The holiday season is fast approaching and it’s the busiest period for property settlements. At PEXA, we typically see a sharp volume increase in the weeks leading up to the end of the year. This is due to the desire for people to get into their new homes before we all take some well-deserved downtime. However, you may not realise that all the excitement increases the chances of basic mistakes, creating a perfect opportunity for cyber-criminals to swoop in like the Grinch and ruin everyone’s Christmas.
The end of the calendar year is equal to, and in some cases, busier for settlements than the financial year-end. We take every precaution to ensure the security and availability of the PEXA platform during this time. Unfortunately, fraudsters know that the weak link in the chain lies elsewhere and will do everything they can to break it.
In 2023 alone, the prevalence of ‘settlement fraud’, which is where scammers target real estate, has put over $28 million of Australian home buyers’ funds at risk – and these are just the cases that were reported to PEXA – with close to $2 million unrecoverable by the banks and law enforcement. This is an increase from what was observed in 2022 of over 600%. You would think the situation would improve with increased attention to fraud and cyber safety in Australia. However, simple mistakes and a lack of shared accountability towards cyber risk create an environment where fraudsters continue to win.
How are the bad guys still winning?
The basics of cyber hygiene are still not sinking in despite increased awareness from all levels of government and the private sector. When PEXA assists members with recovering funds after they have fallen victim to fraud, we observe the following common themes:
- Business email compromise (BEC) or email phishing remains at the top. Fraudsters compromise a practitioner or client’s email and pose as them. Providing incorrect settlement fund details, often at the eleventh hour or during busy periods.
- Insecure business practices that rely on communication that cannot be trusted, such as email or text messages. Coupled with a failure to confirm new account details received via these methods.
- Lack of education and awareness around scams for all parties in a settlement.
- Cyber criminals are getting smarter and bolder. They do their research and know the right time to strike. They also leverage multiple forms of communication, including email, SMS, and phone calls.
What can we all do to help?
Cybercrime is not going anywhere. That does not mean we cannot increase our collective resilience as an industry. As such, you can start taking a few measures right now to do your part.
- Get your basic cyber hygiene right everywhere. Whether it be at work or home. This includes strong and unique passwords, multi-factor authentication everywhere, antivirus on all devices and installing software updates quickly.
- Stop using insecure communication methods to exchange sensitive information such as settlement bank accounts. Consider offering your customers the PEXA Key application, as it provides a secure communication path for details directly into workspaces.
- Triple-check and confirm all details regardless of your communication method. Educate your staff on the need to call your clients and recheck any changes to a settlement. No matter how small or insignificant they may seem.
- Act quickly and notify the authorities and PEXA if you feel you have been the victim of cybercrime relating to a settlement. It is a race against the clock to limit the damage and recover funds.
- Educate yourself, staff, and clients on the risks. Ensure everyone understands the red flags so they can raise the alarm when something seems wrong. The Australian Government offers valuable resources on their website.
Now is the time for everyone to start paying attention to the threat of cybercrime. It impacts every Australian and is rising within the property industry at an alarming rate. Making it harder for criminals to succeed is everyone’s job, from the highest level of government to the smallest small businesses.
If you have any questions or require any support relating to a cyber-related matter impacting clients and their ability to settle via PEXA, please do not hesitate to contact our fabulous member support team who are always willing to help.
Written by David Willett
As PEXA’s Chief Information Technology Security Officer, David leads PEXA’s security strategy and operational capabilities that ensure the availability, confidentiality and integrity of PEXA and customer data. David is a regular speaker at various cyber security industry events, most recently the 2023 NAB Small Business Australia conference and the 2023 AISA Australian Cyber conference.
In his own time, David is studying an undergraduate degree in Creative Writing at Curtin University and enjoys podcasting and creating video content.
