Cybercriminals are becoming increasingly sophisticated and are successfully gaining access to real estate office computer systems as well as legal offices, with the goal of uncovering conveyancing activities.
These cybercriminals find conveyances in progress and then try to divert money to their own accounts.
Millions of dollars from many different clients have been funnelled off into the criminals’ bank accounts and never recovered.
They do this by impersonating:
- the agent and emailing the client asking them to transfer deposit funds to a fraudster’s account (sometimes the “new or updated” account);
- the law firm and emailing the client to divert settlement funds,
- the client and asking the agent or solicitor to pay “their money” to an account which is fraudulent.
In many of these cases the innocent party has no idea what is happening because the fraudster is hiding email communications from the impersonated party.
The risk is that conveyance transactions will fall over if funds are not available.
What can you do?
Do – Call (not email) all clients and warn them to not transfer funds based on electronic disbursement instructions purportedly from your office or any other party without first calling you (on a separately verified number) to confirm details.
Do – Make sure you update your client engagement process to warn new clients to not transfer funds based on electronically received details and to always call your office (on a separately verified number) to confirm the details.
Don’t – Transfer any funds from your office (EFT or direct banking) before you confirm directly with clients (by phone call) any instructions received electronically purporting to be from them (because their systems are also being attacked) regarding the disbursement or receipt of funds.
Don’t – Open email attachments from unknown sources and especially don’t click on links from unknown sources as this may give the fraudster control of your system.