Property settlement scams are becoming a growing threat in the Australian property industry and practitioners need to be on alert more than ever before.
Large financial transactions and reliance on email communication during settlements have created an attractive target for criminals.
Most commonly characterised as a payment redirection scam, these schemes are becoming increasingly sophisticated in the ways victims are tricked into sending large sums to the wrong bank account by impersonating trusted parties in a transaction.
That rising sophistication is evidenced in the techniques used to deceive people. It may be an almost unnoticeable change to an email address or a wayward punctuation mark and the entire proceeds of a property transaction can be at risk of disappearing. Unlike a fraudulent credit card transaction, money lost to scammers in a property transaction can be much, much more difficult to recoup.
For a home buyer or seller, the outcome is devastating. Entire life savings can be gone in an instant, and once the fraudulent transfer is complete, there is often little that can be done. Many buyers and sellers don’t expect their property transactions to be targeted and scammers are primed to exploit this.
This is why awareness and education about how property scams work is so critical.
There are five key scenarios which scammers use to trick parties involved in a property transaction:
- Email compromise: the scammer gains access to or mimics the email account of a party involved in the settlement – usually a solicitor or real estate agent – and creates a lookalike email address almost identical to the legitimate one.
- Timing the fraud: the attacker monitors the progress of the transaction and swoops just before payment is due, sending a seemingly genuine email to the buyer (or sometimes the seller or practitioner) with revised bank details.
- Deceiving the victim: the fraudulent email often includes legitimate looking letterheads, signatures and even attached documents to appear credible. The scammer’s email will urgently request that the upcoming payment be sent to the ‘new’ bank account.
- Funds redirected: when victims believe the communication is authentic, they transfer the funds to the provided account. Once funds are sent, the scammers quickly withdraw or launder the funds.
- Discovery of the scam: usually the scam only comes to light when the genuine party awaiting the funds follows up on a missing payment. By then it is too late, and the money has vanished.
Being scam aware is not an individual responsibility, it is a shared one. Each party involved in a property transaction has a role in preventing scams and a stake in the outcome.
Practitioners are generally the party on the transaction front line and have professional obligations to protect their client’s interests. Cyber hygiene is critical in terms of liability and integral to duty of care responsibilities.
It is advised that strict processes are implemented for verifying client instructions: for instance, many firms now explicitly warn clients they will never email bank detail changes, so clients are aware not to trust such emails. Clear communication from the outset with clients is vital – by educating clients about scams from day one, practitioners can shut down the scammers’ window of opportunity. Practitioners must also secure their own systems using strong passwords, up-to-date security software and secure platforms like PEXA for settlement.
Banks and financial institutions also have legal obligations to protect customers, such as flagging unusual large transfers, checking for mismatched account details and issuing warnings for risky transactions. Many banks already display pop-up warnings in online banking when transferring to a new payee, reminding customers about scam risks. Recently the Federal Government introduced its scam-fighting legislation to better protect Australians and hold banks to account for the actions they have put in place to protect customers.
PEXA understands the importance of secure property settlements. We continuously invest in security measures, from enforcing multi-factor authentication for platform users to monitoring transactions for red flags that might indicate tampering. The PEXA security team will alert practitioners to any suspicious activity such as sudden changes to the settlement account or new user additions to an account. The introduction of the free PEXA Key app was a direct response to the email scam threat and provides a safe alternative for exchanging account details.
PEXA firmly believe that by working together, the industry can outsmart the scammers and ensure the home ownership journey is safe and positive. The core advice? Stop. Check. Protect.
By Graham Fairley, Chief Information and Security Officer.
Share this article