20 May 2019

Scammers can hack property transaction emails

Your clients are ready to finalise the settlement of a house purchase. They receive an email from your agency advising of new deposit bank account details and transfer the funds as directed. While your clients excitedly anticipate owning their new home, the funds disappear into a scammer’s hands.

In this scenario the scammer hacked the settlement agency’s email systems and impersonated an agency representative.

Think this can’t happen to you? Think again.

Sophisticated ‘business email compromise’ scams such as the scenario above cost Australian businesses over $60 million in 2018, according to a report just released by the Australian Competition & Consumer Commission (ACCC).

In 2017, sharp property buyers in Mandurah avoided losing more than $200,000 in an email scam targeting the settlement of a local property. The scammers sent an email masquerading as the settlement agent and directed them to deposit funds into a new bank account. Fortunately they noticed that the email address was slightly different than in previous exchanges, so they contacted the settlement agent who confirmed that it was a fake payment request.

On the heels of that incident, Commissioner for Consumer Protection David Hillyard advised, “Whether you are a buyer or seller or real estate/settlement agent, double check email addresses and bank accounts before sending or authorising the transfer of funds and, if in doubt, pick up the phone. It could prevent you from becoming a scam victim and suffering financial loss.”

Avoid being scammed

Any business conducting property transactions should establish secure practices based on the knowledge that criminals are actively trying to intercept communications and financial transactions for their own financial gain.

“Every business should have clear processes for transferring money and a procedure for verifying requests to change bank account details that uses multiple modes of communication,” cautions ACCC Deputy Chair Mick Keogh in a recent Scamwatch advisory.

Options include:

• Advise your clients to contact your office if they receive an email telling them to pay into a different bank account, even if it comes from the same email address
• Protect your email accounts with two-step verification, which makes it more difficult for someone else to sign in to your email account
• Back up your business data offsite and offline
• Train your staff to recognise scams

Be proactive and stay informed

There are a number of online resources available to help you safeguard your data and processes. The following government sites offer scam alert subscriptions to keep you informed:

• Consumer Protection’s WA ScamNet site offers scam reporting, information and tips for prevention
• The Federal Government’s StaySmartOnline site* contains advice for businesses and consumers
• ACCC’s ScamWatch site identifies types of scams and where to get help

*Update: StaySmartOnline is migrating to the Australian Cyber Security Centre's website www.cyber.gov.au.

Tax time is coming: ATO scams on the rise at EOFY

WA consumers and businesses are being warned to be alert to tax scams which are usually prevalent in the months before and after the end of the financial year. Read more about current ATO scam alerts.