Phishing scams – a risk to no longer ignore

Phishing is a threat that impacts all industries – including legal and property.

According to the ACCC’s Scamwatch, in 2020, $176 million was lost to scams in Australia. The total number of reported scams also rose 23.1% year-on-year to a total of 216,089.

Additionally, in its latest Targeting Scams report, business email compromise was the number one contributor to financial losses within Australia – costing organisations $132 million in 2019.

ACCC data confirms that email phishing is the most common type of scam and the primary threat to businesses.

Louisa Vogelenzang, Associate Managing Director & Country Leader (Australia) – Cyber Risk, Kroll explains why property is a prime target for criminals.

“Cyber criminals may prey on the property industry, due to the large sums of money involved in transactions, and the fact that property transactions naturally occur within the context of strict deadlines and an element of excitement.


“While senior executive accounts are commonly targeted in BEC incidents, it is important to note that any employee routinely accessing customer account data or treasury functions is at risk.”

Case study

The threat of email phishing is a global risk. At the beginning of 2021, the Government of Western Australia, Department of Mines, Industry Regulation and Safety released a statement which included a recent fraud case of one couple’s cybercrime experience while buying their first home. After cloning the settlement representative’s email address, scammers stole almost $133,000 from the Thornlie couple.

They received an email from whom they thought was the settlement representative asking for a payment of $110,000, including bank account details to direct the funds.

In this case, the email address was almost identical to their representative’s.

The announcement stated that: “Not realising this, the victim transferred three payments amounting to $110,000 on 15 and 16 December 2020, then made a further payment supposedly for stamp duty of $22,981.40 on 21 December 2020. Settlement was scheduled for 23 December 2020.

“When the victim received an additional email asking for payment of the balance of $480,000, he forwarded the email to his mortgage broker and it was then that the couple discovered they had been scammed, turning their excitement into horror. The bank could not retrieve the funds and they were forced to withdraw from purchasing the property.”


Situations to avoid

The above case study is just one of many examples of how cybercriminals can compromise emails containing sensitive information.

In general terms, the below are known instances which introduce risk of fraud during property settlements:

  • The Subscriber has requested details from the client via email. This email is then intercepted by a third party.
  • The Subscriber is communicating with their client via email. The fraudster has compromised either the Subscriber or the client’s email account and is falsely posing as the party.
  • Details provided to the Subscriber by the client were not verbally confirmed and contained incorrect/fraudulent bank details.
  • Having previously only communicated via phone call or PEXA Key, a fraudster posing as a client requests that the conversation moves to a new channel, such as WhatsApp, in order to conduct fraud.
  • A fraudster posing as a client sends new bank details as a screenshot from a different number through third party messaging services, such as WhatsApp.

In any of the above scenarios, it’s vital to be certain that the communication you have received is from a legitimate source and if uncertain, verify over the phone with the relevant party.

How to protect yourself

When engaging with your clients and communicating confidential and private information, do not use email. If communicating account details for a property transaction, tools such as PEXA Key are available to mitigate this risk for your business and your clients.

If you receive an email you believe to be suspicious:

  • Do not respond.
  • Do not click links or download attachments.
  • Engage your relevant security administrator.
  • Delete the email, once it has been provided for analysis.

If you click on a link within a phishing email:

  • Contact the PEXA Support Centre immediately, who will connect you with our Security team.
  • Additionally, engage your relevant security administrator.
  • Report scams to the ACCC via the ScamWatch report a scam page.
Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by keyword