New scam uses mid­dle men

Pilbara News - - Lifestyle - Gwyn­neth Hay­wood Gwyn­neth Hay­wood is the se­nior re­gional of­fi­cer at Con­sumer Pro­tec­tion.

Don’t let scam­mers come be­tween you and a payee.

Scam­mers are car­ry­ing out re­search into peo­ple at var­i­ous or­gan­i­sa­tions and ei­ther hack­ing com­put­ers or im­per­son­at­ing email ac­counts in a fraud known as a “man in the mid­dle” at­tack.

Con­sumer Pro­tec­tion and WA Po­lice Ma­jor Fraud Squad warn any­one mak­ing pay­ments to third par­ties to be aware of the in­creased fre­quency in at­tempts to in­ter­cept money.

Western Aus­tralian com­mer­cial busi­nesses and not-for-prof­its have lost at least $500,000 over the last two years, ac­cord­ing to re­ports made to WA ScamNet at Con­sumer Pro­tec­tion.

In Queens­land, Bris­bane City Coun­cil lost $450,000 to this type of scam.

These at­tacks are so­phis­ti­cated and may in­volve:

In­ter­net re­search into your or­gan­i­sa­tion and any goods or ser­vice sup­pli­ers used.

Con­vinc­ing phone calls to find out who deals with fi­nance mat­ters.

Emails con­tain­ing links or at­tach­ments that when opened down­load spy­ware, giv­ing the of­fend­ers ac­cess to in­for­ma­tion on com­put­ers or mo­bile de­vices.

How to avoid be­ing scammed

Ver­ify any pay­ment re­quests re­ceived via email from peo­ple within the or­gan­i­sa­tion and third party sup­pli­ers. Ide­ally the con­ver­sa­tion should be taken off email and a known per­son spo­ken to on the phone or in per­son.

Run a virus scan on any com­puter that has re­ceived a sus­pi­cious email.

In some re­cent re­ports the tar­gets re­alised be­fore it was too late. You can learn from them.

Ex­am­ple 1:

Scam­mers posed as the pres­i­dent of an as­so­ci­a­tion hav­ing as­cer­tained the per­son was away and com­mu­ni­cat­ing elec­tron­i­cally. They used a spoofed ver­sion of the pres­i­dent’s email ad­dress that looked the same but replied to the scam­mers.

The scam email asked the trea­surer to or­gan­ise a $3700 pay­ment that sounded like a nor­mal ar­range­ment, ex­cept un­be­known to the trea­surer, the bank ac­count de­tails were for an ac­count be­long­ing to the of­fend­ers.

In­stead of hit­ting re­ply, the trea­surer typed the email ad­dress for the pres­i­dent in the “to” box. This broke the com­mu­ni­ca­tion with the scam­mers and meant the trea­surer sent an email to the pres­i­dent’s true ac­count.

The pres­i­dent didn’t know what pay­ment the trea­surer was talk­ing about.

At this point they re­alised there was a hack of the email ac­counts.

Ex­am­ple 2:

A fi­nance of­fi­cer at a not-for-profit re­ceived an email from a team mem­ber seek­ing ur­gent pay­ment of an in­voice for $15,000.

The at­tach­ment was an ex­act copy of a usual in­voice and the only change was the bank ac­count de­tails.

The fi­nance of­fi­cer phoned the team mem­ber to dis­cuss the pay­ment only to find the team mem­ber had not sent the email.

Any­one im­per­son­ated or tar­geted may have been the vic­tim of hack­ing.

All par­ties need to have their de­vices checked by a rep­utable tech­ni­cian to en­sure any spy­ing soft­ware is re­moved and that pro­tec­tion, such as fire­walls and anti-virus pro­grams are up-to-date and work­ing.

Or­gan­i­sa­tions tar­geted by man in the mid­dle scams can re­port the de­tails to WA ScamNet by call­ing 1300 30 40 54.

In cer­tain cir­cum­stances there may be a re­fer­ral to po­lice. Suc­cess­ful fraud at­tempts can be re­ported to WA Po­lice Ma­jor Fraud Squad on 131 444.

Fur­ther de­tails, in­clud­ing lo­cal vic­tim case stud­ies and tips to pre­vent an at­tack can be found at mid­dle­man.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.