The Western Australian state government is urging those involved in the purchase of real estate in WA – such as brokers, bankers, real estate agents and settlement agents – to avoid using “generic” email addresses for business communications and financial transactions after identifying an email scam where a settlement agent’s Yahoo email address was hacked and information was used to con clients into making settlement payments.
According to the Commissioner for Consumer Protection, David Hillyard, a recent payment interception scam (currently under investigation) involved a Perth settlement agent’s email address being cloned, with the scammers changing the email by one character and sending a payment request to the buyer of a business.
The email contained a request for payment of $48,000 and included details of a bank account controlled by the scammers.
Believing the request was a genuine email from the agent, the buyer paid the money as requested.
Another client of the same settlement agent has reportedly sent $22,000 to an email address believed to be controlled by the same scammer.
While the investigation into the matter is continuing, Mr Hillyard warned agents and businesses to avoid using generic email addresses, such as Yahoo, and to establish secure practices with regard to communications and financial transactions.
He said: “These payment interception scams are becoming increasingly common where the fraudsters become the ‘man in the middle’ and redirect payments from a legitimate bank account to their own.
“Money transfers related to property transactions usually involve large amounts, so tapping into the communications between sellers or buyers and real estate or settlement agents is significant target with potentially high windfalls for the scammers.
“If successful, as in this case, the proceeds from this type of cyber crime can be lucrative, so we want to make sure that these incidents are not repeated and don’t give any incentive for fraudsters to continue their criminal activities and profit from them.”
The Commissioner for Consumer Protection urged property buyers and sellers to be “suspicious about any email asking for money transfers or advising of a change in bank account details to where payments should be sent” and to confirm requests by phone (using details previously provided, not details included in suspected emails).
Consumer Protection is also urging agents and businesses involved in property purchases to mitigate the risk of attacks by:
- Using a business grade, hosted email service that includes “quality filtering to block dangerous emails, spam, phishing and malicious content or attachments”;
- Using the “forward” button instead of “reply”, and manually typing or selecting the address from address books to ensure email addresses are correct;
- Establishing a double check for clients to verify that payments are being sought by the agency; and
- Ensuring any attachments with “unusual format like .zip” or including links to file hosting sites are verified to be genuine by confirming with the sender.
[Related: ASIC warns of banking scam]