Property settlement payment scam results in a $732,000 loss
- Email communications between home buyer and settlement agent hacked
- Request for payment with false bank account details sent to buyer
- Loss brings 2022 total for payment redirection scams to more than a million dollars
A WA woman has reported to Consumer Protection losing about $732,000 after scammers intercepted email communications between her and her settlement agent in relation to the purchase of a Beaconsfield property.
Early in April 2022, the home buyer received an email with authentic-looking documents attached from whom she thought was her settlement agent asking that the money be deposited into a bank account prior to settlement. The message came via a generic Hotmail email address that used the agency’s name.
Before carrying out a final inspection of the property, the real settlement agent reminded the buyer about making the payment and it was then that the scam was uncovered.
The scammers had sent the buyer a fake email pretending to be the settlement agent, substituting the bank account details to one that they control. Earlier emails from the real settlement agent contained scam warnings to their clients.
Known as ‘payment redirection’ scams, these stings often target high value financial transactions such as real estate purchases and business contracts.
With this loss included, nine WA victims have reported losing a total of $1,015,129 so far this year to payment redirection scams with three victims involved in property transactions. In 2021, 37 victims reported losing a total of $1,013,278 with 8 victims and $168,000 in losses involved in property transactions. Only two victims recovered $287,407 of their losses.
Executive Director for Consumer Protection Trish Blake urges people to be suspicious of any email asking for a payment of money or advising of a change in bank account details to where payments are to be sent.
“These scams usually involve the hacking into someone’s email account or computer system but it can be difficult to determine exactly where the hack has occurred,” Ms Blake said.
“The hackers may have successfully guessed the password or installed spyware or malware on computers or laptops after recipients open attachments or click on links in scam emails.
“Choosing a difficult to guess password and changing them often can reduce the risk of being hacked, and not opening attachments or links in suspicious emails is essential in keeping computers secured. Businesses should warn their clients or contractors and train their staff to be scam aware.
“We suspect another exposure may be the use of unsecured WiFi connections either at home or in public places which may provide scammers with a window of opportunity to break in. Especially with many people working from home at the moment, they need to ensure that a secured network is being used and they have up to date virus protection software.
“The losses from these scams can be extremely devastating to the victims who may have lost their home deposit that they have been saving for many years and may not be able to buy the home of their dreams. Or it may be a business doing it tough that can least afford to lose such a large amount of money.”
Tips to protect against payment redirection scams:
- Verify the sender of emails requesting payments or changing bank account details by checking that the email address is genuine. This may involve opening the email and meticulously checking each letter, as often scammers will create an email address with just one character changed;
- Be particularly suspicious if the message comes via a generic email service provider such as gmail or Hotmail;
- Call the sender to confirm the authenticity of the request and the account details, using previously known contact numbers or independently find out with an internet search or go to their official website for contact information;
- It is vitally important not to use contact details contained in the email as they may be fake and put you in touch with the scammers;
- When responding to emails, use the forward button instead of reply and manually type the address or select it from your address book;
- If possible and especially if a large amount of money is involved, go to the trader’s store or office to personally verify the details before making payment;
- Consider setting up multi-factor authentication on all online accounts such as email, bank and social media. More information including how to set it up is available on the Australian Cyber Security Centre website.
Media Contact: Alan Hynd, (08) 6552 9248 / 0429 078 791 / email@example.com