20 November 2019

Recently a scammer posed as a settlement agent and managed to convince two clients of a settlement agent to transfer $48,000 and $22,000 respectively to the scammer’s bank account on two separate occasions. Whilst the latest incidents being investigated relate to the settlement industry, in the past similar scams have been perpetrated in the real estate industry where the scammers have been able to intercept emails from either the client or the agent to gain knowledge of property transactions, contact information and been able to infiltrate and intercept emails between the parties.  

Often matters have been further complicated by the use of generic mail services such as Yahoo. Any business conducting property transactions has a responsibility to establish secure practices based on the knowledge that criminals are actively trying to intercept communications and financial transactions for their own financial gain.

Email is so common and convenient that it is easy to get complacent about the security risks involved. However, there are some simple steps you can take to help manage the risk:

• Always use a business grade, hosted email service that includes quality filtering to block dangerous emails, spam, phishing and malicious content or attachments.
• When responding to emails, use the forward button instead of reply, and manually type or select the address from your address book. This will help you make sure you’re communicating with the right person.
• If an attachment comes in an unusual format like .zip or the email asks you to follow a link to a file hosting site, this should be a red flag. If the apparent sender is known to you, call them and double check that the email and attachment actually come from them.
• Make sure that your computer software is up to date and that you have installed security software, such as anti-virus and firewalls on your electronic devices. 
• Only use a secure internet connection and secure your Wi-Fi.
• Invest in a security awareness training for yourself and your staff.

Warn your clients about the potential for a scam attack and advise them of the following:

• If they receive a request by email to change your bank account details, they should contact your agency and question the validity of the request.
• They should use the phone contact details previously provided to them directly by you, to verify any changes with you. They should not reply to emails that request money be forwarded to different accounts as they may be communicating with the scammers.
• They should satisfy themselves that their virus protection is up to date and their email account details are not compromised before using home email to discuss transactions.

There are a number of online resources available to help you safeguard your data and processes. The following government sites offer scam alert subscriptions to keep you informed:

• Consumer Protection’s WA ScamNet site offers scam reporting, information and tips for prevention.
• The Federal Government’s StaySmartOnline site* contains advice for businesses and consumers; and 
• ACCC’s ScamWatch site identifies types of scams and where to get help.

If you or your business has been targeted report the matter to Consumer Protection as well as WA ScamNet.  This provides the opportunity to get good advice about how to protect yourself and your clients and for Consumer Protection to use the intelligence for future warnings to industry. 

*Update: StaySmartOnline is migrating to the Australian Cyber Security Centre's website www.cyber.gov.au.