Cyber-crime Hits the South Australian Conveyancing Industry - A Blog By Forerunner Computer Systems
This week we were fortunate enough to have Forerunner Computer System (our “go to” IT team) offer to write a blog to help keep our clients safe after the recent Cyber-crime Conveyancing Email Scam that has targeted the South Australian conveyancing industry. Jess from Forerunner provides her advice here:
If you’re in the process of buying or selling a property, you will be engaging with a conveyancer to aid in the process.
Conveyancing is the method in which you go through to transfer legal possession of land, or property, from one party to another. The main job of a professional conveyancer is to deliver, prepare and lodge legal documents for you, investigate the property/ certificate of title, calculate rates and handle your deposit funds within a trust fund.
Unfortunately, two property buyers in South Australia, were recently the victims of conveyancing fraud according to a recent article the ABC released (link: http://mobile.abc.net.au/news/2017-10-25/scam-targets-conveyancing-clients-in-sa/9086172?pfmredir=sm). These buyers lost nearly $1 million due to the fact that these cyber-criminals were using bogus emails and posing as conveyancers requesting large amounts of money to be paid. The scam has been referred to the police as The Australian Institute of Conveyancers still aren’t certain how such confidential information was retrieved.
The article states that this particular conveyancing email scam occurred in Western Australia earlier this year, making South Australia the second state it has targeted this year.
Regrettably, cyber-criminals are now becoming quite clever when mimicking emails sent out by legitimate companies. In this particular conveyancing email scam, an email was produced by a cyber-criminal that looked as though it was being delivered by the victim’s conveyancer. The email contained bank details for an account that was owned and operated by a cyber-criminal. The email appeared legitimate and was sent at a time where the recipient was due to make a payment, so it wasn’t received unexpectedly.
When situations like this occur, it leaves victims feeling anxious about online transactions, which is why it is important to educate individuals and businesses on how to help prevent situations like this from occurring.
If you receive an email requesting any amount of money or personal information, you should call the company you believe you received the email from as it might not be authentic.
If you do need to call the company you believe you received the email from, you should look up their number, not call the number in the email. Even if you look at the email address that the email is sent from and it looks legitimate, it still may not be, so don’t rely on this as your only check.
Although this particular conveyancing email scam contained false bank details, it can be extremely difficult to spot a scam.
Cyber-criminals can always change how they do things, so when receiving emails, we recommend at bare minimum checking for:
- Spelling and Grammar Mistakes: Spelling mistakes seem to be quite common for scammers to make in their emails. Grammatical errors are also quite common, with some sentences not quite making as much sense as they would if they were coming from legitimate companies. However, a lot of people seem to skip past reading the email and just click the links as they see company logos in the email received.
- Bank Details: Emails from companies often contain payment/ bank details. Cross check these banking details with legitimate invoices you have received, to make certain they match up correctly.
- URLs: Any website links that may be present in any emails you receive should be hovered over by placing your mouse cursor over it, so the actual URL displays for you. Links should never be just trusted and clicked, in case they are not links for legitimate websites. Websites that don’t display “https” in the URL bar aren’t secure. This means they don’t have a security certificate or SSL certificate. If you are visiting any website to fill out confidential information within forms and/or provide payment details or login, you must make certain that the website displays “https” in the URL.
- Password or Login Requests: Any password requests in the email, or requests to login to online accounts should be looked at closer as these may not be valid requests.
- Unusual Account Balances: If you receive an email that has an unusual account balance in the email requesting payment, you shouldn’t just assume that the email received is genuine.
- Anti-Virus: Ensure that you have a reputable anti-virus program installed on your computer/ device and it’s kept up to date. As an extra precaution, run a regular scan.
- Personal Details: Most companies will not email you requesting personal information about yourself. This is usually a “red flag”.
- Email Appearance and General Communication: During the process of working with your conveyancer (or any other business), think about the following:
- How they have communicated with you prior to the recent suspicious email.
- How the tone of the email compares to previous emails received from them.
- Whether the appearance of the email has changed compared to the most recent email received.
- Whether the email is personalised and includes details that you have provided the company with.
- Whether the email is sent from an email address and person you have dealt with at the business.