the fraudulent account, such as who opened it.
But Arun Chauhan, director of Tenet Compliance & Litigation, a law firm providing advice on financial crime compliance, said this might not change anything as the fraudster may be abroad and using a “mule account”.
In some cases these are bought from legitimate account holders for cash. Mr Chauhan said they could take the information back to Santander in an attempt to prove it didn’t follow strict processes. However there is still no guarantee it will pay out.
Both Mr Chauhan and Ms Raftery also said the solicitor may also be liable if they are found to be negligent.
The first course of action is to find out if its systems were breached – and if the firm did enough to protect its clients.
Ms Raftery said: “Emailing bank details gives cyber criminals the information as to when the exchanges are taking place.
"This should not be done. Most email is not secure and a lot of solicitors’ firms are using antiquated IT systems.”
Santander refused to answer Telegraph Money’s questions, because of data protection, except to say that by the time it was notified of the fraud the money had “been moved on”.
Barclays said it flagged one of the payments as suspicious and suggested Jill contact the solicitor to confirm the new details.
Dollman & Pritchard denied having an email address ending "dollmen.co.uk" and a Santander account and said it did not communicate anything to the contrary to the Douthwaites.
It said it did not receive the email sent by Jill asking for confirmation of the new email address and bank details. It said it has "subsequently discovered the said email was diverted by the fraudsters" and as such was not seen.
The spokesman added it was “inappropriate to discuss security procedures”.
Have you been the victim of a scam and have evidence the bank was at fault? Email firstname.lastname@example.org