iTnews

Home buyer funds hit in phone porting scam

By Brett Winterford on Nov 9, 2012 2:39AM
Home buyer funds hit in phone porting scam

Real estate trusts targeted.

Australia’s banks and telcos have failed to prevent fraudsters from using phone porting to siphon funds from compromised bank accounts.

As first explored in an investigation in SC Magazine, cybercriminals have developed simple social engineering techniques to take control of the mobile phones of online banking users whose credentials have earlier been captured by key loggers and other malware.

With only a few phone calls to a victim’s workplace or home address, a fraudster can gain enough information (date of birth and mobile phone number) to port a victim’s mobile phone number to a new SIM device and intercept one-time passwords sent via SMS for online banking sessions.

Several new cases in Western Australia suggest that fraudsters have discovered a new form of target.

Alison Buckett*, a real estate agent in Perth, is among the victims.

Buckett was a Commonwealth Bank customer and Optus mobile customer, and runs a settlement agent/conveyancing business for property buyers.

At the beginning of October, Buckett received an email notification from the CBA to provide receipt of a transaction of over $19,000 to an unfamiliar account registered in Queensland. She immediately called CBA and was put through to the NetBank Security division, which froze her funds pending a fraud investigation.

The next morning, Buckett felt obliged to report the incident to the Western Australian Board of Commerce, which regulates her industry. Whilst the loss of $19,000 to any small business is likely to harm their cash flow, settlement agents are particularly vulnerable as they hold funds in their accounts for customers that have paid a deposit on a property but not yet settled.

“The position of the Department of Commerce states that if there is any deficit in your trust account, you have to put it in yourself," Buckett told iTnews.

"So I had to stick $20,000 of my own money in the trust account. You can imagine how nerve-wracking that is, knowing that money had been stolen from that account. If it had been $100,000 stolen from that trust account, I’d be out of business.”

It was at least 12 hours before Buckett attempted to use her mobile phone and realised that her number had been ported to another device. It also clicked that she had never received the CommBank NetCode SMS for the fraudulent transaction.

One week later, after numerous phone calls,she finally managed to reconnect with the Commonwealth Bank’s fraud team, who assured her that the money would be refunded into her account.

Stress

Buckett said the “inconvenience and stress” of the incident cost her one week’s work, and the process of getting the phone number from the fraudster (who ported it onto a SIM on the Lebara network – an international MVNO that uses Vodafone’s network in Australia) back onto her Optus device has taken closer to a month.

She fears that small businesses – who advertise their mobile numbers widely and do not tend to invest in IT security – are prime targets for such scams.

“My IT guy has conducted a thorough investigation, we expect the online banking session was hijacked by a small keystroke virus or something similar,” she said.

“I guess I am fair prey – I am a one-man band. My mobile number is on all my business cards and letterheads. I reckon 10,000 people could figure out my date of birth and mobile phone number.

“CommBank encouraged me to go onto NetBank, and I love it, I find it hard to deal without. They assured me the SMS code was very, very secure.”

SC Magazine was told by telcos earlier this year that customers could call to have additional questions added before a number is ported. But the telcos appear never to have implemented this process.

“What I have learned is that there is no guarantee a perpetrator couldn’t port my mobile number out again,” Buckett said. “There are no added security options to prevent it being re-ported again.”

Buckett learned that CommBank offers OTP tokens as an additional security measure, but mostly for its largest customers. “They told me – we don’t advertise that they are available, you won’t get one unless you ask.”

Stay tuned for Part II of this story tomorrow: can Australia's banks and telcos tackle the problem?

* The name of the victim has been changed to protect her privacy.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cba commbank fraud lebara mnp phone porting scam security

Partner Content

Australian data sovereignty and protection concerns increase
Promoted Content Australian data sovereignty and protection concerns increase
A 360° view of the cost of data breaches in Australia and how to mitigate them
Promoted Content A 360° view of the cost of data breaches in Australia and how to mitigate them
Why efficient data sharing is vital for effective emergency management
Promoted Content Why efficient data sharing is vital for effective emergency management
Why simplicity is the winning formula for CX success
Promoted Content Why simplicity is the winning formula for CX success

Sponsored Whitepapers

The ultimate guide to customer IAM
The ultimate guide to customer IAM
Communicating cyber security in a language the Board understands
Communicating cyber security in a language the Board understands
10 questions to ask before you select a Network Performance Management tool
10 questions to ask before you select a Network Performance Management tool
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Unlock faster time-to-revenue using Adobe digital document processes
Unlock faster time-to-revenue using Adobe digital document processes

Events

  • SAP e'ffect 2021
By Brett Winterford
Nov 9 2012
2:39AM
0 Comments

Related Articles

  • CBA sets up Group Security division to bridge physical, infosec domains
  • CBA to embed a 'TISO' into each of its platform teams
  • BOQ tries to pin BEC blame on a branch manager
  • CBA rolls out digital lending product in partnership with fintech Waddle
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Aussie Broadband watches its NBN excess bandwidth bill climb

Aussie Broadband watches its NBN excess bandwidth bill climb
Services Australia to launch myGov mobile app in December

Services Australia to launch myGov mobile app in December
Gov pressed to end reliance on IT contractors, fill APS "capability gap"

Gov pressed to end reliance on IT contractors, fill APS "capability gap"
Aussie Broadband in talks to buy Over The Wire

Aussie Broadband in talks to buy Over The Wire

Digital Nation

Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
"Kill all you see." The tragic, real world consequences of Facebook’s algorithms
"Kill all you see." The tragic, real world consequences of Facebook’s algorithms
Case Study: Digitalisation bolstered Country Road's response to pandemic disruption
Case Study: Digitalisation bolstered Country Road's response to pandemic disruption
Investors like the appeal of Quantum computing, but reward comes with risk
Investors like the appeal of Quantum computing, but reward comes with risk
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.