Look out for these warning signs
Email is an essential daily part of our business; we're seeing an increased number of fraudulent emails appearing to come from legitimate sources.
These emails are called Business Email Compromise (BEC) and it is a form of phishing. Cyber attackers craft emails that impersonate employees or companies to obtain money or goods fraudulently.
This scam is rising in frequency, especially in the construction, property, and real estate sectors, meaning a company like Loan Market and our clients are prime targets, given the type of information we manage and communicate.
Recently we had two separate incidents reported by our advisors/members. Their clients have experienced scammers using these emails, highlighting the importance of ensuring we are all communicating with the correct individual.
Incident 1 – Builder has changed their bank account for progress payments.
A progress payment request was received from the client via email. After forwarding this request to the bank, it was identified that the invoice account number and phone number were changed. The bank's representative then called the builder to confirm as per their policy, and it confirmed it was not the builder's account but someone else using a similar looking email address to the builder. The impersonated email was so close to the legitimate address of the builder that our client and our member did not initially see it.
The bank did not make the payment to the details given in the original email due to the bank's representative following policy and picking up the phone to confirm with the builder if in fact, their payment details had changed.
To remedy this for future progress payments, our member has informed the client to use another email account that has not been compromised. Our member also reset their passwords and had their IT consultant do a security check to ensure the compromise was not from our end.
Incident 2 – Another building progress payment near miss.
The progress payment was received from the client via email and then sent to the bank for payment. After the payment request to the bank was made, the member received an email from their client asking when payment was being made.
The member followed up with the bank and their client regarding the status of the payment. Luckily the client is a friend of our member and had sent a text message that morning, and it became apparent to our member that the client wasn't who had sent the email in the first place.
Once this was identified, our broker notified the bank and payments were made correctly to the builder.
Given that this type of attack is on the rise, we all can take some key steps to spot the signs of a malicious email and protect ourselves and our clients from a potential security compromise.
Warning signs of fraudulent and compromised email scams:
- The email appears to be from and uses legitimate names and contact details of the “sender” but be sure to check the sender's email address as it will never be 100% accurate.
- The email may imply a sense of urgency and require immediate action, e.g., urgent funds transfer or sudden change to the payment account number.
- Be extremely cautious with unexpected messages, never click on unknown links or open attachments, and do not use your work email account for personal subscriptions or accounts.
- Consider the context or language that is being used. Is the information provided in the email consistent with what you would expect from that person or organisation it purports to come from, e.g., is it unprofessional, or does it have spelling and grammar errors not typical of that person or company?
- Look for unusual links or attachments in the email; if in doubt, avoid clicking on links or opening attachments – they may be malicious files designed to infect your devices with malware.
- Remember never initiate financial transactions without due process, verifications, and approvals. Make it part of your process whenever you receive a change of account details that you pick up the phone and confirm that it has been changed.
- Finally, think about what information about your role at work you have shared on social media. Have you inadvertently offered up information valuable to a cybercriminal on various social media platforms such as LinkedIn, Facebook, Instagram etc.?
To read more about the importance of email security, visit the Australian Cyber Security Centre’s email security page for more on what to look for.
If you suspect a malicious email, you can report it to the LMG Corporate IT Support via email firstname.lastname@example.org or call 07 3231 2195.