Scammers steal $70,000 from Email Cloning

Consumers are being warned to carefully screen “from” email addresses when they receive messages requesting payment, even from familiar senders.

Recently scammers in WA copied a settlement agent’s Yahoo email address and submitted a payment request for $48,000 to the buyer of a business. The email address was an exact copy of the actual settlement agent’s email address except for a single letter.

The payment request contained bank account info that directed the payment to the scammers. When the business received it, they submitted payment believing it to be a genuine email from the agent.

The same scammers sent another request for $22,000 to another of the settlement agent’s clients.

“Be suspicious of any email asking for money transfers or messages indicating that there’s been a change in the bank account information where payments are to be made”

“Payment interception scams are becoming increasingly common where the fraudsters are the ‘man in the middle’ and redirect payments from a legitimate bank account to their own,” says David Hillyard, Commissioner for Consumer Protection. He reports that the investigation into the scammers is still ongoing.

Buyers and sellers of real estate and settlement agents for businesses mark targets that are at particular risk for this type of scam due to the large amount that is often requested in these money transfers.

The take-home message is to be suspicious of any email asking for money transfers or messages indicating that there’s been a change in the bank account information where payments are to be made. It takes just a single phone call to confirm requests for payment or the bank account details of a payment request. And don’t hit “reply” to the email. Make sure to use previously saved contact information you have on file and use the “forward” button to send your responses to the previous stored contact information instead of replying to emails directly.

Business owners are urged to avoid using generic email addresses such as Yahoo or Google to request payment and for client communication. Use a hosted email account specific to your business’s website to help protect your customers.