PEXA warning as NSW conveyancing fraud funds end up in Thailand

PEXA warning as NSW conveyancing fraud funds end up in Thailand
Staff reporterDecember 7, 2020

The Masterchef conveyancing fraud has put the PEXA conveyancing system in the spotlight.

It involved missing funds for a Mornington Peninsula purchase by the celebrity chef Dani Venn.

But PEXA was warned all clients of the new conveyancing system that the past fortnight has seen similar breaches in less publicised conveyancing matters.

While the PEXA system has not been breached, the contributing legal and estate agency parties appear highly vunerable under emerging e-conveyancing system.

PEXA suggest the fraudster appears to have gained access to a subscriber’s email account and intercepted a change of password email allowing them to change the subscriber’s password. This then allowed them to create a new user account which gave them access to the workspace where they changed the bank account details that had already been entered.

When the subscriber returned to the workspace to complete the transaction they did not notice the account details had been changed and the transaction was completed with money transferred to the wrong account.

Property Observer understands there were two further serious frauds in May.

One was in mid-May, when a client lost about $700,000, and the other on May 31 when a client lost more than $1 million.

"It concerns me when Pexa claims the Masterchef scam story was/is one of a few 'isolated incidents'," a Sydney legal agent familiar with the frauds advised. 

He saw an amount of $672,000 scammed in a May 14 settlement on a $750,000 property sale. 

When no moneys were deposited in bank accounts by the 18th, the conveyancer realised the bank account details she received (ANZ,CBA,NAB) were not the same as the bank accounts that had been emailed to her, which were three NAB accounts. 

PEXA was immediately notified by the solicitor, then PEXA notified all banks to freeze the fraudulent bank accounts where $672,000 was deposited and distributed over the three unknown bank accounts.

The moneys in the CBA and NAB fraudsters accounts were not withdrawn with the funds now frozen.

This totalled $508,000.

The red tape the solicitor and the conveyancer have been going through with these banks to date "has been unbearably tedious, slow, lethargic and unprofessional to say the least."

The CBA advised the solicitor that the case was the first scam incident since PEXA introduced the electronic settlement system a few months ago.

CBA advised the bank was in the process of setting up internal procedures to protect/deal with, from potentially future such incidences, using this case as their prototype in their new system.

Accordingly they will only release the frozen moneys back to the vendor when they finish this process.

The fraudsters ANZ account had $165,000 deposited, but all these funds have been withdrawn over four transactions and transferred to accounts in Thailand.

Of these funds, $39,000 has since been recovered by the ANZ and returned to the solicitor's trust account.

The ANZ says they were not able to retrieve the rest, "end of case, end of story as far as they are concerned."

After the CBA and NAB finally reimburse/return the frozen funds, the vendor will be $126,000 short of the total $672,000 settlement moneys.

It is possible the conveyancer's computer was not necessarily the only one hacked or in fact where the hacking originated from.

"Frantically and immediately trying to find out where things went wrong," an IT expert scoured through emails and computer, and discovered, in the raw data of the emails that both the conveyancer's and real estate agent emails requesting the bank account details for settlement funds had both been hacked.

It was found the hacker's email addresses embedded in their emails.

"This hacker's email address is also being programmed so that when the reply button to these email requests (from both real estate and conveyancer) emails are redirected/diverted to the hackers email address, they in turn change the account details, keep the body of the email intact as the original email and forward it onto the conveyancer and real estate agents as though the emails are sent from the law agents, "so we are all, none the wiser."

The deposit funds saved from the hackers arose because the office receptionist was away and the real estate agent couldn't get into the computer.

Instead the bank account details were sent via sms, and the moneys were promptly deposited into the correct account on settlement day.

"Had the office girl been at work that day, the $65,000 would have been destined to yet another of the hackers bank accounts," they concluded.

All this was reported to the police fraud dept on May 19, but the vendor was told, verbally and over the phone, "to let it roll with/via the solicitors and if I still have a problem after that, to come back to the Police."

These funds were destined for nursing home requirements.

Editor's Picks