If you’ve been targeted by a phishing scam, you may be feeling overwhelmed and unsure of where to turn.
Phishing fraud often involves tricking individuals into revealing sensitive information, such as bank account details, by pretending to be a legitimate business. This type of scam has become increasingly common in Australia, especially in business transactions.
Business email fraud occurs when hackers gain access to email accounts, intercept legitimate communications, and target business transactions by altering bank account numbers to divert funds. Often, these attacks involve spoofing or compromising email systems, tricking victims into sending money to fraudulent accounts.
Hope for Victims of Phishing Fraud
If you have been targeted by a phishing scam during a legitimate business transaction with an entity such as an accountant, settlement agent, financial advisor or a bank, the company you were dealing with—though it may appear innocent—could be responsible for failing to protect its communications and allowing the scam to happen.
The Duty of Financial Services Licensees Under the Law
The Corporations Act 2001 (Cth) imposes a duty of care on companies and financial services providers in Australia. Under Section 912A financial services licensees are required to:
- act efficiently, honestly, and fairly in providing financial services; and,
- maintain adequate risk management systems to protect client funds and sensitive information.
This duty extends to ensuring that corporations implement strong cybersecurity measures to prevent fraud and unauthorised access to client data.
Financial services licensees have an obligation to implement and maintain effective IT security systems. ASIC Regulatory Guide 104 requires entities holding an Australian Financial Services Licence (AFSL), such as banks, financial advisers, and brokers, to regularly review the adequacy of IT systems. This would include the duty to:
- secure their electronic communications, including email systems; and,
- implement measures like encryption, two-factor authentication and fraud detection systems to safeguard client information.
Failure to do so may constitute a breach of their duty of care, opening the door to potential claims by victims of phishing fraud.
Duties of Other Sectors
Beyond financial institutions, other sectors such as accounting and real estate are also required to protect sensitive client information through cybersecurity measures.
- Accountants: Accountants who handle sensitive financial and personal information are subject to several regulations, including the Code of Professional Conduct in the Tax Agent Services Act 2009 (Cth), which requires them to act in the best interests of clients, to maintain confidentiality and act competently.
- Settlement Agents: Similarly, settlement agents are bound by the Settlement Agents Code of Conduct 2016 to exercise due care, diligence and skill, and to treat information they receive from clients as confidential.
General Duty of Care Under Common Law
In addition to statutory obligations, corporations across all sectors are subject to a duty of care under common law. This duty requires corporations to act reasonably in their business practices to avoid foreseeable harm to their clients, which extends to protecting clients from cyber threats.
If a corporation fails to implement cybersecurity measures, and that failure results in harm—such as financial loss due to a cyber attack—the corporation could be found to have breached its duty of care. For example, if an accountant fails to secure email communications, leading to a phishing scam, they could be held liable in negligence.
How to Recover Your Loss
If you’ve fallen victim to a phishing scam and suffered financial losses, you should take legal advice from a competent Australian lawyer for advice on whether the damages you have suffered arose due to the failure by a corporation to meet their duty of care.
To establish liability, it must be shown that the institution’s failure to implement adequate cybersecurity measures directly led to your loss.
In these cases, you will need to engage a cybersecurity expert to investigate the cause and effect of the breach to determine who is responsible for the phishing scam.
A cybersecurity expert has the expertise to analyse digital evidence such as email logs, IP addresses, and timestamps to trace the scammer’s movements. They can also assess whether adequate security protocols were in place, like encryption, two-factor authentication, and software updates. This will help in establishing the technical aspects of the breach.
Take Action Today
We strongly encourage you to reach out to our experienced legal team, who specialise in commercial litigation. If you believe you have been a victim of phishing fraud, get in touch today for a free initial telephone conversation.
This article/post is provided for general information purposes only and does not constitute any Legal Advice. It does not take into account your objectives, instructions or all of the relevant facts and/or circumstances. Will Vogt or Vogt Legal accepts no responsibility to any persons who relies on the information provided on this website.
Author
Published in: Articles
Share
More articles by Malcolm Harris
Latest articles
- Applications for Leave to Review: Guiding Self-Represented Litigants
- Victim of Email Scam Fraud? Understand your Legal Recourse
- My Building Inspector Failed to Report a Defect in the Pre-Purchase Inspection Report. Can I Recover my Financial Loss From the Building Inspector?
- Part 2: Can a Homeowner recover added loan interest payments arising from a Builder’s delay? The answer is still “yes”.
- Homeowners, Are you ready to recover from your Builder loss & damage for delay in completion?