Fraudsters may steal hundreds of thousands in a single hit
Westpac is warning lawyers, real estate agents, and homebuyers about a spreading social-engineering hack that has the potential to cause hundreds of thousands in losses in a single hit.
The banking giant said that its financial crime management team recently foiled a scam where a fraudster attempted to divert $600,000, which was payment for an entire house, to their account.
Lawyers and law firms are an integral part of the scam, as described by Westpac. It starts with fraudsters approaching a lawyer or a law firm, posing as a potential property buyer interested in retaining the lawyer or firm for conveyancing services.
The fraudsters will then send an email purporting to contain important documents that are locked and can only be accessed if a lawyer enters their email address and password. The criminals then monitor the compromised email account for an indication of an upcoming payment or settlement.
When a payment is due, the fraudsters send a reminder from the lawyer’s email account, as well as an invoice that includes a bank account that they control.
“Once the money is in the fraudster’s bank account it is essentially gone, chances of recovery are very low as funds are usually quickly transferred off-shore. The liability will likely sit with the victim, as they are responsible for making the authorised payment, even though it was to a fraudster,” Westpac said.
“The scheme is a devious new take on the ages-old invoice scam but it has greater effectiveness because the client receives the invoice from a trusted source at a time they are expecting to make a payment,” it said.