Scammers particularly singling out mortgage lenders, conveyancing lawyers
There has been an uptick in cyber criminals targeting the property and real estate sector in Australia, according to the Australian Cyber Security Centre (ACSC).
The ACSC warned that it had observed a spike in business email compromise (BEC) scams targeting the property and real estate industry. In a BEC scam, cyber criminals pose as a legitimate business and send fraudulent emails to the business’s customers or clients. In a property-related BEC, cyber criminals illegally gain access to emails or impersonate businesses to scam people attempting to buy, sell or lease property.
In a typical scam, the fraudster will impersonate a party to a property transaction, such as a real estate agent or conveyancer, and include illegitimate bank details for settlement or rental payments. The victim, assuming the request is legitimate, unknowingly sends the payment to the scammer’s bank account.
“Successful BECs can go unnoticed for weeks until businesses follow up on a missing payment,” the ACSC said.
Cyber criminals are targeting all parties involved in the real estate sector, with a particular focus on impersonating conveyancing lawyers, the ACSC said. The fraudsters are also singling out mortgage lenders in order to steal property settlements.
Fraudulent emails may come from hacked accounts. Scammers may also register domain names that are similar to those of legitimate companies – typically by swapping letters or adding additional characters. They may also create email addresses with Gmail, Yahoo or Outlook that use legitimate business names. At a glance, these email addresses can look legitimate, the ACSC said.
The agency warned that settlement agents and lawyers should be wary of updating bank account details – particularly before updating Property Exchange Australia (PEXA).
Read more: Cyber threats on the rise: What brokers can do about them
“When cybercriminals impersonate a property seller and request their bank details to be updated, settlement agents using PEXA will change these details in the system,” the ACSC said. “PEXA remains secure yet the new bank account details are fraudulent, resulting in the buyer sending funds to the cybercriminal’s bank account.”
The agency said the uptick in BEC scams in the sector has “potential for significant financial harm.”
“All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods,” the ACSC said. “This includes real estate agents, conveyancers and lawyers, mortgage lenders and any clients of these businesses.”