Login
iscover
Residential real estate transactions offer rich pickings for cyber criminals because email is not cyber-secure. Yet it is the default way that real estate agents, conveyancers and lawyers request payment by a property purchaser into their trust account.
Email is vulnerable because login and password details can be purloined via phishing, public Wi-Fi networks and spoofed SMS messages with malicious links.
According to the Australian Competition and Consumer Commission’s Scamwatch, payment redirection scams perpetrated via email were the second-most lucrative con of financial year 20, costing Australian victims over $227 million.
Business email compromise is insidious and effective
The usual method of business email compromise (“BEC”) sees criminals intercept a legitimate message in order to replace the trust account details with their own bank account information.
Alternatively, after a genuine email has been sent, scammers fake a follow-up email apologising for the “error” in the previous message and advising the “new” payment details.
In Australia, account-to-account bank payments routed using the BSB and account number do not confirm the name of the payee, even though this field has been filled in.
The property purchaser thinks they are making their deposit or settlement payment to a known counterparty because the email appears to be legitimate.
However, once the money hits the criminals’ bank account, it is swiftly moved offshore or into crypto, and then the account is closed. By the time the scam is uncovered, it’s often too late for the bank to recover the money, and the only recourse is to professional indemnity insurance.
To add insult to injury, the property can go back on the open market and be sold to another party.
Dollars and data are at risk
Residential property transactions are a lucrative target for two reasons.
First, the purchasers are usually private individuals relying on email communications from businesses like real estate agents, conveyancers and solicitors.
Second, the dollar value is very high, being tens or hundreds of thousands of dollars, or even more.
Additionally, the hackers don’t just steal dollars. They also steal data. Once the criminals are inside your email and shared drive, they can also access your clients’ personal information from know-your-customer checks and contracts.
This month’s Optus incident has prompted the federal government to review the nation’s data laws, indicating that fines for major breaches will form part of the government’s response. (Currently, breaching Australia’s strict privacy laws can put you and your company at risk of significant penalties — up to $2.1 million and $10 million for repeated breaches — and even jail.)
Relying on legacy systems and processes — whilst hoping it doesn’t happen to you and assuming that insurance will pay up if it does — is not a sustainable or scalable business practice.
Proptech platforms offer a cyber-secure solution
The proptech solution for this problem is a fully integrated, end-to-end transactional platform that delivers real-time transparency, secure communications, efficiency, convenience and confidence.
Software-as-a-service (SaaS) platforms are an accessible and affordable solution for real estate agents to upgrade their business processes and take advantage of the enterprise-grade cyber security that is baked in.
End-to-end solutions — or super-apps — are the future of residential real estate transactions, bringing proptech, legal tech, and fintech smarts all together in one place as a one-stop shop.
For forward-thinking agents, when pitching for project listings, it is a competitive advantage to offer the property developer the confidence of a cyber-secure process to protect both the vendor and the buyer.
Moreover, it can only be a matter of time before cyber security assurances become standard, rather than optional, with both buyers and sellers demanding it from real estate professionals.
Tony Tadros is the managing director of SaleFish AU.
You are not authorised to post comments.
Comments will undergo moderation before they get published.