HELP PLEASE! Scammed out of nearly $100K

Hi everyone,

So I'd like to precede this by saying I already feel absolutely horrible. I feel like throwing up constantly just thinking about this, but thought I would put it out there to see if anyone in the OzBargain community might have had any similar experiences or any advice.

Long story short, it appears a scammer hacked either my conveyancer's or the other side's conveyancers email accounts. and from doing so, got my details as well as the details of my upcoming property settlement. They knew the amounts due in terms of stamp duty payments etc, as well as the dates these amounts were due. They created a near identical email account to my Conveyancer, who I was emailing around 5-10 times a day and so simply didn't notice anything out of the ordinary when I received the scammer's email. It popped up only with my Conveyancer's name and the email address didn't come up as 'new sender' or anything. I know that I should have checked the email address before doing anything, but I had just answered about 3 other emails from my Conveyancer and still had about 3 to go. I had 6 emails in a row from her on different matters and it didn't at all enter my mind that 1 of these 6 might not be like the others.

In short, I transferred nearly $100K at the direction of this scammer who I believed to be my Conveyancer to the account they directed in the email. I called the Conveyancer later that afternoon to discuss another matter, and mentioned to her I had transferred the stamp duty payment for this property. It was then we both realised what had happened.

I searched the BSB and realised it was a Bank X account. I called Bank Y first (my bank) to ask them to commence a scam investigation and try recover the funds immediately. They advised the funds had already reached the other account but they opened the Scam investigation immediately. I then went to Bank X and tried to have them freeze the account the funds were received into. They said the account was already closed and for some reason, they couldn't see any details in the system about who had opened or closed it (how is that possible?). That night, I attended the Police Station and filed a fraud/scam report.

I now have the Conveyancer's insurer, the Police and Bank Y/Bank X working on this case but I'm accepting the worst and not expecting to get anything back. In the off chance anyone here might have had similar experiences and have any advice, I thought I'd raise it to the OzB community. Again, please don't pile on me. I know and I feel horrible. I've barely been able to sleep and I am just hoping there may be some avenue I haven't thought of, even if its not likely to succeed.

Thanks in advance everyone

Mod: Edited for privacy

Comments

  • +73

    Hi everyone,

    For those will following, finally after over 3 months of fighting, the best update of all. Yesterday I received back every cent of what I lost in March to this cyberhack.

    As part of the settlement, I can't comment much or disparage any parties who may have been at fault between banks, conveyancers or insurers etc but let's just say the Police didn't contact me once despite constant follow ups, the banks were little help (aside from my bank who did all they possibly could) but my conveyancers were AMAZING in pushing hard for me the entire time with the insurer once it became obvious the breach that occurred wasn't at my end. I owe this outcome nearly in full to my Conveyancers, who fought hard for me and to add, once we achieved the outcome and I asked them how much I owed for their support, advised they had treated this as Pro Bono work just to help achieve the right outcome. An absolutely incredible Firm who went the extra mile for their client.

    To the OzB community, thank you for all your comments, advice, ideas and words of support. Especially after it first happened, the kind words were some comfort and a reminder to me especially after some horrible people did this to me that people are good. I needed that and so I thank you all for it :)

    • +2

      What incredible news, great to hear after all this time!

    • +1

      Great to hear, was the breach on the conveyancer's end though like their email?

      • +1

        Yes it was through their email

    • +3

      It must feel euphoric for you to have achieved this. Congrats and you're lucky to have achieved full justice.

      • achieved full justice

        I am not so sure about that.

        OP got his money back through the insurer. That is a major win.

        But the actual crooks are still at large ready to pounce on their next victim, or are in the process of doing so.
        Also, the other party's conveyancer whose IT systems were breached don't seem to be held accountable for such piss poor security.

        • +1

          Hopefully, their insurer will increase their premiums.

        • +1

          That's one of the biggest issues in our society with Insurance. It creates a moral hazard.

          Do note, usually after a cyberattack, the insurer will ask for access to the computers and take preventative action. However, with social engineering attacks, it is unlikely to make a difference to future attacks.

          We all pay for it in the future in the form of inflation to the cost of services.

      • Restitution, not justice.

    • +2

      You won! I'm so happy this worked out for you!

      Closure was had by all :)

    • +2

      Yay :)

    • Thanks buddy, it sets a precedent for us trying to get compensation for clients from Lawcover/Others. It seems like no doesn't mean no.

  • +127

    Oh damn…

    • +51

      Back to the future: personal delivery of bank cheques. None of this internet hocus pocus.

      • +4

        Agree - for such large sums of money, a physical confirmation is the only way.
        I have used bank cheques a handful of times but man - there is way less stress than this online hullabaloo.
        All the best getting back the money.

      • +1

        A simple pay id would have stopped this as you could call the phone number before

        • +4

          Picking up the phone and calling to confirm banking details and confirming after payment made to get them to check is also possible. But people seems to shy away from the old phone these days.

          Yet people fall for the ATO, Department of Immigration robo call scams with iTunes cards.

      • +2

        You mean like how Frank Abagnale Jr (the real guy played by Leo in 'Catch me if you can') fleeced people of craploads of money?

        • If the movie was accurate, then it doesn't relate to this situation at all.

      • -2

        Because cheques are sooo secure

        • If it is in your hands and you lose it on the way from the bank to the recipient. At least you walk into the office and look into the face of the recipient. Unless the scammer goes to the lengths of setting up a fake long running business. You decide how much grief you potentially want to handle.

        • Do you really think it is likely that someone will break into the conveyencer's office, kill everyone, hide their bodies, get your conveyencer's face cut off and stiched onto their own and then assume their identity, just to trick you into handing your cheque over to them?

          • +2

            @Quantumcat: Happened twice to my friend in 2019.

          • -1

            @Quantumcat: Yeah because that's the only way cheques are insecure
            Signatures are the way of the future!

            • +2

              @blackfrancis75: I don't get your point.

              With cheques, you hand them to the person you want to give them to. Chances are you will recognise if it is the right person considering you will have had meetings with them in days prior.

              The only problem is if you lose the cheque (that's something you can control yourself, not someone trying to scam you) in which case you can invalidate it with the bank and get a new one, and just lose a bit of fees. Or if the conveyencer loses it, then the same but they will probably cover any reissue fees. Or if the conveyencer gives it to the wrong person or makes some other mistake, in which case it is clearly on them and their insurance should cover them (and if you are making out the cheque to the right payee then a wrong one won't be able to cash it anyway).

              With electronic payments there are many more points of failure and the penalties of them way higher (loss of entire amount not just cheque issuing fees).

              • +1

                @Quantumcat:

                making out the cheque to the right payee then a wrong one won't be able to cash it anyway

                Spot on, mate! If it is a non-negotiable and account payee only cheque, then only the recipient named on the cheque can cash that cheque directly into their account (and they must supply valid ID when doing so).

                Obviously the troll here doesn't know what they are on about.

                • @DoctorCalculon:

                  Obviously the troll here doesn't know what they are on about.

                  to Boomers, anyone who tries to correct you is a 'troll' lol

                  some light reading for you

                  Types of cheque fraud:
                  * Cheque kiting
                  * Embezzlement
                  * Bad cheque writing
                  * Check Conversion
                  * Abandonment
                  * Forgery

                  https://en.wikipedia.org/wiki/Cheque_fraud

    • +139

      I think OP could use a hug right now:

      🤗

      • +9

        Here here, yep he sure does. I would not loose hope yet. This might yet get resolved in your favour. I'm not going to tell you, you should have known better because even the most diligent of us get caught out sometimes.

      • +2

        a $100k hug

        • -5

          publish you nummber there are still more scammers waiting to call you!

          • -4

            @payless69: Ok take a trip to India and brag about your 100k charity donation. Every Mr Sing will admire you and ask you where you are from.

    • +7

      Seems to be happening more, just saw someone got scammed over $350k in Perth - https://www.perthnow.com.au/news/perth/102-year-old-perth-gr...

      • +2

        Just pathetic. How does these scammers live with themselves. yeeeesh!

        • +4

          On big piles of money with many beautiful ladies from the sounds of it

      • +1

        You know save $15 on a bank cheque.

        • My conveyancing solicitor firmly pushed me towards this method of settlement and I did use it when selling my property. I felt uneasy until the funds hit my account even though I did call to verify details. I could never get through to the person actually handling the transfer. Can't remember the cost of this service but it was much higher than $15.

        • Just looked up I was charged $87.45 for using the settlement service as seller.

          • +1

            @Grat: Why you confused with going into a branch and asking to have a bank check produced ($15 max) and getting it down to the conveyancing company?

            Why is everyone coming up with fancy escrow / settlement services.

            • @netjock: In QLD they have built the fancy escrow services into the standard REIQ contract. Unless you get a pen out and put a line through the clause in the contract you are already on board.

      • +1

        If you saw it why didn't you stop it?

    • +1

      I'm astounded that funds from transfers this large aren't isolated for a few days or a week. Just absurd that you could plausibly lose that much money off of something pretty easy to fall for.

  • +82

    Before we get any "welcome to OzScamAdvice" comments…

    Member Since
    05/09/2015

    • +256

      Yep, and the difference here is that it's not your typical should have known better run if the mill scam. I feel for the OP.

      • +10

        Should always call and double confirm account details verbally. Or do a small transaction, confirm they received it then proceed to send larger amount. Also question any account changes.

        • +30

          Should always call and double confirm account details verbally

          Using reliable publically available contact information or something else you can verify, for example the business card they gave you.

          DO NOT CALL THE PHONE NUMBER IN THE EMAIL YOU ARE SENT WITH BANKING INSTRUCTIONS

          • +1

            @spaceflight: I suggest this for rule of thumb anytime someone calls your about bank accounts, utilities etc
            Always ask for a case number or reference number that you can use to phone your utility or similar and reconnect with the person that way.

        • +1

          After all the scam stuff I've seen here reckon I'll have to be the paranoid person that insists on a physical cheque or something like that. Just absurd such a large sum of money could be lost in a single day

          • +1

            @N1NJ4W4RR10R:

            I'll have to be the paranoid person

            $15 bank check fee plus an hour of your time. Small price to pay if scam strikes you. It isn't like you're paying a $15 fee every day. We don't buy houses like coffees and muffins.

      • +25

        Yeah, absolutely feel gutted for the OP… My comment was more so, been a long standing OzB member so let's try not pour salt as one would if it was a Member Since… 2 minutes ago, instead try offer some constructive comments =)

        • +15

          Thank you guys. I appreciate it

          • +16

            @celtics889345: It's a NAB account. They wouldn't be able to withdrawal more than $20k a day unless they had business grade accounts which would require a lot of ID.

            Some timings would be useful.

            It's most likely they will be able to recover your funds.

            Sounds like an internal scam.

            • +10

              @Gallifr3y: Yes - from NAB's POV the fact that all the money went in one hit and that they can't see whose account it was is a massive red flag. They've been hacked too, probably by an insider. I reckon NAB will make much more effort than they would if you had just been another punter who got scammed, so don't entirely give up hope of getting the money back. Plus since their system failed to prevent it you have a case for compensation from NAB anyway - but that means dealng with lawyers.

              It also means you should not kick yourself too much that you got scammed - this was clearly a pretty elaborate operation. How did these people even know you were buying a property?

              • @derrida derider: If they've hacked the conveyencer then they probably know every person engaged in property with them. There could be others caught up in it. OP hopefully has let their conveyencer know to email their client list to watch out

            • +5

              @Gallifr3y: My understanding is that they can't disclose it (person / account type) to the OP for privacy reasons but police should have no problem obtaining it via a formal request. Up to police whether they can share it or not as that person or entity might also be a victim of identity theft.

              Worse case scenario is that the account was opened using stolen information. Person doing this sort of MIM attack is not likely to use their real details for this unless they are really, really dumb.

            • @Gallifr3y: Here's hoping for OPs sake. Losing that amount of money is rotten at the best of times, even worse with the current events.

      • +10

        This exact scam is actually very common. That doesn't mean OP should have known, they don't buy property every day, however how in the hell are conveyancers not doing more to advise their clients of this and setting up some sort of secure contact method.

        • +1

          You're right, and many conveyancers ARE giving this advice, in fact going so far as to put such advice in their email footer. And yes, it is in their business interest to do so. Unfortunately not everyone is keeping up pace with the means available to scammers.

          • @eggboi: There's no point blaming the user and telling them to do better, you need to instead do more to try and remove the risk. I'm sure I could put together a foolproof method in a day.

            • @Cheaplikethebird: yeah but then there's the trade-off between convenience and security. as someone above mentioned, personal delivery of bank cheques is more secure.. but even that is vulnerable to human error, like in the movie 'catch me if you can' (as is the whole concept of most scams, which basically 'hack' the human aspect of how our brains verify and process everyday documents, websites, procedures, emails etc. No system will be 100% foolproof for everyone, all the time. You'd be surprised just how little it takes for some people to be convinced to hand over large sums of money.

              • @eggboi: Yeah no system is foolproof but verbal advice and a note in an e-mail footer is basically zero effort. I'd say losing 100k is pretty inconvenient, enough to employ some basic cyber security measures.

                • @Cheaplikethebird: I agree with you. Unfortunately not only do enough people place far too little importance on financial and technological literacy that scammers have plenty of prey, but this issue describes MOST people. Scams (and even election interference and cyber attacks from foreign governments) have become super common.

                  When very little effort is made to deal with these crimes, it just runs rampant. The ADF was hacked by the Chinese government, and they stole a bunch of sensitive data.. what was done about it? basically nothing… just "dear china, pls stop hacking us because it makes us look bad".

                  yes there are many reasons these crimes are harder to prosecute (eg international jurisdiction, no trail of physical evidence etc). forcing banks to foot the bill for clearly well orchestrated scams would make them tighten up their standards around ID checks and verification though, as you propose should be done. Imagine if we had a government that would actually hold the banks accountable lol…

        • +4

          Because the honest truth is they are conveyancers and are:

          Not that bright
          And probably older so out of touch with tech

          Which means:
          Their systems are most likely compromised, given the large amount of attachments they open each day, and they probably use a pop3 e-mail system instead of an online system like gmail that scans viruses normally anyway.
          I doubt they would be using corporate grate cloud e-mail like g apps or microsoft.
          Their version of IT/security protection would literally be windows defender….
          That's IF they're using windows 10.
          They're probably still using windows 7.

          Across businesses we work with:
          Everything via private VPN.
          Any e-mail outside of our domain gets filtered.
          All clients e-mails are vetted.

          I receive on average 5 e-mails a week from other businesses that I shouldn't be receiving. The number of times a receptionist sends out a whole client list, you might as well print it on the front door of their business.

          • +7

            @Gallifr3y: My mother works at a conveyancing/solicitor place in a small town one day a week. She's had me come in a few times to fix things, but the boss is friends with a moron who styles himself a "freelance IT solutions expert" who keeps undoing it. The 4 day a week secretary keeps calling him whenever anything goes wrong. He makes a mint and pretty much does the wrong thing every time.

            The last time I came in a year or so back:
            Windows 7 - check
            No updates installed ever - check
            Some very old version of Internet Explorer is the only browser - check
            No antivirus - check
            Pop3 email that came with the cheap nasty ISP - check
            Wifi password is the name of the business - check
            Open everything that is sent to them - check
            The Windows password is extremely basic and on a posit on the screen that can be seen from the reception area - check
            The wifi password is also on a postit right next to it - check
            The email account password is on another post it right next to those - check.
            Their "IT guy" sold them a massively out of date solution for many times what it was ever worth - check
            He also got them disconnected from their FTTP connection which had the router wired to the computer and printer via ethernet, no wifi enabled (because no device used it) and a firewall, for a crappy discount 3g wireless hotspot because it saved $30 a month.

            He did this because when he tested the internet on the computer there was no wifi and he believed the router was broken. The ethernet cable had been pulled out of the computer, the computer had no wifi adapter. He got them to buy a usb wifi adapter after he couldn't get wifi on the computer after changing the router to the 3g hotspot… - check

            Oh and they weren't running a non-corporate cloud system, they just had no back up system. - Check

            I fixed it all again, updated and trained mum and the other secretary who are the only ones who use the computer. But they'll probably end up calling the moron again and he'll screw it all back up.

            At least he refuses to do online payments and all their accounting is done by hand in physical books locked in a huge vault.

            • @johndoh89: lol yep

              ^Scammers, find the above business.

            • @johndoh89: Can you imagine what the IT security is like for his other clients businesses? Like you said, he's probably making mint on doing basic crap - the fact about router/modem with no wifi - WTF!? That's pretty basic which he still stuffed up!

        • +1

          My conveyancer has a footer at the bottom of every single email asking you to call their office and verify details before making any payments.

        • Theres another episode of this just happened with someones retirement money from a sale.

  • +55

    wow , I send a pray your way. 100k is a lot of money, so hopefully the police investigate. please update on outcomes.

    As the transfer went to an account in Australia, one can hopefully assume its all done onsure, but if offshore, they wont get the culprit, but maybe your money i dunno?

    • +13

      Probably went into account of some unwitting money mule

      The poor money mule may have already wired the money offshore.

      • oh wow thanks for that, i never knew that one. Lets hope its not that, but same sort of tatic

      • +1

        This is a bit old now, Western union got sued by ftc for this so its not longer the preferred way as they're supposedly keeping records going forward.

        https://www.consumer.ftc.gov/blog/2020/03/153-million-wester...

        Newer ones are utilizing other methods such as bitcoin

        https://krebsonsecurity.com/2016/09/money-mule-gangs-turn-to...

        • This is a bit old now, Western union got sued by ftc

          Doesn't have to be Western Union, sometimes it is one mule transferring smaller amounts to many others who send it using various methods. You can send up to $9k offshore for free using Revolut. Basically split it into 10x $10k tell each mule to keep $1k and send the money on. Nobody is wiser it is a part of a bigger scam.

          Scam can run for a long time as there is always new set of people.

          • @netjock: Sorry I should've clarified, in not talking about the scam but rather the western union / money gram method stated by CommerceWA. It's not nearly as common today as when the article was written (2015) because there's better methods with less paper trail today (e.g Bitcoin ATMs, gift cards, ebay/nespresso,casinos).

            • @Serapis:

              It's not nearly as common today as when the article was written

              Might be your observation but I can tell you the scam emails about a large sum of money that was suddenly found and I can get it to you if you pay funds for it to be release scam has been doing on for 10 years if not 20 years. Never gets old that one. Must be some kids who just got their drivers licence falling for it somewhere. Just because we seen it doesn't mean other people have. Some of these fools haven't been born when some of these scams started.

              The best one is always the doctors and lawyers that fall for send me money so I can release a big amount of money from some bank somewhere in Africa because my dad was head of the bank. I mean stuff like $5m in gold can just sit there at a bank and nobody would notice it.

              • +2

                @netjock: I think we have a bit of a misunderstanding. My post is specifically in relation to the method used by criminals to launder funds.

                Ideally they need a method with minimal paper trail and Western Union is less attractive as a method now than in 2015 because my understanding of the FTC / DOJ case is they now need to keep records of senders and recievers.

                An example of what I'm pointing out would be a job advertised on Gumtree/FB/Seek/Instragram/Tiktok that looks legit, they even get you to do a job application and send you an employment contract sometimes. They tell you they operate overseas (IE UK / US) and just need you to take payment from their supplier to your bank account and you need to wire money via payment services (Western Union / MoneyGram / buy bitcoin for them from an atm) and you can keep a part as a bonus. They might even call you from an Australian phone number if you're suspicious.

                The mule would do this and not get any further contact from the criminal.

                If you dig deeper down the rabbit hole:
                * the ABN on the contract is real, but belongs to a business with no association and unaware they're being used for laundering,
                * number is set up for call forwarding,
                * website domain details are hidden, fake or hijacked,
                * bank account you received money from is closed or suspended;
                * people you were actually talking to are based in RU, CH or a number of other possible places and you only have a fake name.

                Mules can include younger people who think it's a gig job, people desperate for work or people looking for a quick buck. These are quite targeted and not the wide net (nigerian, inheritance) email scams you mentioned but more like the fake dating scams as there's more involvement. Can be operated by criminal groups like gangs and cartels (and you'll probably get death threats if you keep the money, they request your name, address, phone and even driver's ID or passport [as their KYC] before they send funds)

                If OP was scammed by someone overseas, this would be one of the methods they can use to get the money out of the country.

            • @Serapis: How does the gift card one work? That is, how do they get the cash back out of the gift card?

    • +37

      I find it hard to believe NAB has no personal details on file?
      When opening an Australian bank account you need to provide your tax file number and ID, so how would they not have details on this person?
      At least that's what I remember when I last opened an account (I could be wrong).
      When closing an account, you need to contact them in person or over the phone, they close the account but the details never disappear, it just sits in their system as a closed account. They need to keep your old account on file for any disputes or transaction records you may need, even if closed.
      In saying this, of course, NAB cannot divulge their details directly to you as that would be breaking the privacy law, but the police can get this information.

      • +8

        Tax file number is not needed, but a passport or an Australian driver license is!

        • +1

          Actually not, overseas passport can work too for PR and working visa holders. However, you still need to bring the original to the office and thus identify yourself with a photo ID.

      • +48

        Used to work fraud for a Big 4 bank and that's complete bs from them. They 100% have those details on record, it's required as part of KYC. Whether those details are accurate is another story - could be a stolen identity, for example, but nonetheless they would have some record of the customer it belongs to. But yes, they would only provide it directly to the police or other relevant authorities.

        • whats kyc? could it be possible they just had no details on the account as they said and literally created a completely anonymous bank account that has zero information on who account it belongs to?

          • +5

            @Zachary: KYC = Know Your Customer, a requirement to identify and verify someone becoming a customer/client.

            • @devz: is it possible to tell fake info so you can make an anonymous account?

              • +3

                @Zachary: Nope, they'll verify any details you provide. (I mean technically IT IS possible, but that is a high amount of negligence from the bank's side for that to happen)

            • @devz: Absolutely correct. Bank has an obligation to know their customer and also has the right to enquire about large fund transfers.

        • +10

          Agree with above. NAB will be in deep shit if they say that to the government (that they know nothing about the account holder). If you reported in the immediate aftermath, like you said in your post, and that account with $100K has been closed ( which should trigger an alert for NAB, $100K in and account closure right away?). The 100K has either be transferred to another account, or cash out ( not possible in 100K) , worst case scenario is it has been wired overseas but a recall is very much possible if done quickly enough. The staff at NAB is unlikely to tell you these details unless there is a police request or a court warrant.

          • +1

            @AllWins: yup. international settlements usually take 2+ days anyways. I am hopeful OP gets their money back but it will be on NAB to do the legwork and get it done

          • +3

            @AllWins:

            NAB will be in deep shit if they say that to the government (that they know nothing about the account holder).

            Especially with the Banking Royal Commission fresh on everyone's minds!

        • This. They can't just hand out personal details to every Joe / Jane in the street that says they've been scammed.

      • unless of course, the financial institution is complicit in this - would not be unheard of - how many laws and legislations did the financial institution breached in the Royal Commission into financial institution and Banking misconduct? why are we surprised if it was a complicit job? given the laws we see that was broken at the Royal commission? oh and no one went to jail for that.

    • If the $100,000 the op lost involves violence, the police would probably make more effort.
      For non violent scams/ financial fraud, if you add another couple of zeros at the back, it might worth a bit more of their time.

      • +2

        Sadly, that is more then likely the scenario.

      • -1

        OP should pose as a woman and say that the scam is increasing the pay/wealth gap even more.

        Maybe that will get the pollies to create an international issue and get to the bottom of it.

  • +23

    Conveyancer insurer…have they said anything?

    Damn I feel sick too.

    A few years back I nearly got caught out.

    Had issues with nab and were in constant contact. Got an email asking me to fill out some details. Before I clicked submit, I felt something was off. The details they wanted, they should have them in their system!

    Checked the email and sure enough some mf tried to do one on me.

    I always check the email. If it's anything massive, I'll call them to confirm the details too.

    I sincerely hope you get your money back

    • +43

      Thank you mate! Conveyancer is trying their best with Insurance Comp A to get me cover under their Cybercrime policy which they have cover for. Only issue is it typically covers the insured (them) rather than 3rd parties like myself. They are trying hard though!

      Mod: Edited for privacy.

      • +46

        Regardless of the outcome, that's a great business to support. I'd encourage you to "name and praise" accordingly. There's plenty of hopeless ones out there, and a personal recommendation to every person you talk to from now on when they say they're buying a house is a small token of appreciation.

        From the bottom of my heart, I'm sorry to hear this has happened to you. I can understand how you didn't give it a second thought and you'll probably keep beating yourself up over it for years to come, but know the scam is so effective because it feels "expected" to have to transfer a large amount to a random bank account at some point.

        Thanks for sharing your story and hopefully helping someone else in the future take a second longer and question whether this could be happening to them to.

        For everyone else (me included) its a good reminder to use different passwords for accounts, with 2FA where you can.

      • +17

        Odds are their account was compromised; small businesses are targeted a lot for this technique. Start the process now /w a layer and/or a digital forensics firm. The logs required typically only survive 90 days. ACSC might be able to point you in the right direction here.

        Only issue is it typically covers the insured (them) rather than 3rd parties like myself.

        You may need to go after the conveyancer for damages, which in turn they would pass on to their insurer if at fault.

        What email service do you use? All the major ones will have logging for your account, and will expose a fair bit to you.

        • +2

          I believe this maybe the right way to go about it.

        • I'm not normally sceptical of the resolution and really hopeful the OP recovers their money but….
          As someone who's company (employee not owner) was compromised by ransomware a couple of years ago - instant report to ASIC/Acorn and we're talking about 30-40k ransom demanded - ASIC did not contact us at all other than generic emails sending to their FAQ pages about security.
          They were next to useless. For a conveyancer which is even smaller, I doubt they would respond. Between them & OP, yes go and talk to a lawyer about what needs to happen ASAP.
          I also hope the police does something and keeps OP updated but again because of "privacy" reasons between them and NAB could be something the OP just isn't informed off until the time period for digital logs may expire. I really wish there is visibility in their proceedings and hope this works out for OPs sake.

      • +5

        If it was them that was hacked and someone fraudulently represented themselves as them, it could be argued that an insurance payout would be covering them. This surely sounds like it isnt going to be a simple process. I feel for you dude as do clearly alot of people here. This is a well orchestrated plan that sounds more like they were targetted and not you individually.

      • Does not make any sense as you need mailing address and identity proof to open any account I understand if they say account was open with identity theft and withdraw all money and close account.
        Here bank saying they do not have any details when all bank is liable keep 5 years of records.

      • +1

        Op, heres a thought, if you were able to prove that it was your conveyancers email that got hacked, then you should be covered as a 3rd party, because they are the victim of the crime directly.

        Perhaps your conveyancer has received emails from othe customers claiming to have received a fake email from them? That would be sufficient proof i would guess!

        Trying not to give you false hope here, just trying to help.

    • +6

      Please be aware that a well-crafted scam website will save anything and everything you type into it even if you don't click submit.

      Your basic 5-minute webforms job won't, and any no-script addons you run will do their job and interfere, but a sufficiently well developed site can automatically save every mouse movement and keystroke you perform on the page.

      • +3

        Yap I monitored all my accounts, credit checks, as well as changed passwords.

        Nothing has been done to me (this was about 2 years ago).

        Also have no script on Firefox.

        But you raised very good points. Hope people read and remember

    • -1

      Get legal advice. Issue proceedings against the Conveyancer. Very likely they have been hacked or have lax security. The scammer surely got your details from them. Probably an O365 hack.

Login or Join to leave a comment