An Australian woman tricked into transferring more than $800,000 to a fraudulent business in a real estate transaction has had most of it returned due to timely reporting of the crime.
The Australian Federal Police (AFP) have highlighted the case to underline the importance of reporting cybercrimes as soon as possible.
AFP Detective Acting Superintendent Darryl Parrish said police recovered $777,000 stolen in the Business Email Compromise (BEC) scam.
Acting Superintendent Parrish said in this case cybercriminals created a fake email address with one letter different to the legitimate business email to deceive a South Australian woman into unknowingly sending $813,000.
“Following an investigation by the JPC3 (Joint Policing Cybercrime Coordination Centre), international law enforcement partners and multiple financial institutions, authorities were able to return $777,000 to the woman earlier this year, representing about 96 percent of the funds stolen,” he said.
“In May, 2023, the woman had notified her bank and police through ReportCyber at cyber.gov.au two days after she had transferred $813,000 to a fraudulent bank account instead of a legitimate conveyancer’s account as part of the purchase of a new home.”
Acting Superintendent Parrish said the woman was targeted by a BEC, a fraud technique used to deceive victims into unknowingly transferring funds to financial accounts controlled by criminals.
He said BEC scams were increasingly complex and criminals either hacked into, or created near identical, business email accounts to manipulate financial transactions.
“Cybercriminals commonly target businesses and individuals making significant payments, like property transactions, in an attempt to divert victim’s funds to a fraudulent account.”
He said businesses could prevent cybercriminals from accessing their online accounts by setting up multi-factor authentication (MFA) to add an extra layer of security, making it harder for criminals to get in.
The advice comes as the United Kingdom moves to introduce laws which would require banks to refund fraud victims up to £85,000 ($164,000) within five days.
The BBC is reporting that, under world-first legislation, the refunds which are now voluntary will become mandatory from October 7.
The report said the UK’s Payment Systems Regulator (PSR) had reduced the maximum compensation from a previous proposal of £415,000 ($802,000), saying the new cap would cover more than 99 percent of claims.
“It also announced that once a bank or payment company had refunded a customer, it could claim half back from the financial institution the fraudster used to receive the stolen money,” the BBC report stated.