The bank reported that a regular customer at its St Ives location came in to request help with a $400,000 transfer to his solicitor, after receiving an invoice via email for a property purchase.
The customer, who works in property development, had purchased property through his solicitor in the past, so though it was a large sum of money he believed the request to be legitimate and in line with transactions he had made previously.
The invoice came from his solicitor’s email and included information to make the payment.
But criminals had in fact hacked into his solicitor’s email and sent the invoice that looked identical to those that had been legitimately issued. All the details appeared to be the same, including the email address, but the BSB and account number had changed to a different bank.
When branch manager Anu Mishra received the request to assist with the cheque deposit into the solicitor’s account, he began asking questions to assess the legitimacy of the transfer – in line with his training.
“We’re trained to ask questions to understand the situation more and wanted to make sure the details were definitely correct,” Mr Mishra explained.
“Some people feel like we’re being nosey by asking questions, or that we don’t trust someone, but what we’re really trying to do is to make sure customers aren’t getting caught up in a scam.”
In this instance, Mr Mishra asked the customer if he had a similar invoice against which he could check the details, which the property developer did not have on hand.
Mr Mishra decided to delay completing the payment until the customer could speak to his solicitor and confirm the details of the payment.
While waiting to connect with his solicitor, the customer received another email from the address urging the payment to be made immediately, followed by a call on WhatsApp. It was the unfamiliar voice on the line that caused the customer to question the legitimacy of the payment. Mr Mishra decided that it would be unwise to complete the transaction that day.
The bank manager related that while it can be uncomfortable to make that decision, it’s ultimately for the good of their clients that bank staff are trained to slow down or pause the process at certain moments.
“Understandably, the customer wants the payment to go through as quickly as possible, but when there’s a red flag for a scam, it’s more important to make sure we take our time to get the details right,” Mr Mishra said.
“It felt like we were being unhelpful by not making the payment that day, but that’s what we needed to do to ensure we didn’t fall for the scam when scammers are trying to create a sense of urgency.”
The following day, the customer returned to the bank to tell Mr Mishra that he had discovered the request was in fact a scam – the solicitor’s emails had been compromised.
“He had spoken to his solicitor that morning and found out that the payment details were changed, the emails were hacked, and he realised just how close he came to losing $400,000. The solicitor had no idea they’d been compromised either,” Mr Mishra explained.
According to a 2022 report from the Australian Competition and Consumer Commission, investment scams – which involve email compromises or payment redirections – cost Australians more than $224 million in 2022. Due to the nature of the crime and that falling prey to scammers can often cause victims shame and embarrassment, the actual figure of how much is lost annually to investment scams is assumed to be much higher.
[RELATED: Major banks warn against scams in 2024]