An Auckland woman almost lost a deposit for her first home after scammers posed as her lawyers by using detailed information to trick her.
It’s an example of the type of sophisticated email impersonation scams Netsafe says are becoming increasingly complex.
Auckland woman Anna Strong was told by scammers to transfer her $41,000 deposit into an intermediary account late last year and, by the time she realised something was wrong — and that it wasn’t her lawyers’ account — it was too late.
“I don’t think I’ve ever felt such a gut-punch moment,” she said.
Looking back through her emails, she found just two signs the scam emails were fake.
All correspondence with her lawyers contained the word “purchase” in the subject line, while emails from the scammers did not.
There was also a difference in email addresses that could be easily missed
“Say it was mylawyer@theircompany.com — it became mylawyer.theircompany@outlook.com.”
Strong said she was shocked at how detailed the scam was and the level of information the perpetrators had obtained.
“They had my lot number, they knew where it was, they knew what stage in finances I was at.”
However, the funds were returned to Strong six weeks after they were transferred.
She called her bank.
“By some miracle, they were able to track down who they were and reserve the money.”
She said her lawyers were “just as much a victim” in the scam as she was.
“Having connected with the police, a lot of these different, really sophisticated scams — especially within house buying — come to light.”
Netsafe chief online safety officer Sean Lyons said compromising someone’s email — or spoofing — was a type of scam that had been around for some time but the level of sophistication was “astounding”.
“The scammers managed to access a pretty astounding amount of information from the company that she was dealing with: same name, same signatures on the emails, same phone numbers.”
He said the best advice was to “stop and breathe” when dealing with large amounts of money.
“Go back when something doesn’t feel right, or you’re being asked to do something of this scale,” Lyons said.
“Take a few extra minutes to contact the company — not by the numbers that you’ve received on what might turn out to be a fake email — but get in touch with the company directly, ask them, query them.
“Did this come from you? Have you made a change? Where should I be sending this money?
“No business will mind you taking those few extra minutes to delay a process in order to come clear, and it may save you from an awful lot of heartache and pain down the track.”
Police said it was notified of the incident on December 6, through an online report.
“The matter was investigated and as the fraud was committed offshore, we are unfortunately unable to make an arrest and hold the offenders to account,” a spokesperson said.
Overseas-based offending, particularly online scamming or phishing as purported legitimate organisations held “significant challenges” to investigate and resolve.
“The relevant banks are in the best position to intervene and recover money before it is transferred to another country multiple times and lost.”
