In August 2020, Holman Webb published warnings regarding cyber safety, scammers, hackers and dodgy money transfers - with a particular focus on the crucial need to take extra precautions when transferring money to third parties.
In the case of Deligiannidou v Sundarjee [2020] NSWSC 437, we see just how cunning hackers have become, and why not doing your due diligence prior to transferring large sums of money can be financially devastating.
Facts of the matter
A property agent sent a prospective purchaser an email on 7 February 2020 suggesting that if she wanted to secure "the property on a five day cooling off period so no other offers can be taken", she transfer the initial holding deposit of $1,400 into the agent's trust account.
The agent provided the BSB and account numbers for their trust account via email, and the purchaser transferred the holding deposit using these details.
A few days later, the purchaser received a further email purporting to be from the agent:
"Please find attached the invoice pertaining to the remainder of the 10% deposit due. I will be happy if you make this payment as soon as possible.
For reference purposes please add the reference number correctly as shown on the invoice."
This email provided the BSB and account number of the 'agent's trust account'. These details were in fact the BSB and account number of a different account - one controlled by the hacker. This email had been sent to the purchaser as part of an email chain which purported to include the 7 February 2020 email, which had genuinely been sent from the property agent.
Unfortunately for the purchaser, the hacker had thoughtfully edited the Trust Account BSB and account details in the original email - so they too displayed the BSB and account numbers of the hacker's account.
Being unaware of the change in account details, the purchaser went ahead and paid the balance of the deposit - with the funds going directly to the hacker. This mistake resulted in the vendor terminating the contract due to non-payment of the deposit.
How can you protect yourself?
Holman Webb suggests that whenever you are arranging to transfer money to a third party, you always call that party in order to verify the account details you are planning on transferring money to. Crucially, you should never trust the phone number provided within emails informing you of the account details when making this call.
Make sure you obtain the phone number from an independent source, keeping in mind that if the hacker can add false account details, they can just as easily provide a rogue phone number for use in 'confirming' those details.
It is similarly important to remember that even if you have what you believe to be the correct account details saved in your online banking account, you should always take the time to verify the account details, as the recipient may have changed banks or accounts without providing you with sufficient notification.
If you have a query regarding any of the suggestions made in this article, or you have a property-related matter of your own which you need to discuss - please don't hesitate to get in touch with Holman Webb's Property Group today.