27 June 2018

Real estate cyber security threats on the increase

Australia’s transition to an electronic system of exchanging property and the rise in cyber criminals targeting residential property transactions means that the Australian real estate sector may be facing a cyber security crisis, according to international insurance broker Gallagher.

Australia is midway through the shift from the 150-year-old paper-based Torrens Title System of exchanging property to electronic certificates. The electronic exchange of property will become mandatory in VIC in October 2018, and in NSW in July 2019.

However, recent high-profile breaches of the national Property Exchange Australia (PEXA) security protocols have highlighted the threat sophisticated cyber criminals bring to buyers and conveyancers.


Fairfax media reported in June that cyber criminals have been able to set up new user accounts in the PEXA system after first hacking conveyancing firms’ emails and then intercepting notification emails from PEXA. These ‘ghost users’ can then alter bank details during settlement to misappropriate funds from home owners.

Once such incident saw a Melbourne family lose $250,000 from the settlement of their house to cyber criminals. Although more than half was frozen by the banks, a figure in excess of $100,000 was non-recoverable, jeopardising the family’s planned move to the Mornington Peninsula. A few weeks earlier, a similar technique was used to misappropriate more than $1 million from a Melbourne home owner during the settlement period.

PEXA has, however, denied any claim of negligence with acting Chief Executive James Ruddock stating: “PEXA has robust fraud protections and strict authentication procedures built into its platform.”

The daily cyber threat to real estate agents is also on the up, according to business technology news website ZDS, who cite that cyber criminals are increasingly targeting residential property transactions by hacking into agents’ email accounts and providing altered bank account details to allocate funds to fraudulent accounts.

It all adds up to a virtual headache for the real estate sector, says John Apter, a specialist real estate insurance broker from Gallagher.

“We have thousands of real estate agent clients across Australia and we’ve certainly noticed increasing incidences of cyber-related claims being made against them,” he said.

“Phishing emails have become a daily challenge for most agencies, as fraudulent emails blend in with high volumes of online queries. These constant attacks inevitably lead to human error, such as clicking a link in an unsolicited email and releasing malware or a Trojan virus into the business network. This is incredibly easy to do, but can be extremely disruptive to business operations, and can be costly in terms of lost revenue brought about by an inability to trade.

“We’ve also seen examples of ‘social engineering’, whereby fraudsters access agency owners’ email accounts and issue false invoices to colleagues urging immediate payment, with money being directed to fraudulent accounts. This threat is certainly on the increase, so real estate agents should be extremely wary.”

Apter urged business owners across the real estate sector to ensure all staff are made aware of the growing risk of cyber security breaches and to educate them on what to do in the event of a breach.

“Cyber insurance should also be considered as part of your overall approach to cyber security,” Apter added. “It’s a highly relevant and cost-effective product, which addresses a very real and growing threat. Although cyber policies don't typically cover social engineering incidents, these can be covered through an additional policy endorsement, and we recommend at least considering this, too. 

"Although cyber insurance won’t in itself stop breaches from happening, it can help compensate your business for any lost income brought about by cyber attacks, or liability costs related to loss of customer data.”

Connect with an expert

Further reading

Cyber insurance

Do I need cyber-liability insurance?

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312