Buying a House? Selling a House? Be Protected Online

Home / Blog / Buying a House? Selling a House? Be Protected Online

Residential property is Australia’s largest asset class – today, the sector is worth more than $8 trillion1. It’s a vital pillar of our nation’s economy, particularly as we seek to rebuild and recover from the disruption caused by COVID-19.

With the significant finances involved in the purchase or sale of a property, unfortunately, real estate agents, legal practitioners and homebuyers and sellers alike are a natural and popular target for potential cyber criminals.

This is a trend which has been confirmed by the Australian Cyber Security Centre (ACSC).

“The ACSC has observed a growing trend of cybercriminals targeting the property and real estate sector to conduct business email compromise (BEC) scams in Australia.

“Cybercriminals will impersonate parties to a property transaction and insert illegitimate bank details for settlement or rental payments. Victims assume this request is legitimate and will unknowingly send payment to the cybercriminal’s bank account.” a recent statement said.

The ACSC’s Annual Cyber Threat Report for 2020-21 revealed that BEC is one of the top five categories of cybercrime. Average reported losses increased by 54 per cent compared to the previous financial year.

Financial impact

According to the Australian Competition and Consumer Commission (ACCC)’s Scamwatch, in 2020, $176 million was lost to scams in Australia. The total number of reported scams also rose 23.1% year-on-year to a total of 216,089.

Additionally, in its latest Targeting Scams report, business email compromise was the number one contributor to financial losses within Australia – costing organisations $132 million in 2019.

How to navigate this risk

All parties involved in the buying and selling of property should be vigilant when communicating via email, particularly during deposit or settlement periods. The ACSC recommends to:

  • Verify payment details: If any party to a property transaction says they have updated their bank details, take extreme care to confirm these changes are legitimate. Remove email from the equation by calling the sender’s established phone number, meeting them face-to-face, or corresponding through PEXA Key before transferring any funds.
  • Secure your email account: Knowing cybercriminals will attempt to access systems through compromised passwords, it is recommended that individuals and businesses enable multi-factor authentication on email accounts and use strong passphrases to help prevent unauthorised access.
  • Be aware: Learn to identify suspicious emails, including requests to change bank account details or emails linking to fake websites. The latter may be a phishing attack which could capture passwords and compromise account security.
  • Update your software and devices: Cybercriminals hack devices using known weaknesses in systems or apps. Updates contain security upgrades to fix these weaknesses. Regularly update your software and devices to stay secure, including email servers if you have them.

For more cyber security advice, visit the ACSC’s website at