A Perth businessman nearly lost $6 million to hackers but one word saved his fortune from falling into the wrong hands and disappearing forever.
Brody* was in the final stages of a multimillion-dollar property settlement when cyber criminals managed to hijack the email address of the other party involved in the deal. They then changed the bank account details to their own.
"I was just minutes away from pressing the button on the transfer," Brody told news.com.au.
"NAB was funding part of it, we were putting up a lot of the money," he added,
"The whole thing would have become very very difficult, if this [the money] had become vaporised."
It was only because a junior banker at National Australia Bank, called Stacey, spotted an anomaly in one word that the transaction was able to be stopped in time.
During a routine check in March, the entry level employee noticed the word "group" was spelt incorrectly in one of the later emails in the exchange – written as "gruop" instead.
She raised the alarm and an investigation commenced, with Brody soon learning he had been minutes away from disaster.
These scams, known as business email compromises, have "exploded" over the past two years against the backdrop of the Covid-19 pandemic.
Brody went to school with the person he was buying the property from and trusted him completely.
"I was dealing with a lifelong friend of mine and his son, these people are absolutely undoubtable. It's not like I was dealing with people I didn't know."
Everything was going well and the day before he was due to settle, he received another email from his friend saying they were no longer using NAB to deposit the money, but a bank in Singapore.
"I didn't really think twice about it," he admitted.
However, as a precaution, NAB pored over the email trail and it was here that Stacey noticed a few red flags.
Not only was the word "group" spelt wrong, but she noticed the sender was using different greetings for each email, such as "hi" and "hello".
She also noticed that the overall tone of the emails had changed.
How to spot business email compromise scams
"When the customer asked to make this transfer, everything seemed pretty normal," Stacey recalled.
"It was pretty consistent with other transfers he's made in the past and was to a regular recipient.
"But as I read through some of the previous emails between the customer and the recipient, I noticed a few changes throughout the email chain.
"I first noticed the word 'group' misspelt as 'gruop' and the tone in some of the greetings was slightly different. I could also see the account had changed to an overseas account and the date of the payment had been brought forward, so there were a few red flags jumping out at me."
Sure enough, when she rang up the intended recipient of the funds, he confirmed he had never changed the payment details and learned that his emails had been compromised.
"Thank god," Brody said. "It would be a very traumatic experience to lose that sort of money.
"Stacy at NAB was really on the ball, give her credit where credit is due. She smelled a rat and thanks to her the fraud didn't succeed."
Business email compromise scams on the rise
NAB's executive of financial crime, Chris Sheehan, said these scams had "exploded" in recent years.
"What they rely on is the payer making assumptions that the invoice they've been presented with has accurate account details, sometimes it's a business, or could be an individual," he told news.com.au.
"That's what makes them so difficult to detect."
The real recipient will "contact the customer to say where's our money, then it will become apparent they were scammed".
In a word of warning, the former Australian Federal Police officer advised anyone making a large transaction to "double and triple check".
"The reality is once you hit send and the money leaves the bank's control, it can be very difficult to get it back."
For example, Sheehan explained how he had recently purchased a house and "before I sent the money, I rang the solicitor and verbally ensured the account number and account name".
In another concerning trend, the security expert said that the people behind these were sophisticated, well resourced career criminals.
"The vast majority of these [cyber criminals] aren't lone offenders sitting in a basement," Sheehan said.
"What we're dealing with are highly sophisticated transnational crime groups. They are supremely well resourced. These are the same groups engaged in drug trafficking and human trafficking. Because [these scams] are all digital, you can access an enormous number of victims at a very low cost."
Unfortunately, had Brody had fallen for this scam, the bank wouldn't have compensated him.
"If the victim has authorised the transaction of their own volition, generally speaking the loss will be on them," Sheehan added.