You hear about it every day, scammers attempting to fleece innocent Australians out of their hard earned money. Unfortunately, it is an all
too common story that FortiTech encounters across businesses and individuals, this is one such story, which, at the time of publication,
does not have a happy ending and has instead left a couple close to retirement age needing to recover over $230,000 of stolen funds.
A very bad day
It was a sad irony that on Friday the 13th of all days, FortiTech received a call from an accountant who had recently
attended David's Cyber
Security talk
with the Institute of Public Accountants. They were ringing on behalf of one of their long standing clients the owners of a small
construction business, who had just tearfully revealed to him that they had been the victims of a phone confidence scam, losing
hundred of thousands of dollars. They needed help and fast.
Information on what and how it had happened was patchy, but as with all cyber security breaches and crimes time was of the absolute essence, we needed to secure their computer and assess the situation as quickly as possible.
David reached the couples home within the hour and such was the state of mistrust that the couple had in strangers by this point, there was a pre-arranged codeword that David needed to give them when he arrived so that they knew he was genuine. Whilst it sounds very cloak and dagger, it gives measure to the level of impact the situation the couple had found themselves in.
Modus Operandi
The story the couple told upon David arrival was of a typical phone scam that started on a Sunday afternoon with a call to the couple's
house phone claiming to be from the couples bank letting them know that their accounts had been compromised and they needed to move the
funds out of their account for safe keeping. It is a classic scam similar to the likes of one used on an
elderly Hong Kong woman who lost close to $50 million.
Initially the couple refused and hung up on the call, but the scammers persisted, calling back day after day, even managing to convince the couple to install remote access software on their computer, which the scammers then used to access the device and look through emails and files.
Eventually the couple were convinced to make cash deposits into multiple bank accounts over the next few weeks, the scammers became more and more brazen, they had managed to get the couple to withdraw cash from a line of credit account and deposit it into multiple accounts the scammers had control of, this happened not once, but 10 times over the course of a month. Not only that, there were at least 6 Bitcoin purchases and transfers made using the couple's credit card.
The scammers became familiar with the couple, using coercion to get them to continue depositing money into accounts, until one day it became too much and the couple finally reached out to their accountant seeking help, which is where FortiTech came in.
Damage repair
Knowing that remote access software had been installed on the couple's computer David set about isolating and securing the device,
removing the offending software and running scans for malware, viruses and keyloggers.
The computer did not have any existing endpoint protection software installed, which may have been able to prevent some of the nefarious software from being used. As part of the remediation they now have anti-malware and endpoint protection software installed which scanning files and programs real-time to protect their computer since it is the main tool they use for running their business.
Next was to sit with the couple and document which transfers and transactions had occurred and start to log calls with the couple's banks, AUSTRAC, ReportCyber, Scamwatch, IDCare and of course the Police to name a few to ensure that the bank accounts used were flagged, credit cards cancelled and as much information as possible was passed to the relevant authorities to build a case against the scammers. Sadly, in situations like these the scammers are often overseas based and using other people's bank accounts to transfer large sums of money from one to the other to avoid detection and the chances of catching them are very low.
Over the month long period the couple transferred over $230,000 to the scammers in cash and Bitcoin.Because the cash transactions were in breach of their banks policy they have been told that they have no recourse to recover the funds. The bitcoin transactions are still being disputed with their credit card provider and again, aren't looking likely to be recovered, however we are still helping the couple explore every legal avenue to try and get back some of their money.
What should you do?
Whilst you can set
up security measures to protect your business technology human error and confidence scams can and do still occur.
The best thing you can do in this type of situation is to come forward, before it gets even worse.
Victims of phone confidence scams, particularly elderly victims, often have little in the way of support or knowledge of how to spot a scam
and can unfortunately be convinced to do things they would not normally do and the stigma associated with being scammed can prevent them
from coming forward and getting help.
A cybercrime or cyber security incident can cause financial and reputational damage, disrupt business and essential services, and result in
further or ongoing malicious activity to an organisation or individual. While the costs of impacts are difficult to quantify, the costs of
remediation for a cybercrime or cyber security incident can be far greater than early and ongoing investment in prevention.
FortiTech are always here to provide support both to protect your business technology and to help you should you unfortunately fall victim to a scam, as we mentioned before, time is absolutely critical so please get in touch with us on 1300 778 078 straightaway so we can help get you back in business .