REAL estate agents are being urged to review their online security measures following a recent attempt to steal $500,000 from a trust account.
It is believed cyber thieves gained access to the Perth agency’s bank accounts after malware was downloaded into their computer system, probably from an attachment being opened or a website link being clicked in a scam email.
The installed malware allowed the criminals to record keystrokes and discover bank log in details, including the password.
A staff member noticed the unauthorised withdrawal of $500,000 and contacted the bank immediately.
Consumer Protection acting commissioner David Hillyard praised the quick action of the staff member who had prevented a devastating loss.
“In this latest instance, the agency had put in place all reasonable securities and processes however the scammers were still able to trick the system into commencing the transaction to fraudulently move $500,000 out of their trust account,” he said
“Only through the quick actions of a very diligent staff member had the crime been foiled on this occasion but everyone needs to be vigilant so they don’t fall victim to these cyber criminals.”
The agency has since implemented new and more secure connections to its bank.
In February 2014, a Broome real estate agency lost $50,000 after scammers accessed the agency’s online banking system and changed the bank account details of clients who were on a ‘pre-entered list’ of recipients for regular payments.
The agency was reimbursed by their bank.
In March 2013 a Perth settlement agency had $50,000 in two BPay transactions taken from its trust account but the suspicious transactions were detected early by the bank and the money was recovered.
Mr Hillyard said every business should have procedures and protocols in place to prevent unauthorised access to their computer system and to detect malware.
This included having up-to-date anti-virus and anti-malware software and regular checking of bank account balances and daily reconciling of accounts.
“Businesses should discuss their online banking security measures with their bank who may recommend extra measures to provide some peace of mind,” Mr Hillyard said.
Organisations targeted by cyber-attacks and scams can report the details to WA ScamNet at Consumer Protection by calling 1300 30 40 54 or by emailing firstname.lastname@example.org.