HELP PLEASE! Scammed out of nearly $100K

Hi everyone,

So I'd like to precede this by saying I already feel absolutely horrible. I feel like throwing up constantly just thinking about this, but thought I would put it out there to see if anyone in the OzBargain community might have had any similar experiences or any advice.

Long story short, it appears a scammer hacked either my conveyancer's or the other side's conveyancers email accounts. and from doing so, got my details as well as the details of my upcoming property settlement. They knew the amounts due in terms of stamp duty payments etc, as well as the dates these amounts were due. They created a near identical email account to my Conveyancer, who I was emailing around 5-10 times a day and so simply didn't notice anything out of the ordinary when I received the scammer's email. It popped up only with my Conveyancer's name and the email address didn't come up as 'new sender' or anything. I know that I should have checked the email address before doing anything, but I had just answered about 3 other emails from my Conveyancer and still had about 3 to go. I had 6 emails in a row from her on different matters and it didn't at all enter my mind that 1 of these 6 might not be like the others.

In short, I transferred nearly $100K at the direction of this scammer who I believed to be my Conveyancer to the account they directed in the email. I called the Conveyancer later that afternoon to discuss another matter, and mentioned to her I had transferred the stamp duty payment for this property. It was then we both realised what had happened.

I searched the BSB and realised it was a Bank X account. I called Bank Y first (my bank) to ask them to commence a scam investigation and try recover the funds immediately. They advised the funds had already reached the other account but they opened the Scam investigation immediately. I then went to Bank X and tried to have them freeze the account the funds were received into. They said the account was already closed and for some reason, they couldn't see any details in the system about who had opened or closed it (how is that possible?). That night, I attended the Police Station and filed a fraud/scam report.

I now have the Conveyancer's insurer, the Police and Bank Y/Bank X working on this case but I'm accepting the worst and not expecting to get anything back. In the off chance anyone here might have had similar experiences and have any advice, I thought I'd raise it to the OzB community. Again, please don't pile on me. I know and I feel horrible. I've barely been able to sleep and I am just hoping there may be some avenue I haven't thought of, even if its not likely to succeed.

Thanks in advance everyone

Mod: Edited for privacy

Comments

  • +6

    Internet Security Administrator here.

    It sounds like that the scammer had knowledge about the sale. Therefore I assume either you were hacked or your Conveyancer for this information to be available.
    It would of been an email account most probably that was comprised and I am suspecting its on the conveyancer side. If you could prove or confirm this then you are not at fault and its the conveyancer or their insurance that's liable.

    As one said look at the email headers (not just the account the email came from) and see if it actually came from the conveyancers email systems.

    Have you done a check of your email systems for any suspicious activity?

    Good luck, I feel for you…

    • +12

      It’s unlikely someone would take the trouble to hack into the email account of a random individual on the off chance they’re going to transfer a large sum sometime soon. It’s astronomically more likely they would hack a conveyancer.

      • Mod.Delete Incorrect reply chain

    • -1

      Agreed, the fact that information about the transaction was known to the scammer means either this is someone OP knows (hopefully not) or that the conveyancer for one or other party has been compromised.

      OP really, really needs to go and talk to a competent lawyer ASAP. They will be much more helpful than the cops.

  • +2

    Best of luck to you and hope you get the funds back. Shocked that NAB has so many red flags and would be disgusted if there's no accountability behind letting this happen. Thanks for sharing and spreading awareness about these types of scams.

  • +1

    I am sorry to hear that OP.

    All bank should have 100 point check as part of standard procedure for years. Bank like NAB would have this as well. I think it is more of the case that they cannot divulge that information to you without police report/directions. So when they say they cannot see who opened or closed the account, it means they are not authorised to see it on their screen.

    I think your primary priority would be contacting the police again and tell them that you got live westpac account of the scammer and we might be able to catch them this time round where the account is still active and the money can still be traced? Maybe that would speed up the police actions if they know that they have a chance to catch them?

    All the best and i hope you get your money back!

  • +2

    Oh Sh^t! Mate like everyone else I am so sorry you have had this happen. I can only imagine the gut wrenching this is caused. Souinds like you have acted as quick as possible, contacted all the correct authorities and done all you can, now its up to the various organisations to co ordinate the investigations etc.

    This is the painful part, getting them all to talk to each other share info and come up with answers. Banks are the hardest to deal with as they are so secretive and always are in damage control mode, admitting nothing!

    As others have said if it were their 100k , they'd have found the hacker, had them charged and gaoled for life LOL

    But as its your hard earned they don't care
    Again time to reflect sit back and say to yourself, it will be fine, money will come back, just takes time

    Hope you are married and have someone to support you through all this

  • +1

    So sorry for you OP. Hope you get your money back and this stress can end soon for you.

  • FU scammer.

    Sorry for your story OP.

  • +3

    Asking for the stamp duty to be paid separately should of given you a hint somethings not right.

  • OP, very sorry to hear. Prayers for you to get back your hard-earned money.

  • +4

    I don't get it. I send $20 to a mates account, take 1-2 days for the funds to clear. You send $100,000, immediately reaches the other account :/

    • I send $20 to a mate's account, they have it within a few seconds from savings account to savings account, including on weekends. This is between CBA > CBA, Westpac > Westpac, CBA <> Westpac. I haven't tried the others.

      I also regularly send thousands (less than $10k) in single transactions between banks (e.g. CBA to Westpac) and it is at the other account within seconds. I press send and ask the other person to check at the same time, they can always see the amount appear in their account a moment later.

      I do presume larger amounts, like almost $100k, aren't instant, but i dont know for sure.

      • +1

        Most banks set conservative pay limits on customer accounts to begin with and this is even more so with regards to OSKO, since it has been implemented. I know of some banks that initially set the OSKO limit at $1,500 for all customers and then in time increased it to only $2,000 after becoming comfortable that the new system was not exposing its customers to increased rates of fraud and loss. I am a little surprised that the majors are permitting such large real-time transfers, unless you specifically asked for their usual payment limits to be increased permanently for your own accounts. I'd wager that the transfer of $100k was too large to be processed via OSKO and would have rather settled overnight.

    • Since Osko became a thing most major bank transfers are instant. Including at least tens of thousands.

      • Not in the first instance?

  • +2

    https://www.cyber.gov.au/acsc/report/are-you-a-victim-of-cyb...

    ok this one was a sophisticated scam, seems almost someone who knew either party. This isnt your typical scammer here.

    • +2

      Does smell like an inside job, doesn't it, Watson?

      • Unless hackers target the lawyer, with open access to their emails can do this, which ok can see this being done.

        However scammer had a NAB account, which means in Australia and had to supply ID to open that account. NAB should be able to easily look up owner of account.

        Either way still fishy

        • +1

          NAB should be able to easily look up owner of account.

          Unless the account was created with no ID….so all the fields would be empty….

    • Its really not, if you have access to one parties emails you can copy letterheads etc and send up an email with fake details.

      Dosent need an elaborate scheme to do so, though you need someone to get the funds and send it across which is probably a lot harder to do.

  • +1

    It pays to be paranoid.

  • +3

    These bottom feeder scums should be beheaded. Media might be able to help; current affairs comes to mind.

  • So sorry to hear that. Make sure you get your state's Police force cybercrime division involved. This is what they do.

    I'm currently going through a property purchase now so I can totally sympathise - there's e-mails flying around all day every day, it would be so easy for this to happen to anyone.

    I suspect my conveyancer may have had this happen to her at some point because her e-mail signature specifically states not to pay money into bank accounts unless the details come from her in writing - which makes me believe that this is a fairly common situation, not that it will make you feel better but you can at least know that many others have probably been targeted for this type of scam.

    Get the cops onto it and hopefully they'll track the b*stards down.

    • +1

      I suspect my conveyancer may have had this happen to her at some point because her e-mail signature specifically states not to pay money into bank accounts unless the details come from her in writing - which makes me believe that this is a fairly common situation

      The scam is well known in the property industry, which will be why it is on the email footer. A lot of firms have this, not because it has happened to them, but through an abundance of caution because of the potential high $$ value if the scam is successful.

  • +1

    You received the email directly from Conveyancer and you did what your were adviced to do. You need to go after Conveyancer for getting the money back. When you went to the police, you should have mentioned that Conveyancer instructed you to transfer the money and now he is refusing to accept responsibility.
    It's likely that the Conveyancer's mail was hacked. If you approach it this way and start blaming Conveyancer to reclaim the money, their insurance will prob. reimburse the amount because they will be protecting Conveyancer as per the policy terms.

    • +2

      The OP said this about the scammer: "They created a near identical email account".

      The email from the scammer wasn't from the same email account as their conveyancer. It was just that the OP unfortunately didn't notice, because it was so similar, until it was too late.

      • probably something like an "o" [orange] and 0 [the number 0]

  • Very sloppy practice by the conveyancer in any case, if the account to be paid into was not conveyed to the client in person early in the process.

  • +8

    Something is not adding up here.

    OSKO max limit is 30k.
    PayId is 10k.

    If OP has transfered money via bank transfer it wont process untill 6pm and most likely payment will flag up for security. Unless OP do lot of large amount of transfers on daily basis and didn't trigger any security alerts.

    100k stamp duty can buy a 2 million $ property.

    NAB do have the details. It is a must if not AUSTRAC can give them a big fine.

    • +1

      Osko and payId are the same thing I believe.
      But agreed that in any case CBA isn’t going to let you transfer $100k by internet banking without some sort of special process, or requiring you to go on branch.
      Even in osko CBA has a hold the first time you transfer to a new account.

      $100k is a lot of stamp duty- this should have rung alarm bells that it didn’t add up with property purchase price…

      • +1

        OSKO is the network, PayID is the ability to pay someone via Mobile number, Email, ABN etc on the OSKO Network.

      • I've sent $150 with payID and $150 standard transfer with CBA.

        Both times there was a 24 hours processing time..

        This is a standard thing for new accounts i was told over the phone when i called to ask them about it.
        They said they next time i send money to those SAVED accounts it should be much faster then 24 hours….

      • Maybe it gas changed but the had no problems transfering 100k from my cbza account last year without any special process ( apart from making sure my limit allowed it). Certainly didn't need a special process or to visit bank

  • -3

    Hey Mate
    Sorry to hear what you have been going through - 100K is a lot - Hopefully u recover the entire amount and the only suggestion I can give you - probably better to install a VPN on the computer and connect it every time before you do any financial transaction - I am 100% sure u will get your money back - the question here is when - it's pretty strange that when NAB does not have any ID - sounds sketchy and fishy - Might be an internal fraud too - never NO

      • +3

        how would a vpn have prevented this? apart from giving him another company with his details that can be hacked.

        FFS NordVPN was hacked…..

        • Is it so that every transaction you make can look like it was done from overseas and therefore your account got "hacked"?

          That's probably wrong haha cus that seems like it could get you in a lot of trouble if you said it wasn't you when it was infact you with a VPN.

          • @Castcore: geez this community is extremely harsh. Then explain it to the poor guy (and me) what went wrong instead of negging away.
            he's being kind and offering his view, which is much more then what the neggers can say for themselves.

            • +2

              @suchan: The question should be for YOU and OP to explain why you think a VPN would help.
              Because the basic understanding of a VPN seems to be lacking on multiple points. Otherwise default answer is to read VPN for Dummies.

  • I hate to say this but unfortunately I think that this could be a very expensive lesson in being very careful when doing bank transfers. As we all know, bank transfers are not reversible. Any scammer sophisticated enough to pull this off would have hidden the money by now. I think your only chance is if CBA or NAB takes pity on you and they agree to wear the loss, although it's hard to think they would since you typed in the account numbers and submitted the funds transfer yourself.

  • Good luck mate. I hope you get your money back :(

  • +18

    No advice unfortunately, but I just wanted to say that I am so so sorry to hear this, OP.
    Sending my love, condolences and good wishes.
    I felt sick just reading your post - I can’t even begin to imagine how you’re feeling right now :(
    I‘m sure you’re super busy trying to chase up all the relevant parties for updates and the like, but please please please don’t neglect your mental health and seek professional help if required.

    https://www.lifeline.org.au/crisis-chat/
    Lifeline: 13 11 14
    Beyond Blue: 1300 22 4636

    Hoping like hell that you get your money back! Hang in there OP!

  • +6

    They said the account was already closed and for some reason, they couldn't see any details in the system about who had opened or closed it (how is that possible?).

    The answer is that this is not possible. You need to go and see a lawyer immediately, who will be able to assist you in getting access to these documents (whether by pre-action discovery, subpoena or just making clear to NAB that this is what will happen if they don't play ball).

    Banks have legal obligations to keep this information for years. There is no way known that this information would not be available to NAB. Also, there is something extremely suspect about the account being closed so quickly - this process ordinarily takes time.

    If I were you, I would be very suspicious that someone with access to NAB's systems is involved. But regardless, NAB is your obvious first port of call here. Via a lawyer.

    Correspondingly, the fact that this person had details of your purchase (stamp duty etc) indicates that either you or your conveyancer, or possibly the other party's conveyancer, have been hacked. Either that, or this is someone in your life or the vendor's life who has done this to you.

    • +3

      NAB is your obvious first port of call here.

      There is no direct relationship between OP and NAB. NAB has zero obligation to OP. NAB's obligations are to protect the privacy of its customer and respond to queries by CBA and the police.

      • Incorrect. There is a direct relationship: NAB received funds which had been stolen from OP, albeit unknowingly. Also, NAB has in its possession the best evidence available to OP.

        Private parties get information from banks every day of the week through the courts. Not sure what state OP is in, but every state civil system has an equivalent process for seeking orders for pre-action discovery of documents or pre-action investigation. The civil subpoena process is similar. These orders are often made against parties (like NAB) who are not necessarily the wrongdoer but nevertheless have potentially relevant material in their possession.

        If you don't believe me go and sit down at court and watch a few civil matters, particularly in the callover list. You will see quite a number of orders made for banks to produce documents.

        • +1

          By your logic, I can deposit money into your account and claim that it is stolen which then gives me the right to call up your bank to get your personal details.

          • +4

            @capslock: You need to go through the court system to get bank to divulge information to you, in doing so, you need to provide affidavit to explain the reason for your request, if you lie, you would commit criminal offence.

          • @capslock: You appear to have reading comprehension issues.

        • If you have to go throught the courts to get information, wouldnt that be considered an indirect relationship?

          • -1

            @wyrmy: Legally, if A defrauds B and hands the money to C, C can potentially be directly liable to B depending on the circumstances. I'm not saying it sounds like that here, but it's not accurate to talk about a 'direct relationship' as though OP had any sort of deliberate 'direct reliationship' with the scammer either.

            And parties who have contracts, marriages, family relationships etc with each other still end up in court fighting over things like access to one another's documents every day of the week.

            All of which is irrelevant, because the point of my post at the top of this thread of comments was that NAB is the logical place to start getting information because OP (a) knows who they are and (b) can be sure they will have some information.

  • +7

    Last time I paid a conveyancer they insisted I send $100 as a first transfer. If the $100 successfully gets to them, save those details in your bank app. Only then send the full amount using those same details, ignore any emails with new account details. I know too late for yourself (feel for you), but may save someone else.

    • +1

      Totally recommend this tip, a Test transfer that you get a verbal or email confirmation on from the intended (correct) party. Proceed with a larger transfer only afterwards. I kind of follow this for my personal transactions too.

    • +2

      Normally I do $1 and see if it's the correct account
      Then do the larger amounts

      • +2

        one cent is better…

        • +2

          ING does the 1cent test. It’s definitely a good test.

        • +3

          Bank check made out to the person and hand delivered is best…. are people THAT cheap they don't want to pay the $15 FEE when buying a house?

          • +1

            @vid_ghost: apparently yes….this is ozb the place for tightarses, cheapasses and freeloaders after all…..

  • +3

    Really really common hack scam. Hackers often target conveyancers, law firms and real-estate agencies to pull stuff like this off.

    There is a very high likelihood that the Conveyancer's or your computer has been hacked.

    I would give your computer a good deep scan and change your password on your email if you haven't already.

    If you are on friendly terms with your conveyancer I would recommend for them to do the same.

    It just pisses me off that some (profanity) could get away with this and I really feel for you OP, best of luck

    • +1

      Go further then a deep clean, wipe the HD, and start fresh.

      • No amount of wiping will help if, as suggested, O365 systems were first compromised through phishing and then further exploited through hidden email rules and forwards.

    • There is a very high likelihood that the Conveyancer's

      more likely. Target with plenty of opportunity. How likely you are to hack an individual that so happens to make large purchases.

  • Similar happened to our company (well, accounts person like to click on cat video links in emails).

    The hacker transferred 25K from one of our business accounts to one of our rather small customers, someone that spends 1K / month with us. They then proceeded to send a fake email advising the customer that we accidentally deposited the money in their account, and if they can please send the money back, but they provide a different bank account. Luckily, our customer noticed the difference in accounts numbers, so they called us and we proceeded to freak the f*** out.

    Long story short, the bank froze our customer's account, and our account for 24 hrs, then took 10 days to transfer the money back.

    We also forwarded the scam email to the AFP, as we could see the hackers IP address on the original email, and it was someone in our state (WA)

    The account person now can't open any links.

    We have invested a lot in cybersecurity.

    This doesn't help you, but it can show that it happens all the time.

    • Ooh… did this hacker use the html script editing trick thing?

      • Have no idea, but the email look like it came from us, but old mate had really bad syntax and spelling, so that also tip our customer off.

        Our customer forwarded the email to us, then I used https://whatismyipaddress.com/trace-email and found out it was local. Sent this all to the AFP and they opened an investigation.

        • What happened after that?

  • +1

    Email is insecure by design. If you're using it to send bank details for large transfers the test deposit to test authenticity should be a few cents. Even if the "From" address was the same as the OP had used to communicate with the conveyancer it can be spoofed.

  • The goosebumps when you double checked the email address and realised what has happened. I would've probably passed out.

  • Man I really feel sad for you, I get upset loosing as little as 200$ but you lost $100,000.

    I really hope that scammer gets punished for the crime he tried to commit.

    It's so sad to also probably even think of that you might not be able to get the property you were trying to get, after loosing 100K.

    It takes ages to earn that much money, and you have lost it.

    I don't know what I'd have done in that scenario, honestly I'd be feeling so hopeless.

    But for the very least you'll be more careful in future.

    But I'd always make sure that bank I am sending money to is the intended recipient, by depositing like a tiny $1 or something amount before making the final deposit.

    And also make sure that any email I receive is from the intended domain i.e. means checking the email of person who sent you that email.

  • TBH as long as you were on this and reported it straight away I think you should be fine. It will take some time and delay settlement.

    I'd say most likely it was your conveyencer that was hacked over you. I work for an MSP and the amount of people that fall for fake email login phishing is crazy.

  • I can't see how this could have happened without bank negligence.

    • Blame the banks too for high house prices, obviously they have been forging our signatures and bidding at auctions pretending to be us.

  • I would also complain to the banking ombudsman as you picked up the problem quick smart and informed the receiving bank but they did nothing.

  • +1

    Shouldn't first time transfers be held for 24 hours?

  • +1

    Check did the hacker has hacked your email system or conveyancer email.
    Have you change your email PW yet? if not then he is still reading your email. Also ask conveyancer to change his email PW.
    If conveyancer email has been hacked then thier insurance company will pay for you loss.
    This has become very common nowadays and you have to be very careful when transferring money to anyone it would be better if you can call the company and ask thier bank account to confirm before transferring.

    The reason I love OZB is that its like a street school where people express their problem and we get some real good guides and advice where we become smart day by day for free and I thanks to them.

  • Wouldnt NAB have KYC'ed the hell out of every new signup these days?

    And also could it have been the conveyancer's email that got hacked instead of yours? if it's their account, maybe you can get covered under their insurance easier.

    • Wouldnt NAB have KYC'ed the hell out of every new signup these days?

      Probably money mule scam. Account sent to is a recruit who makes a few % transferring money offshore believing they have a real job.

  • +5

    This is NAB's fault. All banks have auto/bot checks on large transfers now. I went through a frozen bank account scenario, where the bank phoned the person and got all the relevant accounts frozen.

    NAB has always had serious security problems going back years amongst other things. The bank will have to cover this, so you'll get you money back just stay away from Court.

    • I agree. They could implement some very simple, completely automated checks to prevent this kind of thing happening.

    • It's actually CBA's fault for
      a) allowing such a large amount of money to be transferred out so easily from internet banking
      b) not calling up OP to ask if they were sure they really wanted to transfer such a large amount of money and warning OP about potential scams
      c) processing the transfer even though the account names didn't match (assuming the scammer didn't give out the real account name)

      • +1

        a) it is up to the customer to determine the amount they are willing to transfer online
        b) you expect them to real time call up and challenge internet bank transfers? they do tens of thousands a day more than this, the NPP allows instant transfers, how would that even work?
        c) account names mean nothing and a warning message should come up noting they are not matched, it is impossible for a sending bank to check the account name, they don't have this info when transferring to another bank. the only way this could work is for the receiving bank to do the check.

  • +1

    Good luck OP.

    Feel really sorry for you, I can see how you got scammed without being negligent.

    Unlike most of the Sob stories on OZB, this one I do give a crap about the OP.

  • +2

    ive lost money before so i know how u feel empty and cold inside. coz life equals time and the time you are alive on this earth, and you exchange your time to earn money, so by loosing money you have lost a piece of your life in essence. idk if this is suppose to make you feel better i know it wouldn't but hopefully it gets sorted. what you wana do here is play dumb when questioned if there is ever an interview.

  • The only way you are getting back that money is going to the A Current Affair. Bad publicity will surely make them take action. But damn that’s terrible of those scum.

  • -1

    NAB is really sloppy. If they read this thread then they shud buckle up. I think they want to renege on the issue as saying no or I don’t know is the easiest way out!

    Imagine they profits are in billions $.

  • The scammer attempted the same thing on us. They seem to somehow gain access to outlook accounts. They had a westpac BSB and I informed westpac's scam team but never heard back from them.

  • feck, i gotta do this in a month.

    • +6

      Walk into your bank and make a bank check made out to your layer/conveyancer .. pay the $15 fee… walk into the layer/conveyancers office and hand it to them.
      NO one can hack that…. You have the check slip (that you keep before handover) as proof of payment and if the check is lost the bank can cancel it and just make a new one.

      Doing anything else is a risk… even doing EFT at the bank is a risk because you could still have the wrong account details that you give the bank staff.

  • +2

    send me a message same thing happened to me last year i can give you some tips. thanks.

  • +4

    worked in IT for over 15 years and I can tell you this is very common

    • Hacker gets access to either email account. Most likely the sender. We noticed this a lot with outlook accounts ( office 365) based
    • Hacker will sit and watch emails and even divert copies using copy to me function
    • He will then wait for the right opportunity to send manipulated bank details on the right invoice
    • Once paid he will then wire the money out the same day and close the accounts

    Had it happen to a large law firm we did IT support for. Over 500k missing and they managed to recover only 200k
    Happened to a small business they lost 50k.

    On another note, NAB is a very shitty bank. If you're with NAB close your account and move to CBA.

    TIPS
    Always turn on 2FA on all your email accounts
    When making a payment in large amounts call the other party to confirm the bank details.

    Highly doubt you will get your money bank if its left the country but best of luck

    • So your advice is use cba?

      My advice is to hand in a bank cheque. When I bought a house, I handed a bank cheque to my solicitor. Even when I bought a car last year, I got a bank cheque.

      Incidentally i use NAB. There is nothing special about CBA makes their bank cheque better than NAB

      • My advice is to hand in a bank cheque. When I bought a house, I handed a bank cheque to my solicitor. Even when I bought a car last year, I got a bank cheque.

        Best advice so far.
        Ensure cheque is non-negotiable and account payee only.