Alert issued after scammers steal $70,000 by cloning a settlement agent email

This announcement is for: 
Consumer

Home and business buyers as well as real estate and settlement agents in WA are urged to be on high alert after two payments totalling $70,000 meant for a Perth settlement agent were stolen by scammers.

The scammers had cloned the settlement agent’s Yahoo email address, changing just one character, and sent a payment request for $48,000 to the buyer of a business. The email contained details of a bank account controlled by the scammers and, believing it was a genuine email from the agent, the buyer paid the money as requested.

Another client of the same settlement agent has reported sending $22,000 to what is believed to be the same scammer.

Commissioner for Consumer Protection David Hillyard said the scam involves the hacking of an email account but an investigation is continuing.

“These payment interception scams are becoming increasingly common where the fraudsters become the ‘man in the middle’ and redirect payments from a legitimate bank account to their own,” Mr Hillyard said.

“Money transfers related to property transactions usually involve large amounts so tapping into the communications between sellers or buyers and real estate or settlement agents is significant target with potentially high windfalls for the scammers.

“If successful, as in this case, the proceeds from this type of cybercrime can be lucrative so we want to make sure that these incidents are not repeated and don’t give any incentive for fraudsters to continue their criminal activities and profit from them.

“Advice for buyers and sellers of property is to be suspicious about any email asking for money transfers or advising of a change in bank account details to where payments should be sent.

“To help prevent any losses, all it takes is a phone call to confirm requests for money or a change in bank account details are genuine. Don’t use phone numbers given in the email and don’t directly reply to the email. Use the contact details previously provided.”

Consumer Protection warns agents and businesses generally to avoid using generic email addresses such as Yahoo and to establish secure practices with regard to communications and financial transactions.

There are some steps agents can take to manage the risk:

  • Use a business grade, hosted email service that includes quality filtering to block dangerous emails, spam, phishing and malicious content or attachments;
  • When responding to emails, use the forward button instead of reply, and manually type or select the address from your address book. This will help you make sure you’re communicating with the right person;
  • Establish a double check for clients to verify that payments are being sought by the agency;
  • If an attachment comes in an unusual format like .zip or the email asks you to follow a link to a file hosting site, this should be a red flag. If the sender is known to you, call them and double check the email is from them.

More information on scams is available on the WA ScamNet website. Enquiries can be made by calling 1300 03 40 54 or emailing consumer@dmirs.wa.gov.au.

<ENDS>

Media Contact: Alan Hynd, (08) 6552 9248 / 0429 078 791 / alan.hynd@dmirs.wa.gov.au 

Consumer Protection
Media release
07 Nov 2019

Last modified: