Protecting your property transaction from cyber fraud

 

The Australian Institute of Conveyancers NSW (AICNSW) and its members are committed to ensuring the safety and integrity of property transactions across NSW. Given conveyancing transactions involve the transfer of a significant property asset and sums of money, it is a prime target for sophisticated domestic and international cybercriminals.

To protect yourself, it is essential that you understand why your Licensed Conveyancer follows strict security protocols, and cooperate with their recommendations and help keep all avenues of communication secure.

Why your conveyancer won’t email bank details

Payment redirection fraud is a common scam whereby a cybercriminal intercepts an email between the parties in a transaction and substitutes information or sends the client a fake email “at just the right time” to avoid suspicion.

Unfortunately, with increasingly sophisticated software, you will not necessarily see a dodgy “From:” address.  Where an email has been intercepted (and it can be through the account of anyone involved in a transaction) the fraudster may alter the bank account details in the message or an attached invoice, redirecting your money go into the fraudster’s account. AICNSW members have reported several examples/instances of this.

Another example is where a Revenue NSW Stamp Duty invoice attached to an email has been altered by changing the payee account details and removing the BPAY details.

AICNSW members are advised to follow strict security standards, which means:

• they will not send you bank details via a standard email, and
• may use secure platforms (for example, PEXA Key) to communicate any sensitive information,

If you receive an email that appears to be from your Licenced Conveyancer asking for money or providing new bank details, treat it as suspicious until you have verified the information in it.

The “Verify Before You Transfer” Rule

Cybercriminals can “spoof” email addresses, a technique where a sender forges the “From:” address in an email to make it appear as though it came from your Licensed Conveyancer’s real email address.

They can even set up “diversion rules” within intercepted mailboxes so you will never see the real emails coming from your Licensed Conveyancer.

Before you transfer any funds for a deposit, stamp duty, or settlement:

• always pick up the phone – call your Licensed Conveyancer on a known, trusted number (from their website or your original engagement letter),
• verbally confirm the Account Name, BSB and Account Number – the banking industry has recently introduced Payee Verification protocols where the receiving account name on the transfer must match the account name on the receiving account. If there is any discrepancy, please cancel the transfer and consult your Licensed Conveyancer. It is better to be a little late than to lose your funds entirely!
• stay cautious – while many banks are adopting these protocols, you should never rely on them as your only line of defence. The “verify before you transfer” phone call remains your most important step,
• only use verified phone numbers – never rely on a phone number printed at the bottom of a suspicious email, it may lead straight to the fraudster.
  
  

Secure Your Email Account

Scammers often target a client’s email account because it is usually less secure than a professional firm’s system. Free email services (such as Hotmail, Bigpond, Yahoo, Outlook, Gmail etc.) are frequently compromised.

To protect your email account, we recommend that you consider:

• enable Multi-Factor Authentication (MFA/2FA) – ensure every one of your online accounts requires a second code (sent to your mobile) for logging in. This is your best line of defence against a stolen password
• be wary of Phishing – scammers send “phishing” emails to trick you into clicking links or downloading malicious malware that tracks/watches your activity,
• avoid public Wi-Fi – never log into your email or bank account using public Wi-Fi (like at a café or airport) during your property transaction.

 

Trust your Licensed Conveyancer’s Caution

If your Licensed Conveyancer insists on a phone call or refuses to accept a bank change via email, they are doing so to protect your money.

Cyber fraud is becoming more prevalent and fast-paced, with devastating impacts that can be financial, emotional and deeply personal. If you have any concerns about a suspicious request you have received, please contact your Licensed Conveyancer immediately.

Some Important Resources/links for the Public

• Report a Cybercrime: ReportCyber (Australian Federal Police)
• Check for Scams: Scamwatch (ACCC)
• ID Support: ID Support NS