On the verge of buying a home in Sydney's notoriously tough property market, first homebuyer Ilya Fomin was ecstatic.
He had secured a two-bedroom apartment close to a train station, shops and nature walks in the south-west.
But the young scientist's elation turned to panic when he discovered his money had vanished.
The 34-year-old says losing life savings of $280,000 felt like being in a nightmare he couldn't wake up from.
"That was such a huge shock," he says.
Mr Fomin believes criminals impersonated his law firm and tricked him into transferring his savings into a bank account they controlled.
He admitted making crucial mistakes, however Mr Fomin says his case reveals a shocking lack of safeguards.
"This is not (the) mistake of one person," he says.
"There are at least two banks, a law firm, me and the legislation which allowed this to happen."
New laws announced on Thursday by the Albanese government will place new obligations on banks and other industries to prevent scams like this.
Banks could also be forced to pay compensation and face a large penalty.
Minister for Financial Services Stephen Jones said Mr Fomin's case showed current protections are, "not adequate".
For Mr Fomin, it is too little, too late.
Banks, telcos and tech giants face $50 million fines
On Thursday, Mr Jones released long-awaited details of the draft laws which would force banks, phone providers and tech giants to do more under mandatory codes.
"We want to ensure that the best protections anywhere in the world are available," he says.
Australians reported more than 601,000 scams in 2023 — a record number and an increase of 18.5 per cent on the previous year, costing victims $2.74 billion, according to the Australian Competition and Consumer Commission.
The new codes will create new obligations around preventing, detecting, and disrupting scams, as well as responding to and reporting the crimes.
Companies that fail to meet their obligations face massive fines of up to $50 million and may be forced to compensate victims.
The government insists more people will receive compensation under the changes.
But the government has rejected calls from consumer groups to follow the United Kingdom's approach of making banks solely responsible.
Instead, liability will be shared amongst industries, Mr Jones said.
For the first time tech giants like Google, TikTok and Facebook will be made responsible for scams they're accused of allowing to flourish on their platforms.
"I'm not going to let the social media platforms off the hook," he said.
"If they're taking money to advertise scam content and somebody loses money as a result of that, then there has to be a consequence."
Scam victims will be able to seek compensation from a digital platform or a telco, as well as the sending and receiving bank by taking their case to the ombudsman, the Australian Financial Complaints Authority (AFCA), under a dramatically expanded role.
But the tech companies aren't happy and have previously pushed back on the mandatory changes.
In July, tech giants X (formerly Twitter), Google, Meta (owners of Facebook and Instagram), TikTok and others signed on to a voluntary industry code to combat scams which included measures about blocking, reporting and taking down scam content.
Google warned it was not feasible for the search engine to prevent all scam websites appearing in its results.
"The framework could therefore open Google up to a huge number of claims for compensation from individuals where Google cannot realistically control its exposure," it said.
However, Mr Jones rejected that argument.
He said meeting the code would be part of tech companies' social licence to operate.
In a statement issued today, the developer of the voluntary code for the tech sector, the Digital Industry Group Inc. (DIGI) said its intention was to complement government initiatives and it would "continue to work with government to fight scammers".
It said the sector was not pushing back against the government's plans.
While the exact obligations haven't been worked out, Mr Jones gave some examples:
- Banks will have to have confirmation of payee technology so a customer is alerted before paying if the account receiving their money is owned by the person they want to pay or someone else.
- After being informed of a scam, banks will have to report it to authorities and rapidly respond – to attempt to stop a payment going through.
- Banks will need to identify and shut down "money mule" accounts used to receive and shift scam victim's money, usually offshore.
- Digital platforms like Facebook, YouTube and Google will have to verify the identity of advertisers and ensure their content is legal.
- Phone providers must verify who is sending text messages and block numbers making scam calls.
The Australian Competition and Consumer Commission (ACCC) will be in charge of enforcement – a maximum $50 million penalty will exist for a tier-one breach – which will cover failing to prevent, detect or respond to a scam.
Lesser offences would have a maximum penalty of $10 million.
Crypto platforms, superannuation funds and online marketplaces haven't been included.
Scam victims able to seek compensation from multiple companies
Australia is taking a unique approach in making service providers across different industries share liability for scams.
It will allow scam victims to take disputes to the ombudsman, known as AFCA, against multiple parties – banks, digital platforms and/or a telco depending on the scam.
The current maximum payout for a consumer at AFCA is about $1.2 million.
Leading consumer groups Consumer Action Law Centre, Choice and the Australian Communications Consumer Action Network have raised concerns the system would be, "virtually impossible for consumers to navigate".
They wrote in an earlier submission to government, "victims of scams should not have to wait while industries duke it out over who failed the consumer more".
Instead, they unsuccessfully called for a system where people could be reimbursed by banks and then banks could recover scam losses from other companies.
The United Kingdom is about to begin a compulsory world-first scheme that will see banks reimburse victims a maximum of $166,000.
It replaces a voluntary reimbursement model which has been in place since 2019.
Australian banks have fought hard against the UK model, saying it places an unfair burden on them given many scams originate with phone calls, text messages or on digital platforms.
It has also claimed it will make Australia a "honey pot" for scammers, something that's been rejected by the UK regulator and some banks.
Bank staff consulted before transaction
The government's ambitious plan aims to prevent more people like Mr Fomin becoming scam victims.
His case shows that won't be easy.
The fraudulent emails sent to Mr Fomin included the real details of his law firm Colquhoun & Colquhoun. The email impersonated a staff member he'd been dealing with and included the firm's phone number, street address and web address.
There was also the address of the property he was buying, the amount he needed to pay and the settlement date.
To divert the payment, the scammer told Mr Fomin that his lawyer's usual trust account was being audited and they sent him a Commonwealth Bank statement with an account name that listed his law firm.
Feeling uncertain about the change, Mr Fomin, a National Australia Bank customer, went into a branch for help.
He said he showed bank staff the email and asked for advice before going ahead.
Mr Fomin later received a copy of a form filled out by a bank staff member he'd been speaking with called a "Scams Security Questionnaire" intended to "identify red flags."
The staff member wrote, "I am comfortable to proceed with the transaction".
"When the fraud was discovered, the money was already gone," Mr Fromin said.
It was only after Mr Fomin was notified of the scam that he looked at the emails again and realised they had come from a Hotmail account.
Mr Fomin suspects he transferred his money to a bank account that did not have the name "Colquhoun & Colquhoun Solicitors Trust Account."
Mr Fomin believes his bank, NAB should have checked the details of the Commonwealth account.
However, NAB's Chris Sheehan said that is not the process the bank follows.
When a customer comes into a branch asking for help with a payment, the bank's staff puts the onus back on the customer.
"We specifically ask if they've confirmed the account payment details are correct with the person they're looking to pay, where that works people generally don't fall into these scams," Mr Sheehan, NAB's Executive Group, Investigations and Fraud said.
Mr Fomin and NAB are in dispute over what he was told in the bank.
Pressed about whether the bank had failed to identify red flags, Mr Sheehan responded by saying, "It would be disappointing, but I don't believe that's the case,"
He added that staff were not experts on identifying problematic emails.
To combat scams NAB says it alerts customers using internet banking to suspicious payments, has removed links from text messages it sends customers and has put protections around phone numbers it uses, amongst other measures.
Mr Fomin believes if NAB had confirmation of payee technology in place it could have prevented the scam.
The technology allows customers to check an account name and other details to ensure they're paying into the right bank account and receive a warning if they don't match.
The Australian Banking Association says it will be in place for all banks in 2025.
When the ABC asked the Commonwealth Bank if the account name Mr Fomin paid matched what he had been told, it didn't respond.
It has closed the account but his money could not be recovered.
Case remains under investigation
Mr Fomin is telling his story because he believes there is an urgent need for better system-wide protection.
"There was a huge emotional stress to show my face to actually say that I am a victim.
"I'm doing it to protect other Australians."
He said being a scam victim was a lonely experience and that must change.
"I was supported by my friends and I didn't find much support, neither from the banks, nor from the lawyers, nor from the government," he said.
The scam has had a devastating impact on his future by adding many years to his home loan repayments.
He's not just disappointed with the banks involved, he believes law firms in this situation should have a responsibility to warn clients about the risks.
But a complaint to the NSW Legal Services Commissioner was unsuccessful.
His law firm put the onus on Mr Fomin for not detecting the fraudulent email because it, "was clearly suspicious" and said the risks were mentioned in correspondence.
Mr Fomin's case remains under investigation by NSW Police.
His law firm did not respond to repeated requests for comment, but previously told Mr Fomin their external IT consultant confirmed their system was not breached.
Mr Fomin has an ongoing dispute against his bank before the financial ombudsman AFCA.
NAB has refused to reimburse him but is offering to pay him $6,000 if he closes the complaint, according to Mr Fomin.
Mr Jones said if the government's new laws were in place he believed it could have prevented Mr Fomin from losing his life savings.
"If our codes had been in place, he would have had a confirmation of payee.
"He would have seen the account that he was paying the money into, and he would have protected himself."
Loading...