Real estate agents in Western Australia have been warned to be on high alert as scammers have walked away with thousands.
Scammers were able to clone a settlement agent’s Yahoo email address, and changed just one character, and were able to send a payment request for $48,000 to the buyer of a business.
The scammer controlled the bank details in the email, and because it looked genuine, the buyer paid the money.
Another client of the same agent had a similar situation. And as a result, he sent $22,000 to the scammer.
Although officials know the scam involved hacking an email account, an investigation is still underway, Commissioner for Consumer Protection David Hillyard said.
“These payment interception scams are becoming increasingly common where the fraudsters become the ‘man in the middle’ and redirect payments from a legitimate bank account to their own,” Mr Hillyard said.
“Money transfers related to property transactions usually involve large amounts, so tapping into the communications between sellers or buyers and real estate or settlement agents is significant target with potentially high windfalls for the scammers.”
Mr Hillyard wants to ensure these incidents are not repeated so it does not give any incentive for fraudsters to continue their criminal activities.
“Advice for buyers and sellers of property is to be suspicious about any email asking for money transfers or advising of a change in bank account details to where payments should be sent.
“To help prevent any losses, all it takes is a phone call to confirm requests for money or a change in bank account details are genuine. Don’t use phone numbers given in the email and don’t directly reply to the email. Use the contact details previously provided.”
Steps an agent can take to manage risk include:
- Use a business grade hosted email service that includes quality filtering to block dangerous emails, spam, phishing and malicious content or attachments.
- When responding to emails, use the forward button instead of reply, and manually type or select the address from your address book. This will help you make sure you’re communicating with the right person.
- Establish a double-check for clients to verify that the agency is seeking payments.
- If an attachment comes in an unusual format like .zip or the email asks you to follow a link to a file hosting site, this should be a red flag. If the sender is known to you, call them and double-check the email is from them.