9 September 2020

Protect your business and clients from scammers

Payment diversion fraud scams cost businesses nationwide a staggering $132 million last year, according to the Australian Competition & Consumer Commission’s (ACCC) Targeting Scams report. Across the country there  has been a marked increase in these interception scams, where an email account is hacked and the fraudster enters a conversation between a payer and payee and redirects money to a different account.

Here in Western Australia, as a result of Consumer Protection working closely with the real estate and settlement industry, losses in these payment scams were small compared to the national total, at $1.4 million. However, the risk is still real, and WA ScamNet continue to target interception frauds, encouraging settlement agents to keep watchful and report any attempts to hack into their system.

To prevent these costly frauds it’s important to have strong and secure systems and overlapping processes in place for verifying and paying accounts. As settlement agents must exercise due care, diligence and skill when acting for clients, it’s their responsibility to make sure they also have up-to-date anti-virus and anti-spyware software.

Avoid being scammed

Settlement agents need to beware and stay vigilant to prevent cyber-attacks. Property scams often start with buyers who want to make payment receiving an email they believe is from their settlement agent. Instead, it’s from a scammer who has hacked into the agent's email account. New bank details are provide for the buyer, duping them into paying into the fraudster's account. By the time the buyer realises the funds have not landed in the settlement agent’s trust account, their money has disappeared into a scammer’s hands.

As settlement agents hold funds in trust it is vital they establish a series of secure measures that work together to protect their business:

Settlement agents should:

• Tell clients to contact their office either in person or by telephone if they receive an email advising them to pay into a different bank account, even if it comes from the same email address; 
• Protect email accounts using a two-step verification process, which makes it more difficult for someone else to sign into the  account;
• Back up their business data offsite and offline; and
• Train their staff to recognise scams.

Ransomware attacks

Agents also need to watch out for attacks from cyber criminals who infiltrate and lock down computer systems and then demand a ransom to have the system unlocked. A recent local case highlights the serious nature of these attacks.

All businesses should regularly review and update their cyber security so that they have the latest anti-virus software and firewalls to guard against malware. Staff should not automatically open attachments or click on links in emails, especially if the sender is unknown. Even when senders are known, staff should take care as accounts may have been hacked.

Be proactive and stay informed

There are a number of online resources available to help you safeguard your business from cyber-attacks and online hacking frauds. Subscribe to the following scam alert sites to keep you informed:

• Consumer Protection’s WA ScamNet offers scam reporting, information and tips for prevention.
• The Federal Government provides advice for businesses and consumers about how to reduce the potential risks involved in doing things online.  
• PEXA provides information to help you keep your business safe online and information about the latest scams, fraud and phishing alerts on a dedicated community page.