Case study: Scams target real estate transactions

Online scammers are everywhere, and they are getting more and more sneaky. There have been a number of online scammers who have targeted law firms – they only target the emails and then they change the destination details for someone’s bank account to their own, and funds are lost.

Recently, we had a client who’s email had been hacked. She didn’t know this had happened. The hackers just sat back and watched for a while, then they started to pretend to be her banker. They intercepted emails and elaborately created addresses and email signatures to imitate her banker.

The scammers asked for her to deposit funds into a particular account in preparation for a real estate transaction that we were involved with.

Luckily, she rang us and asked whether a banked would ask for funds to be moved in such a way before this sort of deal was done. We said that it was not the usual course of action, and would in fact make things more difficult, and recommended she didn’t follow that instruction.

She ended up telephoning her banker, and found out that he had given her no such instruction, and that the email was not from him at all, but from the scammer.

The scammer was asking her to move funds into an account that was his own, and if she had moved funds there, she would never have seen them again.

Thankfully, she had called us first, and we had the experience and relationships with her and various bankers to give her the advice that the instructions didn’t sound right.

Unfortunately, there had also been a previous email from the same hacker, which our client had followed. So she did in fact lose some funds, but not the large amount that she could have lost, if she had followed the second email.

Law firms and conveyancers who use a bigpond or gmail email account have also been targeted Those firms, like TBA Law, who use a professional domain, have been less exposed. We also make sure we don’t use account details in the body of an email, but get them written down and signed off in a client’s handwriting and emailed to us as a pdf.

When bank account details are in the body of an email, they are more likely to be intercepted and changed by a scammer.

So please don’t include your bank account details in the body of an email, and always double-check the receipt of your banking details and verify bank accounts via a quick phone call.