Be on high alert - Scammers target WA property industry: Settlement agents bulletin Issue 73 (September 2017)

Last updated: 21 September 2017

21 September 2017

During the last week, Consumer Protection has received reports of scams involving the property industry.  Unfortunately, some of those scams were successful, with one scam alone netting $557,000.

No organisation or person is totally safe from scammers with agents, buyers and tenants all having been targeted in these recent attacks.   Scammers are constantly finding new ways to target individuals and businesses.  Further information about the recent scams is available on the media release “Huge loss from cyber-attacks targeting WA property industry”.

Commissioner for Consumer Protection David Hillyard has warned that there is now an urgent need for everyone involved in property transactions in WA to be on high alert.

It is imperative that settlement agencies use the highest possible security software to protect the integrity of their computer systems and email servers.

It is believed some of the recent hacking occurred as a result of people accessing email accounts via free public Wi-Fi and therefore you are cautioned about the dangers of using your business email account on open networks such as these.

Regular changing of passwords for email and bank accounts and independent verification of requests for changes to bank or contact details should be normal practice, especially in wake of these recent cases.

Protect your business

The following practices may help you and your business avoid being scammed:

  • Secure your computer from cybercrime attacks.
  • Be on the lookout for email scams.
  • Check the email address when a request to authorise payment, change bank account particulars or contact details is received.
  • Verify the authenticity of payment requests by using known contact details already on file – it’s advisable to phone the sender. 
  • Enter payee details manually on each occasion, rather than storing them within the bank account, as scammers may gain access to the payees' list.
  • Regular checking of bank account balances and daily reconciling of accounts may uncover unauthorised withdrawals in time to be stopped.
  • Use bank security tokens which changes the internet banking authorisation passcode on a continual basis.
  • Beware when opening email attachments or clicking on links which may download malware giving cyber criminals access to the online banking or the banking details of clients.

Protect your clients and tenants

Warn your clients about the potential for a scam attack and advise them of the following:

  • If they receive a request by email to change your bank account details, they should contact your agency and question the validity of the request.
  • They should use the phone contact details previously provided to them directly by you, to verify any changes with you.  They should not reply to emails that request money be forwarded to different accounts as they may be communicating with the scammers.
  • They should satisfy themselves that their virus protection is up to date and their email account details are not compromised before using home email to handle transactions.
  • Consider sharing the Huge loss from cyber-attacks targeting WA property industry media release on your online business page(s).

Details of previous scam attempts and advice can also be found in Settlement industry bulletins Issue 59 and Issue 61.

Any successful fraud attempts should be reported to WA Police Major Fraud Squad on 131 444 as soon as possible.

The Australian Cybercrime Online Reporting Network (ACORN) is a national policing initiative of the Commonwealth, State and Territory governments.  It is a national online system that allows the public to securely report instances of cybercrime.  It will also provide advice to help people recognise and avoid common types of cybercrime.

All targeted businesses can report the matter to Property Industries staff at Consumer Protection as well as WA ScamNet so the intelligence can be considered for future warnings. WA ScamNet may also refer details to the police.

Cyber and Crime Insurance

The current Professional Indemnity and Fidelity Insurance Master Policy is not intended to cover first party losses or cyber related losses suffered by you or your agency.

Licensed agents should consider taking out cyber and crime insurance.  Whilst this is an additional expense for licensed agents, it is a valuable investment in risk management, particularly given that the cost of cybercrime attacks can be crippling to a small business.

Core CPD Training - Preventing cybercrime and identity fraud in settlements

As part of next year’s CPD program, licensed settlement agents will receive training on cybercrime and identify fraud.  As part of this session, licensed agents will be introduced to a risk management framework that they can use as a takeaway tool for assessing risks related to cybercrime and fraud in their agencies.