News & Insights

Gallagher’s cyber security webinar alerted client to $115,000 scam

Published 06 July 2018

This insurance client posted his truck and caravan for sale on Gumtree and got a bite from a would-be buyer, but thanks to Gallagher's Ransomware and Phishing Attacks webinar he recognised the tell-tale signs of a cleverly set up scam.

Queensland energy industry expert Barry Chappel runs his own business providing regulatory compliance training for electrical workers, which he jokingly dubbed GNiT: Grey Nomad in Training when he set it up some six years ago.

In the meantime, though, Barry actually graduated from his own recreational course, taking his Iveco truck and 28-foot fifth wheeler caravan right around Australia. It was a case of 'been there, done that' and so he listed his mobile home away from home on Gumtree at an asking price of $115,000.

Barry belongs to the Institute for Learning Professionals (ILP) and consequently gets his professional liability insurance from Gallagher through the association, which is why he tuned in to the webinar that Gallagher in partnership with IT partner SECMON1 made available through Gallagher's Access1st association member benefits program.

Coincidentally on the same day he received a message purporting to be from a buyer for the caravan and claiming to be willing to pay the asking price. “They didn’t ask any questions about the caravan,” Barry recalls, but the main thing that caught his attention was the email address.

Just as the webinar warned, the nondescript email address did not come from any recognisable carrier. When Barry didn’t respond to the offer the sender sent a text message to his mobile number but Barry still wasn’t tempted to engage with the supposed would-be buyer. It's just as well, because it could have cost him the entire $115,000 asking price.

The ‘PayPal’ scam

Cyber security consultant Chris McNaughton from SECMON1 says Barry’s experience has all the hallmarks of a current ‘PayPal’ scam that targets vehicles for private sale. Here’s how it works:

  1. The seller puts an ad on an online site such as Gumtree or eBay for the sale of a vehicle.
  2. The seller gets a phone text message from the scammer asking if the car is still available. Then
    • the scammer asks the seller to contact them via an email address
    • the scammer will often say they are at sea and don’t have access to a phone
    • they will not want to inspect the vehicle
    • they say they will pay via PayPal
    • they say they will send a courier to collect the vehicle.
  3. The scammer then emails a fake PayPal transaction report to the seller showing that they have paid for the vehicle.
  4. The courier picks the vehicle up.
  5. The funds never arrive in the seller’s account and the vehicle is gone.

The person supposedly interested in buying Barry’s caravan and truck went quiet for a month and then sent another identical email without reference to any previous communication. Barry ignored that one too, avoiding a potential scam that would have cost him the funds for his next ‘in training’ adventure.

Want to learn more?

You can view SECMON1's full IT security webinar here.

Check out this infographic to read 20 key facts about cyber crime in Australia. And if you're interested in finding out how cyber insurance can help protect your business, click below to contact Gallagher's cyber security specialists.

Connect with an expert


Further reading

Cyber insurance

Do I need cyber-liability insurance?

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312

Negotiating with a hacker in a ransomware attack on a business
Cyber | Article

Negotiating with a hacker in a ransomware attack on a business

07 July 2022
Legal penalty highlights businesses’ cyber security obligations
Cyber | Article

Legal penalty highlights businesses’ cyber security obligations

21 June 2022
Adapting your risk management protections to match evolving cyber cover
Cyber | Report

Adapting your risk management protections to match evolving cyber cover

31 May 2022