9 September 2020 

Protect your business and clients from scammers

Payment diversion fraud scams cost businesses nationwide a staggering $132 million last year, according to the Australian Competition & Consumer Commission’s (ACCC) Targeting Scams report. Across the country, there has been a marked increase in these interception scams, where an email account is hacked and the fraudster enters a conversation between a payer and payee and redirects money to a different account.

In Western Australia almost $1.4 million was lost to payment diversion scams in 2019 according to WA ScamNet. Here in Western Australia, as a result of Consumer Protection working closely with the real estate industry, losses in these payment scams were small compared to the national total, at $1.4 million. However, the risk is still real, and WA ScamNet continue to target interception frauds, encouraging agents to keep watchful and report any attempts to hack into their systems.

To prevent these costly frauds it’s important to have strong and secure systems and overlapping processes in place for verifying and paying accounts. As real estate agents must exercise due care, diligence and skill when acting for clients, it’s their responsibility to make sure they also have up-to-date anti-virus and anti-spyware software.

Avoid being scammed

Real estate agents need to beware and stay vigilant to prevent cyber-attacks. Property scams often start with buyers who want to pay a deposit receiving an email they believe is from their real estate agent. Instead, it’s from a scammer who has hacked into the agent's email account. New bank details are provided for the buyer, duping them into paying into the fraudster's account. By the time the buyer realises the funds have not landed in the real estate agent’s trust account, their money has disappeared into a scammer’s hands.

As real estate agents hold funds in trust it is vital they establish a series of secure measures that work together to protect their business:

Real estate agents should:

• Tell clients to contact their office either in person or by telephone if they receive an email advising them to pay into a different bank account, even if it comes from the same email address; 
• Protect email accounts using a two-step verification process, which makes it more difficult for someone else to sign into the account;
• Back up their business data offsite and offline; and
• Train their staff to recognise scams.

Ransomware attacks

Agents also need to watch out for attacks from cyber criminals who infiltrate and lock down computer systems and then demand a ransom to have the system unlocked. A recent local case highlights the serious nature of these attacks.

All businesses should regularly review and update their cyber security so that they have the latest anti-virus software and firewalls to guard against malware. Staff should not automatically open attachments or click on links in emails, especially if the sender is unknown. Even when senders are known, staff should take care as accounts may have been hacked.

Be proactive and stay informed

There are a number of online resources available to help you safeguard your business from cyber-attacks and online hacking frauds. Subscribe to the following scam alert sites to keep you informed:

• Consumer Protection’s WA ScamNet offers scam reporting, information and tips for prevention.
• The Federal Government provides advice for businesses and consumers about how to reduce the potential risks involved in doing things online.  

​

For further information contact 1300 304 054 or email consumer@dmirs.wa.gov.au

​