Cyber criminals steal $50,000 from Broome real estate agency trust accounts

Cyber fraudsters are believed to be behind a total of $50,000, made in three payments, out of a Broome real estate agency's trust account. It is believed the criminals accessed the agency's online banking system after a compromised email saw malware installed.

One of the recipients receiving regular payments had their account details altered on a pre-entered list, seeing their $50,000 redirected to another's account. Then, the details were changed back to the original to avoid detection of the fraud.

The agency has been reimbursed by their bank since the incidents in February.

In March last year, another agency experienced a similar case of cyber fraud, seeing $50,000 stolen through two BPay transactions from a trust account. The bank detected these cases early, and recovered the funds.

As a result, Commissioner for Consumer Protection Anne Driscoll has put out a warning to real estate agents, and settlement agents, to be wary of fraud. She also suggests that strict security protocols are in place for computer usage.

“While the property industry has been targeted in these cases, fraud of this kind can affect any business so it’s essential that businesses have procedures and protocols in place to prevent unauthorised access to their computer system and systems to detect malware,” Driscoll said.

“Staff should be trained to ensure that suspicious emails are deleted immediately, attachments are never opened and links never activated. Having up-to-date anti-virus and anti-malware software is essential for any business."

She suggested that agents manually input bank account details of clients when making electronic bank payments, rather than using pre-entered lists.

These are not the only type of cyber scams around - in 2012, a vigilant Applecross, Perth agency managed to avoid being victim to cyber crime.

CONSUMER PROTECTION'S ANTI-FRAUD ADVICE:

1. Have the latest security software (anti-virus, anti-spyware, firewall) installed on computer systems and keep the operating system up-to-date.
   
   
2. Remind staff of basic electronic security measures. If suspicious emails contain an attachment, do not open them as they may contain malicious software (malware or spyware). Do not click on any links within these emails and delete them immediately.
   
   
3. Be wary of unsolicited emails purporting to be from your bank as these may be phishing scams.
   
   
4. Be aware that banks will never ask you to supply any of your details via email.
   
   
5. Consider using security tokens or set up a mobile phone security code protocol when using e-banking and verifying all payments. Ensure the device protocols are set to the highest possible level for all staff members.
   
   
6. Revise transaction limits and reduce them if they are too high. Sometimes it’s safer to make smaller multiple payments than allow for one large payment to be made from your bank account.
   
   
7. Tyoe the address into the address bar when accessing online banking. Never click on an online link or ‘favourites link’ to access your bank’s webpage as these can be manipulated to send you to a counterfeit site. While these sites may look similar to your bank’s webpage, fraudsters operate them to obtain your personal banking details and passwords.
   
   
8. Staff members should enter a payee’s bank account details manually whenever they make an electronic funds transfer.

Property Observer suggests that investors should ask their agents how they protect themselves, and their clients' information.