Iron Bastion founder and cybersecurity expert Gabor Szathmari says the “ruthless professionalisation” of financial crime means different crime gangs specialise in different areas of scamming. One group might focus on breaking into emails to get information about large transactions while another might steal driver licences,passports and other identification to open new bank accounts.
“Unfortunately,crime pays,and technology allows criminals to carry out scams on a large scale over the internet. For instance,phishing emails can be sent in bulk,and robocalls can be made without human interaction,” he said.
In Australia,there is no legal requirement for banks to name-check or confirm the payee for bank transfers despite theAustralian Competition and Consumer Commission recommending banks put these checks in place back in 2022 andconsumer groups demanding it in 2019.
Szathmari’s colleague,solicitor Nick Kavadias,says it’s easier for scammers to target businesses such as real estate agents and conveyancers – who may not store personal information securely – than to rob a bank.
Loading
“I’ve seen[scammers] break into email,and then they suck all the emails out,and they look for keywords,you know ‘contract’ or ‘sale’ or whatever and then they continue to sit and wait until the right time to send[the victim] an email pretending to be the solicitor,going,‘Hey,these are the payment instructions’ and they’ve copied and pasted previous emails and footers that they’ve received,so it looks legitimate,” he says.
Cybertrace chief executive officer Dan Halpin – formerly with ASIO and NSW Police – says international scamming rings target trusting Australians because we have access to large sums of money and it’s “basically shooting fish in a barrel”.
“I am aware of some situations where victims are suffering massive depression,and I’ve even heard of cases where victims have[died by] suicide because they firstly have lost their money,but also because they get limited assistance and police don’t take them seriously,” he said.
PEXA Group chief information technology security officer David Willett says bank transfer scams increased during COVID-19,dropped last year but are on the rise again.
“With the world grappling with the cost of living,geopolitical disputes and major elections,we are starting to see an uptick,” he says.
Levin Salaberry and his partner Tina Damcesvka lost $91,650 in a home-buying scam in October 2023,when a CommBank branch teller transferred money to another “mule” CommBank account that NSW Police have said was set up with a stolen identity.
Salaberry’s bank recovered $44,971.22 between October 18,2023 and June 12 this year,leaving him with a devastating $46,678.78 loss.
CommBank has offered to pay him another $4582.50 “to resolve the matter on a without admissions basis”,which he has not accepted.
Salaberry,42,has been traumatised by the scam – his heart races every time he hears his mobile phone ping with a notification. “He went into himself,into a shell,” says Damcesvka,50,an office worker.
Salaberry initially couldn’t bring himself to complain to AFCA,because he had to log in to an online portal to make the complaint,which he didn’t want to do after being the victim of cybercrime. He is now pursuing the matter.
“I don’t own a computer. I don’t sit in an office and do emails. I don’t answer phone calls from people I don’t know,” the construction worker,says,explaining he copies and pastes every number that calls him into WhatsApp so he can see if the person has a legitimate profile and photo.
Technology developed by fraud prevention firm BioCatch helped banks detect more than 150,000 mule accounts last year,though it’s not clear whether banks closed these accounts.
“Not just fraud and scams,but money laundering and all types of financial crime are more complex,more sophisticated,faster and of a higher volume than ever before,” says BioCatch executive Richard Booth. The company’s fraud detection and anti-money laundering technology is used by nine out of 10 major banks.
Most people hold bank accounts that comply with 100 points of identity. Scammers use illegitimate mule accounts to move stolen money overseas or into cryptocurrency,seemingly in violation of the spirit of Australia’s anti-money laundering and counter-terrorism financing laws,which require banks to report suspicious transactions over $10,000.
Banks have announced“scam-safe accords” to ensure names match account numbers in online transfers,investing $100 million in the project. Financial Services Minister Stephen Jones has unveiled new legislation forcing banks to identify dodgy accounts,but none of this has been implemented yet.
In response to questions from this masthead,Jones said the laws will require banks – and the likes of social media companies – to meet strict obligations designed to prevent scammers preying on victims.
“It is government policy that all bank accounts unlawfully established or maintained should be closed,” he said.
Solicitors and conveyancers are obliged to warn home buyers of the risk of payment misdirection,and ideally should complete the transfer of settlement funds in person or over a video call to direct funds to the right account.
Australian Banking Association CEO Anna Bligh said banks are rolling out tools to help stifle scams,including the confirmation system,and banks are closing down mule accounts as well as using more biometric checks to help verify the identity of people opening new accounts.
She called for tech companies to implement safeguards to stop hacks of email accounts. “Where a bank account is hacked,banks are required to reimburse customers and there is a question here about whether tech companies should reimburse customers when email accounts are hacked,” she said.
Lifeline 13 11 14