19 August 2016

Consumer Protection recently issued a warning to all organisations in WA about ‘man in the middle scams’.

A ‘man in the middle’ attack occurs when a decision-maker in the business or a fake 'supplier' of services or goods, contacts the organisation to provide new bank account details in order to poach account payments.

Your agency could receive phishing phone calls, or emails with links that put spying software on computers, in preparation for the scammers to attack. 

Scammers may then pose as the licensee of the agency, having ascertained via phone and email phishing that he or she is away. Emails that look like they are from the director ask the finance officer to organise for payment to a believable supplier, with the only change to the normal invoice being to the bank account details.

Alternatively, the scammers may pose as a third party supplier, but provide new bank account details for payment of money owed.

Avoid being scammed by urging staff to check any unusual requests from suppliers and to use the known contact details they have on file or have verified from the supplier’s website. Also run a virus scan on any computer that has received a suspicious email.

The media statement WA organisations lose $500,000 to ‘man in the middle scams’ contains further details, with local case studies and prevention tips also available from WA ScamNet.

Finally:

• Successful fraud attempts should be reported to WA Police Major Fraud Squad on 131 444 as soon as possible. 
• Make sure you alert the genuine supplier and your staff regarding the attempted fraud.
• WA organisations targeted unsuccessfully can report the matter to WA ScamNet so the intelligence can be considered for future warnings. WA ScamNet may also refer details to the police.