A cyber-fraud scammer hacked into a travel agent’s computer, and used details to steal money.
Senior Regional Officer for Consumer Protection Annetta Bellingeri
Consumer protection manager Annetta Bellingieri said spyware came with an email message, allowing the scammer to obtain details of several regular payments the agency made to various others.
They then diverted these payments to their own bank accounts.
You can read a media statement, with tips about how to avoid this type of scam here:
1 May 2014
Broome real estate agency a cyber-fraud target
A Broome real estate agency is believed to have been the target of cyber-fraud with criminals reaping $50,000 after accessing the agency’s online banking system.
It’s understood the fraudsters may have gained access to the agency’s computer system after a compromised email apparently allowed malicious software (or malware) to be installed.
The bank account details of one of the agency’s clients were changed on a ‘pre-entered list’ of recipients who receive regular payments. Three payments from the agency’s trust account totalling $50,000 were re-directed away from the intended bank account. It appears the account details were later changed back to the original, in the hope that the fraud would not be detected. The agency has since been reimbursed by their bank.
This recent cyber-theft which occurred in February followed a similar case in March last year when a Perth settlement agency had $50,000 in two BPay transactions taken from their trust account. In that case the suspicious transactions were detected early by the bank and the money was recovered.
Commissioner for Consumer Protection Anne Driscoll warned real estate and settlement agents to be alert to this type of fraud and to have strict security protocols in place to avoid falling victim.
“While the property industry has been targeted in these cases, fraud of this kind can affect any business so it’s essential that businesses have procedures and protocols in place to prevent unauthorised access to their computer system and systems to detect malware,” Ms Driscoll said.
“Staff should be trained to ensure that suspicious emails are deleted immediately, attachments are never opened and links never activated. Having up-to-date anti-virus and anti-malware software is essential for any business.
“In light of these attempted frauds, it is our advice that real estate and settlement agents manually input bank account details of clients when making electronic bank payments, rather than relying on the accuracy of details in pre-entered lists.”
Consumer Protection offered the following anti-fraud advice for business owners:
• Have the latest security software (anti-virus, anti-spyware, firewall) installed on computer systems and keep the operating system up-to-date;
• Remind staff of basic electronic security measures. If suspicious emails contain an attachment, do not open them as they may contain malicious software (malware or spyware). Do not click on any links within these emails and delete them immediately;
• Be wary of unsolicited emails purporting to be from your bank as these may be phishing scams;
• Be aware that banks will never ask you to supply any of your details via email;
• Consider using security tokens or set up a mobile phone security code protocol when using e-banking and verifying all payments. Ensure the device protocols are set to the highest possible level for all staff members;
• Revise transaction limits and reduce them if they are too high. Sometimes it’s safer to make smaller multiple payments than allow for one large payment to be made from your bank account;
• Type the address into the address bar when accessing online banking. Never click on an online link or ‘favourites link’ to access your bank’s webpage as these can be manipulated to send you to a counterfeit site. While these sites may look similar to your bank’s webpage, fraudsters operate them to obtain your personal banking details and passwords; and
• Staff members should enter a payee’s bank account details manually whenever they make an electronic funds transfer.
Further information and advice on scams can be found on the WA ScamNet website www.scamnet.wa.gov.au. Enquiries or scam reports can be made by email wascamnet@commerce.wa.gov.au or by phone 1300 30 40 54.