Cyber thieves are clever. They target lawyers because we direct transfers of money and they want to steal it.
DON’T FALL FOR IT!
Be suspicious of email instructions.
Cyber fraudsters will get in any way they can. Make sure it’s not through you.
Five steps to protect yourself.
Like a scene from a piece of famous literature, Landgate will be scoped, to see what the current government can scrape together to prop up their budget.
Media statement here.
Other States media articles include;
Another successful middle-man-scam in WA- this time on payment of Contract Deposit to Real Estate office…
Would suggest clients ‘Call to verify (only on the known public listed office number -not the one presented in the email-could be altered) before they transfer funds’…
"Another Settlement Agent Posted 1 hr
Another successful hacking! :-(
My client received an email from the Real Estate Agent to transfer the deposit pursuant to the Contract of Sale. Shortly thereafter he received a follow-up email changing the account name and number and unfortunately acted on the second email.
He transferred the 20k deposit as requested and sent a screenshot immediately thereafter to the REA, who unfortunately didn't notice the inconsistencies with the account number or title.
Several days later the REA followed up the deposit with the Buyer and at that point it became apparent that the Buyer had sadly been duped.
The REA (large organisation) contacted their IT Dept. and they feel certain that the breach didn't occur at their end, but feel that it is likely that it occurred via the clients Hotmail account. I'm certainly no expert so I wouldn't have a clue.
The matter was referred to the WAPOL for investigation and the receiving bank have notified, but sadly the funds had already been transferred out of the account. The bank in question have advised that it was a legitimate account. Whether the client has any recourse is currently being investigated, but that will probably take some time to remedy, if at all possible.
We have contacted the REA and their preferred settlement agent and suggested that they consider modifying their practices as most, if not all, settlement agents have already done. They are taking that under advisement.
If you or your organisation have REA's that you are affiliated with, or receive regular work from, you may wish to suggest to them that they also cease to provide trust account details via email to avoid a repeat of this unfortunate incident. :-("
Also worth looking at the options of obtaining BPAY for clients to make payments. At least till the National Payment Platform is ready!
If you suspect your internet browsing systems could get compromised, Bankvault Safe window product is worth ~$199 per year.
Another electronic funds transfer fraud has occurred whereby a client has been emailed by a person they have believed to be their conveyancer.
Otherwise known as “spoofing” the client has assumed the email to be legitimate and has followed instructions to transfer funds.
AICWA recommend all members undertake the following:
Source: AICWA e-alert 3/11/17
Phishing is an attempt to scam or deceive you into disclosing personal and financial information in an email or online. A hoax email may look like it was sent from a reputable organisation, and may ask you to disclose personal information via return email or by clicking a link. These emails often look genuine, copying a company's branding and email layout, and using an address that's very similar to the real company's URL.
Hoax emails may:
Keep me updated, join us here...