Another successful middle-man-scam in WA- this time on payment of Contract Deposit to Real Estate office…
Would suggest clients ‘Call to verify (only on the known public listed office number -not the one presented in the email-could be altered) before they transfer funds’…
“Another Settlement Agent Posted 1 hr
Another successful hacking! 🙁
My client received an email from the Real Estate Agent to transfer the deposit pursuant to the Contract of Sale. Shortly thereafter he received a follow-up email changing the account name and number and unfortunately acted on the second email.
He transferred the 20k deposit as requested and sent a screenshot immediately thereafter to the REA, who unfortunately didn’t notice the inconsistencies with the account number or title.
Several days later the REA followed up the deposit with the Buyer and at that point it became apparent that the Buyer had sadly been duped.
The REA (large organisation) contacted their IT Dept. and they feel certain that the breach didn’t occur at their end, but feel that it is likely that it occurred via the clients Hotmail account. I’m certainly no expert so I wouldn’t have a clue.
The matter was referred to the WAPOL for investigation and the receiving bank have notified, but sadly the funds had already been transferred out of the account. The bank in question have advised that it was a legitimate account. Whether the client has any recourse is currently being investigated, but that will probably take some time to remedy, if at all possible.
We have contacted the REA and their preferred settlement agent and suggested that they consider modifying their practices as most, if not all, settlement agents have already done. They are taking that under advisement.
If you or your organisation have REA’s that you are affiliated with, or receive regular work from, you may wish to suggest to them that they also cease to provide trust account details via email to avoid a repeat of this unfortunate incident. :-(“
Also worth looking at the options of obtaining BPAY for clients to make payments. At least till the National Payment Platform is ready!
If you suspect your internet browsing systems could get compromised, Bankvault Safe window product is worth ~$199 per year.