Industry on alert as scams spike amidst market boom

Residential property is Australia’s largest asset class.

Today, the sector is worth more than $8 trillion[i] and is estimated to hit $10 trillion at the end of the year,[ii]

Property is a vital pillar of our nation’s economy – and particularly pertinent in Queensland, where the property market continues to thrive despite the disruption caused nationally by COVID-19.

Queensland was the only mainland state to record quarter-on-quarter growth in sales settlements – a nationwide high of more than 59,000 property transactions in the first quarter of the 2022 financial year, according to the latest Property and Mortgage Insights (PMI) Report from PEXA Insights.

In the September quarter alone, more than $42 billion worth of property was exchanged in Queensland.

However, coinciding with the exponential growth of the state’s property market and subsequent increase in property settlements, there has been an unfortunate spike in scams.

This is a threat that is costing businesses significant sums of money. According to the ACCC’s Scamwatch, in 2020, $176 million was lost to scams in Australia. The total number of reported scams also rose 23.1% year-on-year to a total of 216,089.

Additionally, in its latest Targeting Scams report, business email compromise (BEC) was the number one contributor to financial losses within Australia – costing organisations $132 million in 2019.

BECs were also the subject of a recent alert sent out by the Australian Cyber Security Centre (ACSC), noting the current high volume of these scams.

Scammers are clever and deliberate, setting out to trick people into transferring funds or disclosing sensitive information. With more settlements than ever before taking place in the Sunshine State and the busy end-of-year rush still to come, the onus is on practitioners to be wary of potentially nefarious activities.

What do these emails look like?

These fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies (typically by swapping letters or adding additional characters).

They might also create email addresses with Gmail, Yahoo or Outlook that use the legitimate business name. At a quick glance, an email address may look legitimate when in fact it is being operated by a cybercriminal.

Cybercriminals are targeting all parties in the buying and selling chain, with a particular focus on impersonating conveyancing lawyers and communicating with their clients. They are also singling out mortgage lenders in order to intercept property settlements.

In an article that appeared in QLS Proctor earlier this year, Louisa Vogelenzang, Associate Managing Director & Country Leader (Australia) – Cyber Risk at Kroll, explained why property is a prime target for criminals.

“Cyber criminals may prey on the property industry, due to the large sums of money involved in transactions, and the fact that property transactions naturally occur within the context of strict deadlines and an element of excitement.”

“While senior executive accounts are commonly targeted in BEC incidents, it is important to note that any employee routinely accessing customer account data or treasury functions is at risk.”

Situations to avoid

In general terms, the below are known instances which introduce risk of fraud during digital property settlements:

  • The practitioner has requested details from the client via email. This email is then intercepted by a third party.
  • The practitioner is communicating with their client via email. The fraudster has compromised either the subscriber or the client’s email account and is falsely posing as the party.
  • Details provided to the practitioner by the client were not verbally confirmed and contained incorrect/fraudulent bank details.
  • Having previously only communicated via phone call, a fraudster posing as a client requests that the conversation moves to a new channel, such as WhatsApp, in order to conduct fraud. 
  • A fraudster posing as a client sends new bank details as a screenshot from a different number through third party messaging services, such as WhatsApp.

In any of the above scenarios, it’s vital to be certain that the communication you have received is from a legitimate source and, if uncertain, verify over the phone with the relevant party.

If you receive an email you believe to be suspicious:

  • Do not respond.
  • Do not click links or download attachments.
  • Engage your relevant security administrator.
  • Delete the email, once it has been provided for analysis.

How to protect yourself

When engaging with your clients and communicating confidential and private information, do not use email. If communicating account details for a property transaction, tools such as PEXA Key are available to mitigate this risk for your business and your clients.

David Willett, Chief Information Security Officer, PEXA, advises that email is not a safe channel for the communication of sensitive information when dealing in the digital world and to always remain vigilant and always verify. This is especially the case for parties to a property settlement transaction in a market.

“Protecting yourself, your business and your clients against BEC scams is vital and we strongly recommend the use of PEXA Key as a secure method for practitioners and homebuyers or sellers to share financial account details, mitigating the risks associated with email,” Mr Willet said.

“PEXA Key uses encryption to safeguard the communication of account details. This ensures confidential information, like bank and trust account details, cannot be intercepted by cyber criminals, keeping transactions safe from this type of fraud.

“Additionally, the PEXA Key Secure Communication Guarantee provides protection to buyers and sellers if the communication of bank account details between the buyer/seller and their practitioner’s PEXA Workspace is corrupted within PEXA or intercepted due to fraud – up to $2 million.”

The Queensland property market is expected to continue its boom, resulting in an influx in settlement volumes for practitioners. You can help protect yourself, your business and your clients from cyber risks by remaining alert and verifying where necessary.

You should ensure that you take steps to help mitigate a cyber security attack – maintaining vigilance when sharing sensitive information is the key to this process.


[i] Total value of residential dwellings exceeds $8 trillion, Australian Bureau of Statistics, 15 June 2021.

[ii] ‘Australia’s housing stock could reach $10 trillion in December’,, 2 October 2021.

This sponsored content article represents the views of the sponsor and does not necessarily reflect the views of Queensland Law Society

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by keyword