SCAM ALERT – Did that person, really send you that?

Written by

In what is suspected to be a “man in the middle scam”, funds were unwittingly deposited by a purchaser into an east coast bank account in the lead up to a settlement and then transferred by the scammers to an overseas account resulting in a significant loss of $557,000.

Typically, this type of scam will occur when the contents of person’s private emails are accessed and details of future financial transactions are seized upon by scammers. Victims will be contacted by what they believe to be their agent via a genuine email address when in fact it is the scammer who has assumed the identity of a recipient requesting the transfer.
Scammers are attracted to targeting property professionals and their clients due to the potential for high yield lucrative opportunities.

The unfortunate series of events of this scam serves to highlight the importance of conveyancers keeping their clients informed as to best practice when transferring funds. Putting aside IT safeguards there are some basic prevention strategies you can implement today.
Top Tips to avoiding “man in the middle scams”

  1. Advise your clients that under no circumstances should they act upon an email request from you or your agency to transfer funds to a specified account. You can include this information along with your Authority to Act or better still take the time to explain this to your client.  
  2. Check email addresses carefully to ensure they match email addresses on record. Scammers can alter email addresses by simply adding or removing a single alpha or numeric character. For instance might become  . This simple technique is enough to fool many people who are rushing through their emails.         
  3. Scammers have been known to eavesdrop in email communications waiting for the opportune time to assume the identity of a party. Be careful in what you communicate via email.
  4. Be suspicious if receiving an email with poor grammar, obvious spelling mistakes, use of language, terminology or colloquialisms not typically associated with buyers/sellers in WA.      
  5. Do not open or access emails in public spaces where you have accepted free wifi. Try to restrict your access to either your home, work or wherever you have internet security in place.  
  6. When conversing with clients via email do not advise them of any account deposit/transfer details. Make it your practice to speak to your clients directly or deliver information personally or use couriers or trusted postal services.
  7. Trust your instincts. 

Huge loss from cyber-attacks targeting WA property industry
Source: DMIRS 19/9/2017, citing source: DMIRS website– Announcements
An urgent alert to the WA real estate and settlement industries, as well as to buyers and sellers of properties, has been issued by Consumer Protection after three recent cyber-attacks have resulted in almost $590,000 being stolen in property-related scams.
In the worst case, an 83 year old property buyer in Perth’s western suburbs has lost $557,000 after the fraudsters intercepted email communications between her son, who was acting on her behalf, and their settlement agent. It is not yet known if the scammers hacked into the email account of the buyer’s son or the settlement agent or both.
On 8 September 2017 the buyer’s son received an email from who he thought was his mother’s settlement agent asking him to deposit the final payment on a property amounting to $558,000 into a new bank account which he did. When the fraud was discovered, he contacted the bank involved but it was too late, all but $1,000 had already been withdrawn from the account. The buyer may face further financial losses as the settlement could not go ahead as planned.


WA organisations lose $500,000 to ‘man in the middle scams’
Source: DMIRS 19/9/2017, citing source: DMIRS website– Announcements
Fraudsters posing as CEOs or third-party suppliers have cost Western Australian businesses and not-for-profits at least $500,000 in the last two years, prompting a warning about ‘man in the middle scams’.
Acting Commissioner for Consumer Protection David Hillyard said the fraud works in two equally sophisticated ways.
“The false boss or CEO scam usually hacks a chief executive officer or senior leader’s email account to send a subordinate a request to transfer money to a bank account. The imposter will give a plausible reason and believable account holder name but the account number directs the funds to the offenders or their associates.
“The payment diversion scam involves ‘phishing’ phone calls and emails to find out about who works in the finance area of an organisation and existing arrangements with goods or service providers. The fraudsters pretend to be a third party supplier, often via a fake email invoice, and provide new bank account details for payment of money owed.”


Source: AICWA 19 September 2017 e-Bulletin

Leave a Reply

Your email address will not be published. Required fields are marked *