By Remy Forster
Recent news of scammers hacking into the software system of PEXA to divert funds from a MasterChef star have made gripping headlines, see Dani Venn: MasterChef star hacked out of $250,000.00. Cyber scams are not a new development – after all, it would be difficult to find a member of Generation Y who hasn’t heard of Nigerian princes. What has emerged over the past few years is a worrying trend of cyber scams targeting the legal arena, and specifically targeting conveyancing transactions. So far 2018 has included numerous incidents of cyber scams affecting conveyancing transactions, including Buyers transferring deposits to incorrect accounts and sale proceeds being deposited into incorrect accounts.
It is an obvious trend that cyber scams which affect law firms and their clients would most often be associated with conveyancing transactions. Conveyancing transactions are easy targets mostly due to:
- They comprise the most common legal transactions,
- They involve large sums of funds being transferred to multiple parties,
- A majority of the communication in the transactions are via email, with little telephone communication or face-to-face contact, and
- Online programs for the transactions being relatively new and still in the process of being established.
Fraudsters are now taking advantage of these risks to try to defraud clients in conveyancing transactions through a variety of methods.
The first method used by hackers is to intercept deposit payments made by Buyers to real estate agents. Hackers attempt this by accessing a real estate agent’s emails, waiting until the agent has sent their account details to a potential Buyer, and then sending a “follow up” email to the Buyer advising the original account details were incorrect and supplying alternate account details. The Buyer then transfers the deposit funds to the alternate account, not being aware that they have sent their deposit funds to the fraudster instead of the real estate agent. Cases of this fraud have emerged steadily over the past twelve months  and will no doubt continue to rise.
A second method is to intercept settlement payments made by Buyers to their legal representatives. Hackers use the same method described above, but instead access the legal representative’s emails and contact clients following the legal representative requesting their client transfer them funds for their property settlement. Incidents of clients losing funds to these instances of fraud have also increased over the past 12 months .
Finally, the third method is to intercept the disbursement of funds from a property settlement. This method is more sophisticated, and generally requires the property settlement to be settled using an online system such as PEXA. Hackers access the legal representative’s emails, use their emails to set up a new user on the representative’s PEXA system, change the entered account details for a PEXA transaction from the Sellers’ account details to the hacker’s account details, and hope that the legal representative doesn’t notice the change in account details prior to the transaction settling . Instances of this type of fraud are becoming more prominent as use of the PEXA system increases.
All three methods rely on some form of access to the emails of the real estate agent or the legal representative, and that the parties involved in the conveyancing transaction won’t verify the information they have received through a secondary method. Law firms do have a responsibility to alleviate as much of the risks with conveyancing transactions as possible by implementing the following: 
- Requiring staff to delete emails from any suspicious email addresses without opening,
- Requiring staff to use secure passwords, and to change these passwords regularly,
- Ensuring accounts for any inactive staff are deleted, and monitoring established accounts to ensure no unauthorized accounts have been set up,
- Requesting that any potential clients contact the office via telephone before being engaged for legal services,
- Warning clients of potential fraud risks, and requesting that clients telephone their office if they receive a request by email to transfer funds,
- Where possible, encouraging clients to hand over funds as cheques in place of EFTs,
- Requesting clients provide their account details on physical documents instead of emailing account details, and
- For PEXA settlements, requiring staff to not enter in client account details in advance of the settlement and to triple check the entered account details match their client’s details before signing off on the property settlement.
Unfortunately, as outlined in the above items, there is also a partial responsibility on clients in conveyancing transactions to remain vigilant throughout their transaction for potential fraud. This by no means implies that clients are entirely to blame if they are the victim of a fraudulent action, and in some cases (such as PEXA fraud), clients have limited or no actions they can complete to prevent these actions. However, for instances of fraud to decrease, all parties involved in conveyancing transactions should complete the transaction with no presumptions and with secondary verification of crucial information.
PEXA settlements are not mandatory in Queensland, and if you are concerned about your transaction proceeding via PEXA we recommend you contact your legal representative no later than 10 business days prior to settlement to request that your settlement proceed via the traditional paper settlement method. Just Us Lawyers are registered for PEXA settlements, but still conduct a majority of their conveyancing transactions using the traditional paper settlement method. For more information on how PEXA settlements work, see PEXA’s website and our previous blogs about our experiences settling through the PEXA system
 http://www.abc.net.au/news/2017-10-25/scam-targets-conveyancing-clients-in-sa/9086172 and http://www.abc.net.au/news/2017-09-19/elderly-woman-loses-more-than-half-a-million-in-property-scam/8959218