Why Australian property and real estate CISOs need to be on high alert

Cybercriminals are increasingly targeting settlement agents and lawyers to intercept property settlements. Technical safeguards are only part of the defense—arguably harder is managing the human element.

melbourne australia houses suburb real estate shutterstock 1058323847
Shuang Li/Shutterstock

Property-related scams are rising in Australia, the Australian Cyber Security Centre (ACSC) recently warned. Cybercriminals are targeting all parties in the real estate sector, particularly during the settlement phase. With transactions involving large sums of money, potentially running into millions of dollars from house sale transactions, there’s a lot at risk.

Paul Haskell-Dowland, associate dean for computing and security at Edith Cowan University, has investigated invoice fraud for ABC News and is also the Australian country representative on the security and privacy committee with the International Federation for Information Processing. He says when it comes to a property settlement, people have an inherent belief in payment instructions and just act upon it. “What we need to do is change that practice and have an independent verification of every single transaction,” he tells CSO Australia.

It’s cybersecurity issue with a human face to it. “We see an email and believe it and the processes,” Haskell-Dowland says. “Even if the settlement agent can be shown to be culpable—and in those cases maybe there is a financial case and that will probably come out of their insurance policies—the fact is there’s still a cost to all of this. And it will ultimately be borne by increased settlement costs to sellers and buyers. It will always be the individuals who will suffer because these costs have to be passed on,” he says.

The ACSC advises settlement agents and lawyers to be wary of updating bank account details, particularly before updating Property Exchange Australia (PEXA), the online platform for property transactions. Cybercriminals impersonate a property seller and request their bank details to be updated, leading settlement agents to introduce these fraudulent details into the PEXA system. “PEXA remains secure, yet the new bank account details are fraudulent, resulting in the buyer sending funds to the cybercriminal’s bank account,” the ACSC says in its advisory.

How people become the fault in the system

To continue reading this article register now

Microsoft's very bad year for security: A timeline