Cyber Security and Fraud Risks in Electronic Settlements

Written by George Mihailidis

Cyber security issues and fraud are becoming more prominent with electronic settlements and one of the key risks for the national electronic conveyancing system (“NECS”) and property practises. Professional associations and insurers have warned many within the profession (for years) of the increased risk of fraud and the safeguards and professional obligations that are necessary for the management of cyber security.

The issue at hand is foreseeable, but may be difficult to tackle, and  law practices and clients that stumble into fraudulent dealings or issues may be harmed in areas such as economic loss and reputational damage. The following are examples of factors that are leading to increased risks in cyber security and fraud:

1. Changed payment procedures from cheques to EFT (for example, breaches such as misappropriation of funds by someone entrusted with managing them, or simply human error in the input of details);
2. Use of the internet (information breaches such as passwords, identity details, malware, ransomware, distributed denial of service attacks, man-in-the-middle attacks, brute force, credential stuffing etc.); and
3. Use of emails (email breaches such as phishing, social engineering etc. ). [1]

Victoria’s online real estate settlements depend on email and internet platforms, which raises cybersecurity concerns. To interfere with systems like PEXA, hackers may use malware, weak passwords, or denial-of-service attacks. Users may be tricked into divulging credentials or sending settlement money to criminals by phishing and social engineering emails.

ELECTRONIC SETTLEMENTS

The NECS is operated by Property Exchange Australia Limited (“PEXA”) and is used to settle property transactions online. Generally, anything that occurs online comes with a variety of cyber security and fraud risks, especially noting the fact that the same are conducted using either;

1. General or trust accounts linked to PEXA; or
2. Financial institutions subscribed to PEXA.[2]

CYBER SECURITY RISK

One of the most common cyber security threats within the legal industry is email compromise and the same occurs every single day. Scammers or hackers will mimic the parties involved in an electronic settlement transaction such as the conveyancer, solicitor or real estate agent and gain access to information that is confidential. For example, in Sydney, a couple had unknowingly transferred the amount of $970,000.00 to a scammer during what they believed was a routine settlement. [3]

The consequences of such breaches of cyber security cause a harmful impact on all parties involved in the electronic settlement and the same include:

1. Economic loss for the purchaser(s);
2. Data breaches and loss of sensitive personal/financial information;
3. Disruption of settlement processes;
4. Reputational harm to the conveyancers and solicitors.

FRAUDULENT RISK

These consequences repeat with every different type of threat in electronic settlements.

Fraudulent threats also occur almost daily. An example of a fraudulent threat is an insider threat such as employees or individuals who have a privileged access to information and take advantage of that information to commit fraudulent acts in property settlement. Individuals can alter data, grant access to third-parties, or leak or amend confidential information.

SAFETY

PEXA security experts and the Australian Cyber Security Centre (“ACSC”) recommend the following practices to deter such risk of cybersecurity and fraud in electronic settlement:

1. Using secure communication platforms (for example: PEXA key app to safely exchange bank account information);
2. Never trusting unsolicited email instructions for payments (verifying change in payment details through independent channels, telephoning relevant parties rather than using an email);
3. Attention to detail (double-checking email addresses, being cautious with any emails that convey urgency, secrecy or pressure to act immediately);
4. Protecting personal data and accounts (not providing confidential or financial information to unfamiliar or unverified requesters, ensuring email account has a strong username and two-factor authentication to prevent hackers, antivirus software and email spam filters etc.); and
5. Acting quickly if a mistake or breach is suspected (contacting the relevant authority immediately such as the bank to recall, freeze funds or PEXA).[4]

REGULATORY BODIES

There are many regulatory bodies in Australia that focus on the risks of cybersecurity and fraud in electronic settlements such as:

1. Australian Securities and Investments Commission (“ASIC”);
2. Australian Prudential Regulation Authority;
3. Office of the Australian Information Commissioner (“OAIC”); and
4. ACSC.

LEGISLATION

There are two main pieces of legislation that enforce the matters raised in this article:

1. Cyber Security Act 2024 (Cth)[5]; and
2. Criminal Code Act 1995 (Cth)[6].

Both of the acts stated above relate to enforcing the laws concerned with cybercrime and fraud, this includes electronic settlements. Divisions of the Criminal Code Act 1995 (Cth) such as Division 477 and Division 478 deal with serious computer offences and other computer offences.

CONCLUSION

Fraud and cybersecurity breaches in electronic settlements are now common concerns that must be managed appropriately. Property transactions are now much more efficient thanks to the move to online platforms like those run by PEXA, but there are and will always be unavoidable risks.

Data breaches, insider misconduct, email compromise, and financial misdirection show how easily a routine settlement can turn into serious financial and reputational harm.

Severe loss of economic value has long term negative effects. For example, it can cause clients to suffer financially without recourse for their losses.

It is the responsibility of practitioners to:

1. Establish safe and appropriate verification methods;
2. Utilise secure means of transmitting information;
3. Remain up to date in regard to staff education and training.

Vigilance is required when dealing with electronic transfers. It’s important to appropriately assess and forward plan security measures to mitigate risk.  

The dangers of electronic transfers and cyber-enabled fraud in electronic transactions are now highlighted in a substantial and expanding body of publicly accessible data. Both practitioners and clients must be more aware of these risks in order to take the necessary safety measures. If you have any questions or concerns about these types of risks, do not hesitate to reach out to us at JHK Legal.

---

1                      ‘Cyber threats are now a key risk for property practices ’, PEXA (Web Page) https://www.pexa.com.au/content-hub/eight-reasons-why-cyber-threats-are-now-a-key-risk-for-property-practices/.

[2]             ‘Electronic settlement of property transactions’, Consumer Affairs Victoria (Web Page) https://www.consumer.vic.gov.au/licensing-and-                    registration/conveyancers/running-your-business/electronic-settlement-of-property-transactions.

 

3                      ‘Safeguarding Your Property Settlement: Awareness and Prevention of Scams’, PEXA  (Web Page) https://www.pexa.com.au/staticly-media/2025/08/Scam-Awareness-White-paper-final-sm-1756101694.pdf.

4                      ‘Safeguarding Your Property Settlement: Awareness and Prevention of Scams’, PEXA  (Web Page) https://www.pexa.com.au/staticly-media/2025/08/Scam-Awareness-             White-paper-final-sm-1756101694.pdf.

[5]                       Cyber Security Act 2024 (Cth)

[6]                       Criminal Code Act 1995 (Cth)