Deposit interception ‘a great way for a criminal to make money’, warns Senator Paterson

“There is probably no larger digital transaction that most Australians will do in their lifetime than entering into a mortgage or buying a property,” Senator Paterson said.

“Just thinking about the money transferred to pay a deposit, for example, is a great way for a criminal to make a lot of money,” he said.

Indeed, the mortgage industry has been victim to several deposit interception attacks in the past year, with several brokers having found that their emails had been cloned and their clients’ deposits paid into the wrong accounts.

Mr Paterson continued: “We need to make those systems more resilient.

“The banks have a big responsibility here because they facilitate most of those transactions and they do have the resources to step in and make sure that that is a secure transaction.”

Ever tightening cyber security laws for mortgage service providers and lenders should help prevent email hacks and data breaches, but questions should always be asked, Major General (Ret’d) Dr Marcus Thompson, former head of the Department of Defence’s Information Warfare Division, has previously flagged.

Speaking to The Adviser earlier this year, he suggested brokers should take action — and ask their aggregators or web providers the following questions to ensure they are adequately protected.

These questions include:

• What are our targetable vulnerabilities and how might a threat target our vulnerabilities? 
• What thresholds exist to disconnect systems and/or users? 
• Do we have multi-factor authentication for our systems?
• Are we compliant with the ASD Essential Eight, CPS 234, ISO 27001, etc?  
• Is our data encrypted (both in transit and at rest)?
• Is data being backed up?
• What security breach reporting thresholds have been set (chief executive, board, ACSC, law enforcement, etc)? 
• Do we have a baseline for the security of our systems? 
• What is/are our response contingency plan/s? 
• Who has authority to activate the contingency and incident management plan(s)? 

Lurking threats of cyber attacks

“The first step to having strong cyber protections in place is to understand that there is a threat, and what information would be particularly at risk/vulnerable to attack due to its inherent value,” Dr Thompson explained.

“The time to be thinking about a response is well before a response is required,” he explained.

“Once an incident occurs, it’s too late to be thinking about that.”

Dr Thompson’s warnings have followed multiple incidents of malicious cyber attacks in the financial services sector, with studies revealing last year that the industry suffered the highest number of data breaches between January and July 2021.

In October 2022, the Australian Competition & Consumer Commission (ACCC) received the “highest number of scams reports for any month” in the year, with approximately 22,300 reports made and reportedly almost $50 million lost.

In addition, the Australian Cyber Security Centre saw over 76,000 cyber crime reports in the 2021–22 financial year, showing an increase in scams by 13 per cent.

The Assistant Treasurer and Minister for Financial Services, Stephen Jones, has also said that banks are “tempting targets” for cyber criminals and scammers, with Westpac reporting that they have blocked over 700,000 attempted attacks on their internet-facing applications in August of this year, along with NAB reporting 50 million attacks each month.

“Fraud, online shopping, and online banking cyber crime types accounting for 54 per cent of all reports,” Mr Jones stated.

“And the customer-owned sector is not immune from this issue, with your sector dealing with, on average, hundreds of thousands of scams attempts per year.”

According to the Treasurer, Australians have lost at least $2 billion to scams last year with that number expected to double to $4 billion in 2022.

You can hear more from James Paterson and the issue of cyber security in Australia on The Adviser Podcast Network.

Tune in to the episode with the shadow minister for cyber security and shadow minister for countering foreign interference to find out how and why foreign interference and espionage have overtaken terrorism as the primary security concern for Australia, here.

[Related: In Focus: The changing face of foreign interference, with Senator James Paterson]