Be alert for real estate and settlement agent impersonators
Property buyers and sellers need to be suspicious of any email appearing to be from their real estate or settlement agent asking for a payment of money or advising of a change in bank account details. This could be the work of scammers.
Payment redirection scams involve email accounts being hacked or cloned, followed by requests for money. The scam particularly targets victims who may be expecting a message like this and are less likely to question it.
Also known as a ‘man in the middle scam’, payment redirection takes place when scammers change the bank account so the money ends up being transferred into the wrong account.
Property transactions are prime targets for this scam due to the often large amounts of money involved.
People working in the industry and consumers involved in buying or selling property need to be extra vigilant when acting on payment requests.
How the scam works
- The people behind this scam hack into email accounts and get information about financial transactions underway between sellers or buyers and real estate or settlement agents.
- The scammers may appear to take control of the business' email address or create a new, almost identical, email address that is difficult to distinguish from the original.
- Using the new email address, the scammers try to get the parties to pay the funds from the transaction into alternative bank accounts under their control.
How to protect yourself when buying or selling a property
- Verify the sender of emails requesting payments or changing bank account details by checking that the email address is genuine.
- Call the sender to confirm the authenticity of the request and the account details, using previously known contact numbers or independently find out with an internet search or go to their website for contact information.
- It is vitally important not to use contact details contained in the email as they may be fake and put you in touch with the scammers.
- When responding to emails, use the forward button instead of reply and manually type the address or select it from your address book.
- If possible and if a large amount of money is involved, go to the trader’s store or office to personally verify the details before completing the transfer or hand over a bank cheque.
- Consider setting up multi-factor authentication on all your online accounts such as email, bank and social media. More information including how to set it up is available on the Australian Cyber Security Centre website.
Steps real estate and settlement agents can take to manage the risk
- Avoid using generic email addresses such as Gmail and Yahoo.
- Use a business-grade, hosted email service that includes quality filtering to block dangerous emails, spam, phishing and malicious content or attachments.
- When responding to emails, use the forward button instead of reply, and manually type or select the address from your address book. This will help you make sure you’re communicating with the right person.
- Establish a system for clients to double-check that payments are being sought by the agency.
- If a client sends an email confirming a payment has been made, immediately check to ensure it was made to the correct bank account.
- If an attachment comes in an unusual format like ".zip" or the email asks you to follow a link to a file hosting site, this should be a red flag. If the sender is known to you, call them and double-check the email is from them.
Real stories reported to WA ScamNet
March 2021 - $375,000 loss
Scammers have stolen about $375,000 intended to fund the aged care costs of a 102 year old woman. The woman’s grand-daughter, who has enduring power of attorney, was organising the transfer of the funds from her grandmother's home sale to the aged care home through a settlement agent. Scammers intercepted email communications between the grand-daughter and the aged care facility and sent a bogus email purporting to be the nursing home advising of a change of bank account details for the transfer. The grand-daughter sent these bank account details along with instructions to the settlement agent. When settlement occurred, the proceeds of $374,251 were transferred to the scammers’ bank account in Sydney. The grand-daughter also sent a top-up payment of $749 which was later retrieved, but so far not the larger amount. NSW and WA police are investigating. See full media statement Scammers steal $375,000 intended for 102 year old’s aged care costs on the DMIRS website.
January 2020 - $133,000 loss
A Thornlie couple’s dream of buying their first home in Australia has been shattered after scammers stole almost $133,000 after cloning the settlement agent’s email address. The scammers sent a payment request to the victim that included bank account details. The email address was almost the same as the settlement agent’s, except one letter was added and the .au had been removed. Not realising this, the victim transferred payments as requested. After receiving an additional payment request, the victim contacted his mortgage broker and discovered he had been scammed. The bank could not retrieve the funds. See full media statement Dream of home ownership shattered after $133,000 scam theft on the DMIRS website.
December 2019 - $70,000 loss
Home and business buyers as well as real estate and settlement agents in WA are urged to be on high alert after two payments totalling $70,000 meant for a Perth settlement agent were stolen by scammers. The scammers had cloned the settlement agent’s Yahoo email address, and sent a payment request to the buyer of a business. The email contained details of a bank account controlled by the scammers and, believing it was a genuine email from the agent, the buyer paid the money as requested. See full media statement Alert issued after scammers steal $70,000 by cloning a settlement agent email on the DMIRS website.
March 2017 - $200,000+ scam attempt interrupted
Astute property buyers in Mandurah have thwarted an attempt by scammers to steal more than $200,000 from the settlement of a local property. The buyers received an email purporting to be from their settlement agent asking them to deposit the funds into a bank account in order to finalise the settlement of a house purchase. They noticed that the email address was slightly different from the original one being used, so they queried the request with their settlement agent direct who confirmed it was a fake email. See full media statement Attempt by scammers to steal $200,000 from property settlement on the Commerce website.