A new fraud risk has been identified in Vic. Fraudsters have compromised some Vic legal or conveyancers. Buyers are give details to put settlement proceeds into bank accounts. Fraudsterf has email access and email intercepts to switch bank details. Funds are stolen Has been an issue in recent days thfough many sources. Home buyers send $200,000 in deposits to hackers in scam targeting real estate agent emails
The same issue is happening in Queensland as well. The advice from the Law Society is to confirm all bank account details over the phone before transferring any significant amounts on money.
Its likely to become an even bigger issue when OSKO live payments is launched....in weeks. In 30 seconds you can lose the funds and the Bank has no liability. Its basically tap and go for cleared funds ! Bring back telex machines and passbooks with black light signatures I say ...Wasnt that stupid. Anyone could read it. And everyone knew it. Like printing a PIN on your credit card in some ways. Email wasnt available outside uni's until the 90s. Created for researchers in 1972...Not the 60s. The "microsoft virus" scam renders peoples IT to remote access rendering all emails capable of being read. Typically they monitor for a year or more and build a profile and then wipe you out. Super, identity, bank, cards etc....Changing your email password regularly is so important.
Strong authentication is what is important - crazy not to have this turned on for webmail. Preferably not SMS based.
so if one is hit by a scam and the deposit is transferred, whose fault/responsibility does it become the agent for allowing their systems to be compromised the buyer for falling for it? I cant believe in this day and age the banks cant claw back transfers or there is a two step verification process
The issue of blame lies with the banking customer. You tell the bank to pay A. To an account you think is A. But its B. There is no way the bank can verify the account details are A B or Cs
Responsibility rests with the one doing transfer under the code of practice. Third parties incl other banks cant (and wont) verify an identity based on account details. Most people are surprised but BSB and Account number are it. Nobody can check an account name. The transfer process relies on those key items being valid. If they are its a completed transfer. 1. Carefully check all new payees you setup. 2. Dont change EFT details unless you are certain My bank (Westpac) now send a sms code and you must independently verify a change (add/new or change) of payee details. If you dont reply within XX minutes (think its 10) they dont make the change and lock your account until you call. Happend to me and its annoying but I think its a great idea. Paypal are same. We dont even accept client instructions for changes to banks details for super pensions etc. We insist on speaking to them to verbally confirm their instructions. Too easy for someone to hack your email and appear to be you.
So if i get a fake email from the agent asking me to transfer into the account . And i do. Its my fault?????