Consumer Affairs Victoria has received reports of a possible hacking scam targeting the email accounts of businesses in certain industries, including real estate, conveyancing and building.
In most instances, a client received an email from the business they were dealing with that included details of an account to make a payment to. Shortly afterwards, the client received a second email from the same email address, telling them that the business had just updated their account details, and to pay into a new account.
We have also had reports of businesses that have paid money into a fake account, after receiving an email they thought was from their client or client representative, but had been hacked in a similar way.
If you are a business or consumer and receive an email from a business you are dealing with that includes details of a bank account to deposit money into:
- be very suspicious if you receive a second email asking you to make payment into another account, even if it is from the same email address
- call the supposed sender of the email to check its legitimacy. If the email has come from a business, consider visiting their office in person.
We strongly encourage consumers and businesses to regularly review and secure their online systems.
Follow these tips to help keep email accounts safe:
- consider setting up a two-step verification process with your email accounts. This requires a user to provide more than one type of proof that they are authorised before they can access an account
- do not use obvious passwords. Change your passwords, and other verification details, regularly
- do not share your email address online unless you need to. Consider setting up an email address just for online transactions, and another for communicating privately with clients and customers.
If you are a business sending account details for customers to make payment via email, advise them to:
- be very wary if they receive a second email telling them to pay into another account, even if the email comes from the same address
- contact your office to check the email’s legitimacy.
Any business or individual who believes they have been tricked into paying money into an incorrect account, should contact their bank immediately.
For more information on maintaining your security online, visit the Email page on the Federal Government’s Stay Smart Online website.
You can report incidents of cybercrime to the Australian Cybercrime and Online Reporting Network.
IDCare is a not-for-profit organisation that provides free support services and resources to people and organisations targeted by cybercriminals and scams. For more information, visit the IDCare website.
Remember: any business or individual can be a target for cybercriminals. For more information on staying safe online, visit the Stay Smart Online website.