“Don’t open the attachment!” – how a fraudulent email can land you in hot water
With cyberfraud a major risk for both businesses and individuals, it has never been more important to understand how to protect yourself and your business. If you are impacted by cyberfraud it is critical to act quickly and have a pre-determined plan in place.
Known as “payment redirection” scams, these fraudulent emails involve scammers intercepting email communications between a client and their advisor (e.g. real estate agent, solicitor, conveyancer) and providing false bank account details leading to the client transferring funds into the scammer’s account.
With property in NSW a multi-billion-dollar industry, the amounts concerned can be eye-watering.
In terms of property transactions, these funds are usually required for the payment of:
-
the deposit by a purchaser into the agent’s trust account;
-
stamp duty by a purchaser to Revenue NSW (via the trust account of the purchaser’s solicitor); or
-
balance of purchase price and adjustments by a purchaser to PEXA (via the trust account of the purchaser’s solicitor).
The re-direction of these funds can have significant consequences and may lead to the client being unable to comply with their obligations under a contract for sale and purchase of land. In these circumstances the vendor may then have rights to terminate the contract and sue the purchaser for damages.
Below we have a closer look at how these scams occur and what both clients and their advisers can do to protect themselves.
How do these scams occur?
The scams usually involve a scammer hacking into the client’s email account or computer system. This is done by either guessing the client’s password or installing spyware/malware onto the client’s computer after the client opens an attachment or clicks on malicious links in the scammer’s email.
What can you do as a client?
Be vigilant! For this reason, it is important to take the following precautions to avoid falling victim to a scam:
-
Choosing a difficult password and changing it often
-
Not opening attachments or clicking on links in suspicious emails
-
Using a secured WiFi connection
-
Updating virus protection software regularly
-
Calling the sender of emails to verify bank details particularly if the email is requesting payments or changing bank account details. It is crucial not to use contact details contained in the email as they may be fake and put you in touch with the scammers.
-
Being particularly vigilant if the email comes via a generic email service provider such as gmail or Hotmail
-
Calling the sender to confirm the authenticity of the request and the bank account details. When calling, you should use a previously known contact number or independently verify the number via an internet search or official website.
-
When replying to emails, use the “forward” button rather than the “reply” button and manually type the email address of the recipient or select it from your address book
-
Particularly if a large amount of money is involved, always contacting the business office to personally verify the details before making the requested payment
-
Implementing multi-factor authentication on all online accounts such as email, bank and social media. More information including how to set it up is available on the Australian Cyber Security Centre
At Bartier Perry we have a team of dedicated advisors who can assist on fraud and corruption aspects which occur in property transactions.
What can you do if it does happen to you?
If you suspect that you have transferred money into the wrong account or money has been withdrawn from your account without your consent, you must contact your financial institution immediately. Taking immediate action will increase your chances of stopping the money transfer and/or reversing the transaction.
You should also take the following steps:
-
Report the scam to the Australian Competition and Consumer Commission (via online form here https://www.scamwatch.gov.au/report-a-scam).
-
Quarantine the affected computer. If there is an organisation-wide impact, bring in cyber security experts without delay.
-
If you know that the alleged scam took place in NSW and/or you know the details of the individual or business involved, call the Department of Fair Trading NSW on 13 32 20 or submit an online complaint (via this link https://www.fairtrading.nsw.gov.au/help-centre/online-tools/make-a-complaint).
-
Change your online passwords especially if your computer or phone were hacked or infiltrated with malware.
-
Recover your stolen identity by contacting iDcare, which is a free government funded service that can assist you to put together a specific action plan in response to your situation (see their website here https://www.idcare.org/).
-
Make an application for a Commonwealth Victims’ Certificate, which will support your claim of identity theft and assist you in re-establishing your credentials (see their website here https://www.homeaffairs.gov.au/about-us/our-portfolios/criminal-justice/cybercrime-identity-security/identity-crime).
For more information on cyberfraud – both prevention and cure – please contact any member of our Organisational Fraud & Corruption team.
Author: Irene Horan