Buyers warned to be cautious amid a rise in real estate scams

Australia’s real estate industry is increasingly being targeted by a scam which has already fleeced almost $2.7 million from victims in the first half of this year.

Cybercriminals are cashing in on the nation’s property obsession, duping all parties involved in the buying, selling and leasing of property.

The Australian Cyber Security Centre says payment redirection scams – also known as business email compromise –  are a growing trend in real estate.

Some property scams can be difficult to spot. Picture: Getty

The scams involve targeted phishing and hacking of a business. Fraudsters typically impersonate businesses or their employees via email, requesting clients send upcoming payments to a fake account.

In the first half of 2022 alone, there have been 56 reports of payment redirection scams in the property industry, with almost $2.7 million lost, according to Scamwatch.

“Every agent would have a story,” said Tim McKibbin, chief executive of the Real Estate Institute of New South Wales.

“I’d be hearing of things on a weekly basis where people are being hacked.

“Alarmingly, the sophistication of what they’re doing is increasingly improving.”

In October last year, a Tasmanian victim was conned out of $1.2 million when arranging to buy a house.

Scammers hacked an email from the conveyancer to the victim, and altered the account payment information.

A Canberra homebuyer was also fleeced more than $1 million after unknowingly depositing the money into a fake bank account during a property settlement in 2021.

And in April this year, a Western Australian homebuyer lost about $732,000 after scammers intercepted emails between her and her settlement agent. They impersonated the agent and asked for the money to be deposited into an account they controlled.

Mr McKibbin said the sheer number of scammers and their sophistication had markedly improved.

“You only needed an eye for detail five, six years ago at the amateurish attempts to extort money,” he said.

“That’s changed now. It’s becoming increasingly more difficult to detect if they are frauds.”

Mr McKibbon said the sector had to stay vigilant and constantly review its procedures to beat scammers.

“I don’t think we’ll ever, at least in the foreseeable future, be able to tick the box and say, ‘We’ve got a system’,” he said.

While cybercriminals are targeting all parties in the real estate sector, they’re particularly focused on impersonating conveyancers and communicating with their clients, the Australian Cyber Security Centre says.

They are also singling out lenders in order to intercept property settlements.

Australian Institute of Conveyancers (AIC) president Michelle Kent said conveyers have been trained to manage cyber risks and must have high IT safeguards in place when transacting property settlements online.

But generally the scams unfold after a client opens emails in an unsecured WIFI network, or clicks a link that downloads spyware, she said.

“From there, the impersonating begins and a client can be tricked into transferring funds,” she added.

She said as a minimum, conveyancers would never email a request for account details.

“It just doesn’t happen. We all have our own procedures around that. Personally, I prefer to get clients in person and there’s a number of cross references that happen between that point and then settlement,” she added.

Ms Kent said the banks needed to do more to eliminate the risks.

“It was not that long ago that property settlements required the exchanging of cheques that were verified, by matching the account name with the account number,” she said.

“Having progressed toward an online eConveyancing platform … the banks have effectively regressed further from verifying and validating cheques.”

The AIC has called for a confirmation of payee initiative, similar to one in the UK, to be introduced in Australia so banking groups have a way to cross reference and provide alerts when names don’t match account details.

The ACCC also wants a similar initiative. In July, the ACCC’s then-deputy chair Delia Rickard said introducing confirmation of payees by banks “would have an impact” on reducing scam losses.

The Australian Banking Association told Mortgage Choice banks are working hard to protect customers against scams and encouraging increased use of PayID was part of this.

“Payments made to a PayID gives the user the ability to see the name of the account holder before they transfer their funds. It’s free to register, easy to use and to date there are more than 11 million PayIDs registered in Australia,” a spokesman said.

To avoid getting scammed, the ACCC recommends people always check account details are correct before sending money, by calling the person you’re paying on a number you’ve sourced independently.

Tips to avoid getting caught in a property scam

Property scams are not limited to payment redirection or Business Email Compromise scams. Unfortunately instances of cyber scams, phishing, hacking and online fraud seems to be rising all the time.

Some of the other property scams to watch out for are rental property scams, fraudulent listings and phishing scams.

Here are some top tips to avoid getting caught out.

1. Don’t rush

If you receive a request that seems urgent, don’t rush. Take time to check whether an email is real, looking carefully at the sender’s email address.

2. Call to confirm

If you’re asked to change payment details, always check with the organisation using contact details you’ve previously stored, not those in the email.

Businesses should be trained to identify suspicious emails, including requests to change bank account details or emails linking to fake websites. The latter may be a phishing attack which could steal passwords and compromise account security.

3. Keep your details secure

Using strong passwords and enabling or implementing multi-factor authentication on email accounts can help prevent unauthorised access.

Scam victims should immediately contact their bank and make a police report at cyber.gov.au.