Crime Files Network

Archive for the ‘ID THEFT’ Category

bleeding heart red on black image

Lonely and unfamiliar with the world of internet dating, Peter* was “just looking for a nice lady” when an attractive woman introduced herself via an online dating site.

“She sounded genuine and the photos looked good. I thought everything was alright – the way she spoke, the things she used to say,” says the 66-year-old pensioner and retired tyre-fitter from Dubbo.

The pair exchanged phone numbers and spoke nearly every day. A few weeks later, the woman began asking for money.

“It started off, could I lend her $500? … She had me believe there was going to be a relationship and she was going to move in here with me,” he says. “It ended up to about $9500.”

Peter is one of thousands of Australians whom fraudsters have left not just broken-hearted, but also broke.

Nearly one-third of the $90 million swindled from Australians last year was swiped from people searching for love, a new report into targeting scams shows.

Dating and romance-related fraud netted $25.2 million last year, up 8 per cent on the previous year, making it the top scam by total losses, according to the latest report by the Australian Competition and Consumer Commission.

Romance-related scams also yielded some of the highest returns per victim, accounting for nearly 30 per cent of money lost but only 3 per cent of reported scams. Those who fell for romance-related scams lost an average of $21,200 each – more than three times the $7000 average loss across all reported scams.

ACCC deputy chairwoman Delia Rickard said relationship scams caused the most emotional and economic harm to victims, with fraudsters investing substantial effort into researching their victims.

“They’re very good at tapping into people’s emotions. They will spend weeks, months, even years, really building a trust relationship,” she said.

That an increasing number of people are meeting genuine partners online has made others more vulnerable to victimisation through internet dating sites. She said the ACCC was working with dating and romance sites to implement proper security.

“People want to find love … and a lot of people are in a very vulnerable state when they do fall for [these scams]. We often see that people are recently divorced, recently widowed, lonely.”

She said that many fraudsters combined strategies such as romance and business opportunity scams or advance fee fraud and identity theft. “They’ll get personal information or bank account information that will enable them to commit further fraud down the line.”

Advanced fee/upfront payment schemes reaped the second biggest cash haul, with just under $25 million pinched last year. This was followed by computer prediction software and investment scams.

Phishing and identity theft showed the largest increase in number, leaping 73 per cent from 2012 to become the second-most common type of scam.

People were most likely to fall for health and medical scams, with more than one in two people reporting this kind of scam losing money. Online shopping and psychic/clairvoyant schemes were the next most convincing, according to the report.

One in three victims lost between $100 and $499, suggesting scammers continued to favour high-volume scams such as those asking victims for a small upfront payment to secure a larger sum of money “owed” to them by an organisation.

One in 10 lost more than $10,000. Only two of losses more than $1 million were reported to the consumer watchdog last year, with losses of several million dollars linked to sports betting schemes.

More than 91,000 complaints were made to the consumer watchdog last year, a four-fold increase from 2009. In a positive sign however, scammers raked in 5 per cent less money than the year before, although the ACCC said many scams go unreported.

The most recent Australian Bureau of Statistics personal fraud survey estimates Australians lost $1.4 billion to fraud – more than 15 times the loss reported to the ACCC last year.

* Name changed

Top 5 ways to identify scammers online

You’ve never met or seen them: Scammers will say anything to avoid a face-to-face meeting, whether in person or over the internet via a video chat.

They’re not who they appear to be: Scammers steal photos and profiles from real people to create an appealing facade. Run a Google Image search on photos and search words in their description to check if they are the real deal.

They ask to chat with you privately: Scammers will try to move the conversation away from the scrutiny of community platforms.

You don’t know a lot about them: Scammers are keen to get to know you as much as possible but are less forthcoming about themselves.

They ask you for money: Don’t fall for a tall tale, no matter how plausible it sounds.



Two men arrested in Macau for allegedly planting malware on local ATMs (shown with equipment reportedly seized from their hotel room). Photo KrebsOnSecurity image

A recent skimming attack in which thieves used a specialised device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come.

Authorities in the Chinese territory of Macau, last week announced the arrest of two Ukrainian men accused of participating in a skimming ring that stole approximately $100,000 from at least seven ATMs.

Local police said the men insert a device that was connected to a small laptop into the card acceptance slot on the ATMs. Armed with this toolset, the authorities said, the men were able to install malware capable of siphoning the customer’s card data and PINs. The device appears to be a rigid green circuit board that is approximately four or five times the length of an ATM card.

According to Hong Kong press reports (and supplemented by an interview with an employee at one of the local banks who asked not to be named), the insertion of the circuit board caused the software running on the ATMs to crash, temporarily leaving the cash machine with a black, empty screen. The thieves would then remove the device. Soon after, the machine would restart, and begin recording the card and PINs entered by customers who used the compromised machines.

The Macau government alleges that the accused would return a few days after infecting the ATMs to collect the stolen card numbers and PINs. To do this, the thieves would reinsert the specialised chip card to retrieve the purloined data, and then a separate chip card to destroy evidence of the malware.

ATM attacks that leverage external, physical access to install malware aren’t exactly new, but they’re far less common than skimming devices that are made to be affixed to the cash machine for the duration of the theft. It’s not clear how the malware was delivered in this case, but in previous attacks thieves have been able to connect directly to a USB port somewhere inside the ATMs.

Late last year, a pair of researchers at the Chaos Communication Congress (CCC) conference in Germany detailed a malware attack that drained ATMs at unnamed banks in Europe. In that case, the crooks cut a chunk out of the ATM’s chassis to expose its USB port, and then inserted a USB stick loaded with malware. The thieves would then replace the cut-out piece of chassis and come back a few days later, and enter a 12-digit code that launched a special interface that displayed the amount of money available in each denomination — along with options for dispensing each kind.

In December 2012, I wrote about an attack in Brazil in which thieves swapped an ATM’s USB-based security camera with a portable keyboard that let them hack the cash machine. In that attack, the crook caused a reboot of the ATM software by punching in a special combination of keys. The thieves then were able to reboot into a custom version of Debian Linux designed to troubleshoot locked or corrupted ATM equipment.




May 20 – A Romanian hacker serving a prison term for manipulating automated teller machines (ATMs) says he has invented a device that can make the world’s cash dispensers impregnable even to tech-savvy criminals.




Hamza Bendelladj of Algeria, centre, a suspect on the US Federal Bureau of Investigation’s top 10 wanted list for allegedly hacking private accounts in 217 banks and financial companies worldwide, is escorted by Thai police officers in Bangkok on January 7, 2013. Photo: Bloomberg
An Algerian national who is allegedly part of the cybercrime consortium behind a powerful hacking software known as SpyEye appeared in an Atlanta courtroom in the US after a three-year manhunt ended with his extradition from Thailand.

Hamza Bendelladj, known for years in underground computer forums simply as Bx1, was accused in a 23-count indictment of crimes including computer and bank fraud. The charges, unsealed yesterday, stem from his role in selling and supporting customised components for SpyEye, a banking Trojan that allows hackers to hijack victims’ bank accounts as they logged on from their own computers.

“Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes,” US Attorney Sally Quillian Yates in Atlanta said in a statement before his arraignment.

SpyEye, which can be purchased for as little as $US2000 in the underground, helped turn hacking into an easy and lucrative occupation and drove a cybercrime boom that has drained tens of millions of dollars from bank accounts in the US and Europe, according to Brett Stone-Gross, a security expert at Dell SecureWorks in Atlanta.

The use of SpyEye has fallen off in the past year as law enforcement operations against the group have intensified, Stone-Gross said in an e-mail.


Thailand arrest

Bendelladj, 24, was extradited from Thailand at the request of US authorities after his arrest there on January 5. Wearing a dress shirt and black athletic pants, he smiled frequently and chatted in the courtroom. He said he didn’t need an interpreter because he spoke fluent English.

Bendelladj was unable to enter a plea because his attorney, Damian Martinez, hasn’t been approved yet to practice in Georgia. Martinez said after the hearing that his client would plead not guilty when he returns to court next week.

Prosecutors said Bendelladj is a flight risk and requested that he be held without bail.

Bendelladj, who according to the indictment also helped support hacking operations by providing servers to control the hijacked computers, is a close associate of SpyEye’s creator, a shadowy hacker known by the nickname ‘gribodemon,’ according to security experts who helped track the group.

One expert who aided in the investigation said that Bendelladj’s real identity was uncovered through a series of mistakes made by the hacker, including the use of two email addresses that led to his Facebook account. The researcher recorded a 2011 conversation with Bendelladj in Asia, which helped the FBI confirm his identity. The security expert asked not to be named because Bendelladj’s associates are still at large.


Enhanced effectiveness

Prosecutors allege that Bendelladj sold the SpyEye hacking software as well as designed modules that enhanced its effectiveness

The software can be customised to get around the security of specific banks’ websites. Once a computer is infected with SpyEye, hackers can use it to take over online banking sessions and transfer money to accounts they control. It can also be programmed to automatically steal passwords to e-commerce sites and scrape credit card numbers and expiration dates.


The thief that is Nigerian-born Tobechi Onwuhara scammer image

He owned a hip hop record label and he lived the high life of luxury hotels, gambling, strippers and bling. But behind the glitz and the glamour Tobechi Enyinna Onwuhara was one of the FBI’s most wanted men, allegedly a fraudster who scammed at least $44 million through cyber crimes.

But the sophisticated con artist, who fled Florida in August 2008 amid an intense FBI investigation, has been caught in Sydney and sent back to the US to face a string of fraud charges.

Nigerian-born Tobechi Onwuhara, 33, was “provisionally arrested in response to a request from the United States Government” in December last year, according to a spokeswoman for the Australian Attorney-General’s department.

A spokeswoman for the AG’s department said Mr Onwuhara is to face prosecution in the US for fraud related offences, including identity fraud and computer fraud.

“On January 29, the Minister for Justice [Jason Clare] made a determination to surrender Mr Onwuhara to the US.

“As a matter of long standing practice, the Australian government does not comment on operational matters,” she said.

Fairfax Media understands Mr Onwuhara had been living it up in Sydney after disappearing in August 2008.

The FBI’s website now lists Mr Onwuhara as captured, but with scant detail of the arrest. They were offering a $25,000 reward for information leading to his arrest.

The source who tipped off Fairfax said Mr Onwuhara had been making regular trips to The Star casino as well as splashing cash at numerous popular nightclubs.

“He would bet at the Star under a different name, he was a regular, then one day he just disappeared and someone told us he wanted by the FBI,” a source said.

A spokeswoman for Echo entertainment, owner of The Star, did not return calls and emails. The US Consulate in Sydney also did not return calls.

An Australian Federal Police spokesman confirmed the AFP arrested Mr Onwuhara.

According to the FBI’s most wanted list. Mr Onwuhara is wanted for his alleged involvement in an elaborate scheme that defrauded the financial industry out of tens of millions of dollars.

“Onwuhara is a key member of a group of Nigerians who allegedly have been conducting fraudulent banking activities from Florida and Texas, since 2005,” the FBI’s most wanted website states.

“It is alleged that the group has been using online internet databases to steal victims’ identities.

“Once acquired, they allegedly use the victims’ information to gain access to the victims’ ‘Home Equity Line of Credit’ accounts and wire transfer the money to accounts mainly located overseas, some in the United States.”

Some of Onwuhara’s alleged co-conspirators have been arrested, inside and outside of the United States, the FBI’s website states.

Onwuhara was charged federally with conspiracy to commit bank fraud, and a federal warrant was issued for his arrest by the US District Court, Eastern District of Virginia, on August 1, 2008.
PCShowbuzz -> Proven on MSN/Yahoo. Top conversions


FBI Investigators and aided by Facebook, have busted an international criminal ring that infected 11 million computers  worldwide and caused more than $US850 million ($A806m) in total losses in one of the largest cyber crime hauls in history.
Telegram Stop

The FBI, working in concert with the world’s largest social network and several international law enforcement agencies, arrested 10 people it says infected computers with “Yahos” malicious software, then stole credit card, bank and other personal information.

Facebook’s security team assisted the FBI after “Yahos” targeted its users from 2010 to October 2012, the US federal agency said in a statement on its website. The social network helped identify the criminals and spot affected accounts, it said.

Its “security systems were able to detect infected accounts and provide tools to remove these threats”, the FBI said.

According to the agency, which worked also with the US Department of Justice, the accused hackers employed the “Butterfly Botnet”. Botnets are networks of compromised series of computers that can be used in a variety of cyber attacks on personal computers.

The FBI said it nabbed 10 people from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States, executed numerous search warrants and conducted a raft of interviews.

It estimated the total losses from their activities at more than $US850 million, without going into details.

Hard data is tough to come by, but experts say & we see it everywhere that cyber crime is on the rise around the world as PC and mobile computing become more prevalent and as more and more financial transactions shift online, leaving law enforcement, cyber security professionals and targeted corporations increasingly hard-pressed to recognize  and ward off attacks.

Identity Direct - Personalised Gifts For Children.

Sourced & published by Henry Sapiecha



Metrolinedirect - Where America Buys Phone Systems

MOBILE phones and social networking sites have become a new battleground for cyber criminals who are stealing passwords and personal information by taking advantage of people’s ignorance.

Some people are very good at protecting themselves from email fraud and spam but that is ”so five to seven years ago”, said a cyber security expert who warns that criminals have shifted their gaze to mobile and social networking fraud.

About 5.4 million people were victims of cyber crime in Australia in the past year, costing the country $1.65 billion in direct financial loss, says the cyber crime report for the internet security company Norton, released yesterday.

While 93 per cent of the 13,000 global survey respondents said they delete unsolicited emails and 89 per cent said they do not open suspicious attachments from people they do not know, the majority had no idea about new threats, Norton’s vice-president of Asia-Pacific operations, David Freer, said. Telephone service for Home and Business users

”The good news is that people are more aware of email threats but that’s five to seven years ago,” he said. ”The bad news is that’s the old way of being attacked.”

He said cyber criminals have ”moved to where the people are” and are increasingly targeting mobile phone and social networking sites where users are less aware of the risks.

One in five Australian mobile users has received a text message from someone they don’t know requesting that they click on a link or dial an unknown number to retrieve a ”voicemail” and one third of social network users have been targeted by a cyber criminal.

Yet 51 per cent of social network users and 81 per cent of mobile phone users had no security settings. And most people had no idea what a virus or cyber attack would look like.

”Malware and viruses used to wreak obvious havoc on your computer,” a safety advocate for Norton, Marian Merritt, said.

Vodafone Australia - Mobile Phones, Tablets and Internet

”You’d get a blue screen, or your computer would crash, alerting you to an infection. But cyber criminals’ methods have evolved. They want to avoid detection as long as possible … Nearly half of internet users believe that unless their computer crashes or malfunctions, they’re not 100 per cent sure they’ve fallen victim to any such attack.”

Common forms of new cyber crime are people hacking into social networking profiles, infecting a computer with a virus sent through a dodgy link shared on a social networking profile, or sending a text message to a mobile phone with a dangerous link or voicemail message.

The most valuable piece of information for a cyber criminal was the password, Mr Freer said, as well as personal information that can be used to commit identity fraud.

The assistant commissioner of NSW Fair Trading, Rob Vellar, said instances of fraud increase when the economy worsens. In the past two years, fraud in NSW has risen by 5 per cent.

The average cyber crime victim lost $200, costing the population more than $1.65 billion in the past year.
Vodafone Australia - Mobile Phones, Tablets and Internet


After Perth homes were sold without the owners’ consent in an unprecedented scam that shocked the real estate landscape, it triggered the largest ever overhaul of the state’s property industry. Further incidents have since been foiled after stringent new measures were brought in late last year. But property owners face a new risk, with potentially the same scammers devising a new con, this time targeting rental income. Courtney Trenwith spoke to the WA Police fraud squad detective leading the investigation, which has branched out into China and Nigeria.

Detective Senior Sergeant Robert Martin had spent more than a year trying to solve the puzzle of who managed to fraudulently sell two Perth houses, and how, when a similar but new crime came across his desk in December.

A real estate agent, who had undergone new training in how to identify fraud as a result of the industry overhaul, was sceptical about an email they received requesting to have rental payments from a particular property redirected to a new bank account.

Sniffing out anew scam ... Detective Robert Martin form the Major Fraud Squad.
Sniffing out anew scam … Detective Robert Martin form the Major Fraud Squad.

Mr Martin immediately identified it as a new scam and added it to his investigation.

It is one of dozens of documents that have been brought to his attention by evermore alert real estate agents, desperate not to become the third victim in a scheme that has been extremely embarrassing for the industry.

The suspect email was traced to the Nigerian capital, Lagos – the same city from where the two fraudulent sales were conducted.

Scammed ... Roger Mildenhall.
Scammed … Roger Mildenhall. Photo: ABC

However, without any further information Mr Martin cannot be sure it is also the work of the original scammers.

The number of successful and unsuccessful fraud incidents has sparked property industries across the country to request his help to secure their sectors.

An unprecedented mystery

Mr Martin has never dedicated so much time to one matter in his eight years as a senior fraud investigator, such was the impact of the fraudulent sale of two Perth houses in September, 2010 and about April, 2011.

Hundreds of people who had bought properties in recent times were put on notice that they too could be unsuspecting victims, while the government’s state titles registrar, Landgate, re-examined every property transaction during the time period.

Real estate agents, settlement agents, conveyancers and Landgate employees were all put under scrutiny and forced to adopt stringent new security measures and processes to prevent yet another mistake.

Not to mention the victims: Roger Mildenhall, who lost his $400,000 Karrinyup house, and the anonymous, now former, owner of the second property in Ballajura.

Under WA law, the properties remain with the new owners.

Both victims are still negotiating compensation.

Mr Martin would not describe the scam as elaborate, instead highlighting the poor safe guards the industry had at the time.

“It was an opportunistic scheme and it caught the property industry … off guard,” Mr Martin said.

“Both matters [have been] my highest priority, not only because of the value [of the properties] but because of the public interest and the impact that it had on the community.”

He has managed to trace the crimes back to a self-funded tertiary college in Lagos.

In both cases, the offenders used the college as the mailing address for documents that needed to be signed to process the sales.

“It’s likely that the offender or offenders are the same … because they used the same street address as their mailing address in both cases,” Mr Martin said.

However, the computers used to send emails to the real estate agent requesting to sell the properties were different and may not be located at the college, leaving open a significant gap in the investigation.

“Whether it’s a person from [the college], who knows,” Mr Martin said.

“Whether the college has anything to do with it, we don’t know.”

The second victim was living in Nigeria when his investment property was sold without his knowledge. He only discovered the crime when he visited Perth in August, last year.

“We believe his records were compromised while he was working in Nigeria,” Mr Martin said.

“Whereas in the first one, we believe that the mail had been intercepted and was being forwarded to the offender [rather than] the real estate agent and his ID was stolen as a result.”

In a WA first, the Nigerian police earlier this month agreed to assist in the investigation via the Australian Federal Police. Australian officers have no control over the Nigerian end but are hopeful they will be able to solve the who, where and how.

But there has not been such cooperation from the Bank of China, which hosted the bank accounts where the property sale proceeds were deposited and it has ignored requests for information lodged months ago.

In both cases the accounts were set up using the property owners’ real name but fake date of birth.

“[Police need] the documents that were provided to the bank to open the account and [to know] whether the funds were still in the account or if they had been removed, and if so how they were removed and which account they were transferred to,” Mr Martin said.

“We have no authority to request or execute search warrants or demand any information at all [in China], so … we’re entirely reliant on … the Bank of China assisting us on their own accord.”

Without the bank’s assistance it is unlikely the offenders will be brought to justice, or even that the cases will be solved.

“I’m not confident,” Mr Martin said.

He is preparing his final report and expects to close the case in March – only to be reopened if new evidence from Nigeria or China comes to light.

Industry ‘too slow’ to react

Mr Martin said the second fraud may not have occurred had the industry reacted to the first incident quicker.

Few in the industry had been properly briefed on what had happened and how they could prevent another incident.

Changes were swiftly implemented following the second case.

Since then, police have conducted awareness seminars for real estate agents, settlement agents and conveyancers throughout Perth and in the South West.


THE Australian Federal Police has warned that online attacks on companies are becoming more common, in the wake of the offshore cyber attack that forced the ANZ and St George banks to shut down their online broking sites.

ANZ’s E*Trade was bombarded by millions of emails in a denial of service attack, forcing it to shut the site to some users for up to two weeks over the Christmas-New Year period. St George’s directshares, which is provided by E*Trade, was also affected.

An AFP spokeswoman said while it did not have an active investigation into the attack on the broking sites, ”the AFP has been working closely with E*Trade throughout the denial of service attack”.

”Online attacks are becoming more common as organised criminal gangs and motivated individuals understand the technology of the internet and take advantage of the anonymity that comes with it,” she said.

”These groups can operate from countries with less developed legal frameworks and are increasingly sophisticated, operating from a high level of technical ability.

”The ability for criminals to use technology to commit crime, attack critical infrastructure, engage in terrorist activity and undermine national security is a very real threat.”

The scope of the threat was highlighted last month in the report 2012 Threats Predictions by security technology company, McAfee. Threats ranged from ”hactivism” – the targeting of business sites for political ends – to the vulnerability of customers using mobile devices and smartphones for banking.

”Attackers have adapted quickly to every change intended to secure banking on PCs. As we use our mobile devices ever more for banking, we will see attackers bypass PCs and go straight after mobile banking apps,” the report said.

”Hactivism” came to prominence during 2010 when activists launched denial-of-service attacks on Paypal, Visa and Mastercard, in retaliation for their refusal to process business for WikiLeaks, a move that was financially crippling the whistleblower site.

”When hactivists picked a target, that target was compromised either through a data breach or a denial of service. They are a credible force,” McAfee said.

”It is not hard to predict the evolution of the Occupy [movement] and other outraged groups to include more direct digital actions. The possibility of mating hactivist goals with industrial controller or SCADA [supervisory control and data acquisition] systems is a very real possibility.”

It said industrial and national infrastructure faced more frequent attacks, aided by the inherent weaknesses in the industrial controller systems technology. And with a nod to ”cyber armies” operating out of totalitarian countries, it predicted 2012 would be the ”Year for Cyberwar”.

The AFP spokeswoman said she could not speculate on who was behind the attack on the broking sites. She confirmed that the AFP had not received referrals from other financial institutions during the denial-of-service attack.

An international cybercrime investigation is underway into a sophisticated scam network that left a Western Australian man half a million dollars out of pocket when criminals sold his Perth investment property using stolen credentials.

WA Police car(WA Police image by Nachoman-au, CC BY-SA 3.0)

The man, Roger Mildenhall, had been overseas for more than a year when his neighbour informed him that a house of his had been put on the market and was in the process of being sold. Mildenhall then found out that another property of his had already been sold in June.

Mildenhall rushed home and action was taken to stop him losing a second property. The crimes were reported to the police last Friday.

The thieves, believed to be Nigerian, had enough information on Mildenhall to satisfy regulatory requirements.

State, federal and overseas police agencies will investigate the complex scam, which is considered the first of its kind in Australia. It is alleged scammers had stolen Mildenhall’s email account and personal and property documents to sell the houses and funnel cash into Chinese bank accounts.

Police will only confirm that the scam had occurred, but the office of the Consumer Protection Commissioner said that the hacked email account was previously used by the owner to communicate with the property manager who was also the property selling agent.

Real Estate Institute of Western Australia (REIWA) spokesperson Brian Greig said that the transactions were made via email, telephone and fax, without “interpersonal connections” with the legitimate owner.

“Agents report an increasing trend that more and more transactions are done without face-to-face interaction, particularly with overseas and interstate buyers,” Greig said.

“Until Friday, there were enough checks and balances to mitigate fraud.

“It is clear it was a sophisticated outfit that scammed the owner, the real estate agent, the settlement agent, the banks, and more importantly and critically, the Department of Land Administration (DOLA).”

Western Australia’s Real Estate and Business Agents Supervisory Board (REBA) and Settlement Agents Supervisory Board are also conducting an investigation into the incident, and have issued email warnings to all licensees in the state calling for vigilance on real estate transactions.

The Consumer Protection Commissioner Anne Driscoll has called for real estate agents to ensure that the identity of selling agents is known.

“The matter is being fully investigated. It is important that every phase of the sale and transfer process that was undertaken in this instance is reviewed, to ascertain what went wrong. This no doubt will give some clarity about what should [or] could have been done to prevent it,” Driscoll said.

“Separate to this issue, work is being done to develop standards for proposed electronic conveyancing systems. A key area of work is to establish a robust Client Identify Verification Standard.”

Greig said the real estate agent involved in the scam followed due process. He added that anticipated reforms to identity checks for property owners wishing to sell would have likely failed to catch the scammers.

“They had a comprehensive understanding of how transactions take place and of the legal processes … If they are sophisticated as they seem to be, identity checks will not be enough — they can forge them.”

He said the “reasonable steps” required and taken by the selling agent are “flawed”.

It is understood the real estate agency did not request a 100-point identity check and was not required to do so.

WA Police has confirmed an international investigation has been launched involving cybercrime and gumshoe policing and would not name agencies involved in the investigations.

The police did not rule out if the scammers had links to the man.

A request for comment has been lodged with the REBA and the Consumer Protection Commissioner on whether the identity verification process will be reformed in the industry.

The attack comes a month before National Identity Fraud Awareness Week in which the government aims to reduce the prevalence of scams.

Subscribe to Crime Files Network