An Australian woman lost $813,000 in a house purchase scam after failing to notice a subtle difference in a fake email address. Sophisticated cybercriminals imitated her conveyancer’s email by altering a single letter, successfully deceiving the South Australian homebuyer in May last year. The Australian Federal Police (AFP) revealed the funds were diverted due to a business email compromise (BEC), a common phishing attack.

Two days after the transaction, the woman realized the fraud and reported it to both her bank and the police. The AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) worked with state police and financial institutions to trace and freeze the scammer’s bank account, which was tied to a Pakistani national.

Out of the stolen funds, $505,000 was recovered, but $308,000 had already been lost, with $297,000 transferred to a cryptocurrency account. JPC3 was able to trace $272,000 of this amount through Binance and freeze it, though $25,000 had already been withdrawn. Intelligence sharing with Pakistani authorities led to the identification of the scammer as a “money mule” laundering illicit funds.

In March this year, the victim was able to recover another $272,000, bringing the total returned amount to $777,000, or 96% of the original $813,000. AFP Detective Acting Superintendent Darryl Parrish emphasized the importance of thoroughly checking email addresses and bank details to prevent such scams.

Although the victim recovered most of her money, the nearly year-long process had significant emotional and financial effects. The investigation into the criminal network responsible is still ongoing. The Australian Cyber Security Centre (ACSC) reports that BEC scams resulted in almost $80 million in losses from 2022 to 2023, with an average financial loss of $39,000 per incident.

To avoid falling victim to business email compromise (BEC) scams, it’s essential to adopt vigilant cybersecurity practices. Always double-check the email addresses, especially when making large financial transactions, as scammers often create addresses that closely resemble legitimate ones. Verify banking details through a direct phone call to the organization before transferring funds, and avoid sharing sensitive information over email. Using multi-factor authentication (MFA) for email accounts and implementing email filtering systems can also help detect and prevent fraudulent messages. Additionally, regularly educating employees and individuals on recognizing phishing attempts and BEC tactics can further reduce the risk of becoming a target.

If you need further advice about what you can do to avoid these types of scams, please read our other blogs talking about phishing, 2 factor authentication or give us a call on (03)58333000 and talk to our IT manager Raj about your concerns.

Please note – This information was taken from an article from Nine News Australia. To see the full article please visit – https://www.9news.com.au/national/south-australian-woman-scammed-out-of-800k-during-house-sale-cybercrime/f815d8c8-c337-43ba-8d31-e5b34b1f5c74