Scammers hijacked a total of $70,000 by imitating an Australian settlement agent’s email address, and then tricking two property buyers into sending the money to the wrong account, Perth Now reports. The first victim was buying a business and was scammed out of $48,000. The second was a client of the same settlement agent, and lost $22,000.
This isn’t a new scam, unfortunately. We’ve seen it before and will no doubt see it again. Commissioner for Consumer Protection David Hillyard said the scammers had hacked an email account, which is presumably how they learned the details of the transactions. Perth Now quotes Hillyard as saying that these types of attacks are on the rise.
“These payment interception scams are becoming increasingly common where the fraudsters become the ‘man in the middle’ and redirect payments from a legitimate bank account to their own,” Hillyard said. “Money transfers related to property transactions usually involve large amounts so tapping into the communications between sellers or buyers and real estate or settlement agents is significant target with potentially high windfalls for the scammers.”
Hillyard recommended that property buyers and people in the real estate industry be suspicious of any email regarding payment instructions, particularly if it involves changing payment details. He added that it’s better for business professionals to avoid using generic email providers because these addresses can be easily imitated. In this case, the settlement agent was using a Yahoo email address, and the scammers created their own Yahoo account that closely imitated the settlement agent’s.
Hillyard noted that a simple phone call to confirm the requests could have prevented both of these scams. New-school security awareness training can teach your employees how to verify the legitimacy of payment requests before they end up a victim of social engineering and send the money to a scammer.
Perth Now has the story: https://www.perthnow.com.au/news/consumer-protection/scammers-target-perth-settlement-agent-in-email-scam-worth-70000-ng-b881376125z
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
