It’s just one simple step that could prevent hundreds of thousands of dollars earned by Australian workers from falling into the hands of ruthless fraudsters.
Just requiring beneficiary confirmation would be enough to make sure the finances go to the right account and avoid interference from someone pretending to be someone they’re not, says Gerard Brody of the Consumer Action Law Center.
Brody says that the lack of protection in Australia is leaving people vulnerable to scammers who can trick people through their computers.
A Gold Coast couple was devastated when they lost nearly $40,000 at the hands of a “sneaky” email scammer posing as a real estate agent.
Mitch Wilson and Penny Davies believed they were just following their agent’s advice when they transferred their house deposit to a bank account.
They had received an email from what appeared to be their real estate agent’s email address.
“It plays over and over in my head all the time,” Davies said.
“We received an email from the real estate agent that we had been dealing with, from his email account that said, in light of the contract, please pay money to this account,” Wilson said. 9 News.
The couple transferred $39,000 to the bank account and didn’t think about it again until the agent contacted them a few days later to ask about the payment.
“We went back and forth, exchanging screenshots and emails from his side and ours, and what was obvious is that the money didn’t go where it was supposed to go, which was his account,” Wilson said.
“(It ended up) in a scammer’s account and then overseas to a crypto account.”
Police refer to it as an email compromise scam whereby scammers infiltrate an email account and send emails to victims, making it very difficult to discern that it is a scam.
“These people with these skills, they are very cunning, they are very calculated,” Ian Wells of the Queensland Police Service Cybercrime Group told 9 News.
When a business owner sends an invoice, hackers change bank account numbers for payments and then send the invoice to the unsuspecting customer.
“Mom blogger” Constance Hall has also fallen victim to the vicious scam.
She said news.com.au last month she felt “stupid” after losing thousands of dollars to scammers.
Ms. Hall believed she was paying a deposit on a rental property when she transferred money through a link sent by the real estate agency that managed the property.
When he contacted his bank, he was told that since he had authorized the transaction, the chance of getting the money back was slim.
His bank recovered only $7.57.
“Having everything stolen from me in an instant … felt incredibly unfair,” he said.
Police urge home buyers to always contact businesses first to verify bank account numbers when paying bills online.
Gerard Brody of the Consumer Action Law Center said the current system leaves Australia vulnerable to scams.
“The risk is on you as an individual to get those numbers correct and the bank doesn’t double check that the account name you enter is going to the correct accounts,” he told DailyMail.
The consumer law expert said there is no banking mechanism to confirm the beneficiary in Australia at this time.
“Reforms in the UK and other countries now require banks to confirm the beneficiary,” Brody said.
“Here in Australia, there have been calls for banks to do the same, but they don’t and that creates huge risks of scams.”
Under the current banking system, Australians can only get their money back if their details or cards are stolen.
If the transactions have been approved, as they were in the cases of Ms. Davies, Mr. Wilson, and Ms. Hall, then getting a refund from the bank is much more difficult.
“Unfortunately, it can be very easy to get scammed, and they can be very sophisticated, including these types of phishing scams,” Brody said.
“It doesn’t seem fair for people to bear all the losses associated with scams, so we’re pushing for stronger measures to prevent fraudulent banking transactions from being processed.”
Police urge Australians to contact their bank as soon as possible to report a fraudulent transaction.
The Australian Cyber Security Center advises affected businesses to report the incident at cyber.gov.au/acsc/report/ and alert other employees and customers.
Businesses should also report the breach to their email service provider, for example, Gmail or Microsoft Outlook.