realestatebusiness logo

Breaking news and updates daily. Subscribe to our Newsletter!

Home of the REB Top 100 Agents
Breaking news and updates daily. Subscribe to our newsletter

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Alert issued as property payment scams increase

By Staff Reporter
03 September 2021 | 1 minute read
Alert issued as property payment scams increase

Property-related business email compromise scams are on the rise, with the potential for serious harm, prompting a new government alert to the real estate industry and consumers.

According to the Australian Cyber Security Centre (ACSC), cybercriminals are now targeting the property and real estate sector to conduct business email compromise scams.

Triaging the concern as “medium”, the ACSC is urging all parties involved in the buying, selling, and leasing of property to be vigilant when communicating via email – especially during settlement periods.


It highlighted that the trend “has potential for significant financial harm”.

In a business email compromise – or BEC for short – cybercriminals “pose as a legitimate business to send fraudulent emails to their customers or clients”.

Property-related BECs are seeing those cybercriminals unlawfully gain access to emails or impersonate businesses to deceive individuals attempting to buy, sell, or lease property.

According to the ACSC, cybercriminals will impersonate parties to a property transaction (such as real estate agents or conveyancers) and insert illegitimate bank details for settlement or rental payments.

When victims assume this request is legitimate, they will unknowingly send payment to the cybercriminal’s bank account.

The ACSC has warned how successful BECs may go unnoticed for weeks at a time – until businesses follow up on missing payments.

The cyber security centre also outlined that fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies – simply by swapping out letters or adding additional characters.

It warned that yet other cybercriminals will create email addresses with Gmail, Yahoo, or Outlook, using the legitimate business name.

“At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal,” the ACSC raised.

Areas of most concern

“All parties involved in the buying, selling, and leasing of property should be vigilant when communicating via email, particularly during settlement periods,” ACSC flagged.

Therefore, this advice applies to real estate agents, conveyancers and lawyers, mortgage lenders, and any clients of these businesses.

ACSC has noted that the scammers are placing particular focus on impersonating conveyancing lawyers and communicating with their clients.

But they aren’t the only ones – cybercriminals are also singling out mortgage lenders in order to intercept property settlements.

ACSC is urging settlement agents and lawyers to be extra wary of updating bank account details – particularly before updating Property Exchange Australia (PEXA).

The Cyber Security Centre explained that when cybercriminals impersonate a property seller and request their bank details to be updated, settlement agents using PEXA will change these details in the system.

It reported: “PEXA remains secure yet the new bank account details are fraudulent, resulting in the buyer sending funds to the cybercriminal’s bank account.”

How to stay safe

While maintaining vigilance on the issue of business email compromise is vital, the ACSC has provided a number of recommendations to individuals and businesses who are transacting real estate.

These are outlined below:

1. Verify payment details
If any party to a property transaction notifies you they have updated their bank details, the ACSC instructs taking extreme care. Confirm any changes by calling the sender’s established phone number or meeting them face-to-face before transferring any funds.

2. Training and awareness
Staff must be trained on the identification of suspicious emails, including requests to change bank account details or emails linking to fake websites. The latter may be a phishing attack, which could capture passwords and compromise account security.

3. Secure your email account
With the knowledge that cybercriminals will attempt to access systems through compromised passwords, all individuals and businesses should be implementing strong passphrases on any accounts.

Where possible, enable or implement multi-factor authentication on email accounts to help prevent unauthorised access.


Alert issued as property payment scams increase
laptop cyber reb 1
lawyersweekly logo


May 09, 2022

REB Top 50 Women in Real Estate 2022

REB is thrilled to present the Top 50 Women in Real Estate 2022 ranking, which sets t ... LEARN MORE

May 04, 2022

REB Top 100 Agents 2022

Now in its second decade, the REB Top 100 Agents 2022 rankings are the most revered s ... LEARN MORE

May 02, 2022

REB Top 50 Agents NSW 2022

Even a pandemic has not put the brakes on the unstoppable property market in NSW, whi ... LEARN MORE

April 27, 2022

REB Top 50 Agents VIC 2022

The COVID-19 crisis has not deterred the property market in Victoria, which has been ... LEARN MORE

April 25, 2022

REB Top 50 Agents QLD 2022

As the property market continues to roar in Brisbane and Queensland, the REB Top 50 A ... LEARN MORE

Coming up

rankings rankings
Do you have an industry update?

top suburbs

12 month growth
Bawley Point
Walla Walla
Byron Bay
Kiama Heights
South Hobart
Lennox Head
Subscribe to Newsletter

Ensure you never miss an issue of the Real Estate Business Bulletin.
Enter your email to receive the latest real estate advice and tools to help you sell.