Australian conveyancing attack highlights global risk of fraud
A case from Australia has highlighted the ongoing fraud threat which the conveyancing process is so vulnerable to.
Dani Venn – a former contestant from the Australian MasterChef – discovered that $250,000 had been stolen from the proceeds of sale from her family home when her conveyancers’ account was hacked by fraudsters.
This was while it was being settled on PEXA (Property Exchange Australia) – a new online transfer system, owned by state governments and banks within Australia.
Venn’s Conveyancer, Sargeants Knox Conveyancing, was completely unaware that the sale proceeds had been transferred to a fraudster’s bank account. This was a result of the hackers accessing the electronic property transfer account of the conveyancer and simply adding themselves as another user, changing Venn’s bank details with those connected to their own account.
The PEXA system has been criticized by conveyancers, who state that proof of identity or verification is not required by additional subscribers using their account on the platform. The aim is that it will replace the current paper system of title paper exchange, which has been used in Australia for over 150 years. Electronic certificates are expected to become mandatory in Victoria later this year.
In Venn’s case, the hackers managed to break into the email accounts of the firm, enabling them to see emails from PEXA and create new accounts.
In order to prevent the conveyancers from being alerted to the addition of these user accounts, the fraudsters intercepted correspondence from PEXA, putting the firm at risk of ‘ghost accounts’ being added without their knowledge.
PEXA has since stated that it was the email accounts of the conveyancers which had been hacked, rather than its own platform.
PEXA’s acting chief executive, James Ruddock said: “PEXA has robust fraud protections and strict authentication procedures built into its platform.”
The online transfer system said that the system’s electronic key and password protection meant that it was the responsibility of the conveyancer to check and sign off on every aspect of the transaction.
Since the theft took place, it’s emerged that Venn has been able to recover half of the stolen amount. Her bank froze $138,000 of the sale proceeds before it was transferred.
The remainder, however, is “missing and it’s not recoverable,” says Venn.
She went on to criticize the platform, stating: “If they think the system is safe, then why can’t they guarantee the process like banks do and give our money back unconditionally?”
In the wake of this case and similar ones involving PEXA, the platform has faced a backlash, with reports that almost 600 conveyancers have signed a petition to delay its rollout across Australia.
Sharing her thoughts on the platform was Jill Ludwell. The Australian Institute of Conveyancers Victoria Chief Executive questioned whether the system should be made mandatory in light of these cases, stating: “The industry has been assured repeatedly by PEXA that the platform is safe and secure. These fraud incidents have only been possible because of significant security vulnerabilities.”
As well as the question mark the case puts over the security of online platforms, it also highlights the global threat which fraud poses to conveyancers, with email being the main target.
Cases like this suggest that as long as emails are accessible to fraudsters, they can effectively be used as a gateway to break into a transaction, regardless of how secure external platforms or software is.