24 October Cybercrime: It could happen to you October 24, 2017 By Reef Admin General 0 Imagine this. You sit down at your computer to transfer some money from your agency's trust account. But once you're logged in, you see money disappearing from the account before your very eyes. Think it could never happen to you? Think again. This is exactly what happened recently to the experienced Principal of a respected Sydney agency. The victim of a sophisticated cybercrime that saw almost $760,000 stolen from their trust account, they’re warning others that it could happen to them. The money was stolen over the course of five fraudulent transactions – and the Principal witnessed one of the transactions being processed and approved via their online banking portal. How it happened It was normal practice for the Principal to use a security USB device to access their bank accounts online. On the day of the theft, they logged in as usual and received a message saying that the website was offline for maintenance, so they logged out. A few hours later, they logged in again only to receive the same message. Thinking this was a bit unusual, the Principal checked with their accounts team to see if they were having the same problem accessing the online banking portal. Someone in the accounts team logged into the portal and, to their absolute horror, discovered that almost $760,000 had been removed from the trust account in ve unauthorised transactions. The Principal immediately called the bank, but they weren’t able to stop the transactions. Fortunately the agency has been able to recover all but one of the payments, leaving a shortfall of $80,000. It seems the hackers gained access to the agency’s trust account via the Principal’s earlier attempt to login to the online banking portal. The perpetrator has been identified as a 19-year-old Estonian national with a valid Australian visa. There is a warrant out for his arrest and two accomplices are in police custody. A growing problem According to the Principal, all agencies need to be more aware of cybercrime, and have systems and checks in place to protect themselves. “I’ve been a Principal for more than 20 years and I’m always thorough and careful,” the Principal said. “It’s important for all agencies to be more aware of cybercrime and check the systems they have in place to protect themselves, because this type of crime is growing exponentially. “It’s terrifying what hackers can do and the level of sophistication is incredibly high.” The Principal of the agency has this advice to offer others: No same day transfers. Make sure your internet banking doesn’t have Real Time Gross Settlement (RTGS), which allows for same day transfer to another bank with transactions settled as soon as they’re processed. RTGS means money can be transferred and withdrawn within a very short space of time, rather than overnight. Dual authorisation. Never allow the same person to both create and authorise a payment. You should always require two authorisations for payments made by your agency. Check transfers. Always carefully check transfers before authorising them. No USBs. Don’t use a USB to access your internet banking portal as they can be easily compromised. Protect yourself. Don’t rely on the bank to protect you or put appropriate safety systems in place. Do your own due diligence and ask questions of your bank about cybercrime prevention. Have cyber insurance. While it won’t protect your agency from an attack, cyber insurance could be the difference between keeping the doors open or shutting up shop for good. If you’re unsure about the level of coverage you need, talk to an insurance broker. They can help you understand your business’s cyber risks and identify the best cyber insurance product to suit your needs. Related A message from the CEO: What's happening at REEF It's hard to believe we're halfway through the year. What started as a busy year shows no sign of slowing down. Here's just a few things we've been focused on. How to curb cybercrime Fraud. It’s a prospect that strikes fear into the hearts and minds of agency owners. But there are steps you can take to mitigate your agency’s exposure to the risk of fraud. Taking a pregnant pause: Unlawful termination due to pregnancy A recent court decision found that a real estate agency unlawfully terminated an employee on the final day of her probation period because she was pregnant and had taken personal and annual leave. Coronavirus - Employment Q&As (part 1) The REEF Helpline has been inundated with calls regarding the Coronavirus and its impact on employment. To address some of your questions, please take the time to read the following essential information. Keep calm and carry on: Don't make decisions based on emotion An agency has snatched defeat from the jaws of victor after making an emotional decision to dismiss an employee via text message, despite the employee already facing the prospect of redundancy. Protecting confidential information from employee theft As agencies have come to rely more and more on technology, there's been an increase in employees taking important and confidential business information. Comments are closed.