According to the Australian Competition and Consumer Commission’s Targeting Scams Report 2019[1], Australians lost over $634 million to scams in 2019.
Scarily for the legal profession and our clients, business email compromise scams accounted for the highest losses in 2019.
Frequently this occurs through email ‘spoofing’. Spoofing was defined in the US case of Kavaly v Ebay inc. as “the practice of disguising a commercial email to make the email appear to come from an address from which it actually did not originate”.[2]
With the increasing use of technology in the legal profession and its involvement in important transactions such as the sale and purchase of property, attention to the realm of cybercrime and email spoofing is becoming increasingly important for both those in the industry and our clients.
A case heard as recently as April 2020 in the New South Wales Supreme Court has highlighted how important it is to be wary of email spoofing and its ramifications.[3]
This article discusses the case of Deliginnidou v Sundarjee, the key lessons clients should be aware of and what to do if you fall victim to a scam.
The facts:
The case of Deliginnidou v Sundarjee involved a purchaser who was buying a residential property in Sans Souci, NSW – a suburb in Sydney’s South.
In February, the purchaser and vendor exchanged contracts which were in the standard form. Critically, the contract stated that the deposit was payable by cash of up to $2000 or by cheque. The contract further mandated that the deposit was to be paid in two instalments:
- A holding deposit; and
- the remaining $54, 600 by 12 February 2020.
The contract did not permit payment by electronic funds transfer (EFT).
On 31 January 2020, Kathy (a representative of the Agent), sent an email stating that if the purchaser wanted to secure the property, then the holding deposit of $1,400 should be paid electronically into the Agent’s trust account. The Trust Account details were provided, and the purchaser paid the holding deposit via EFT transfer.
On 7 February, Kathy sent an email to the purchaser requesting the remainder of the deposit -$54,600- be transferred electronically into the Trust Account before 12 February 2020. The Agent’s correct Trust Account details were included in this email.
On 9 February, the purchaser received another email which appeared to have been sent by Kathy. The email again requested electronic payment of the remaining $54,600 into a nominated bank account. However, this email was fraudulent and the BSB and account number were not the Agent’s. The fraudster had managed to hack the Agent’s computer and send the email, undetected.
The email chain looked identical to the previous email correspondence, all with the exception of the bank details. Unknowingly, the purchaser complied with the hacker’s email and transferred $54,600 to the fraudster.
It took two days for the Agent to realise the deposit had not been transferred into the correct Trust Account and the incident was reported to the police.
Just over a month after the matter was reported to police, the vendor’s served a Notice to Terminate the Contract because the $54,600 deposit balance had not been received by the vendor or the agent.
The purchasers began proceedings in the Supreme Court to stop the vendors from terminating the contract. Specifically, the purchasers sought interim relief restraining the vendors from dealing with the property. From the purchaser’s perspective, the deposit had been paid in accordance with the agent’s request and they had fulfilled their side of the bargain.
The outcome?
The Supreme Court found that the vendor was entitled to terminate the contract. The court affirmed the proposition that appointment of a real estate agent does not authorise the agent to bind the vendor to terms with the purchaser. This means that the Agent did not have the authority to direct how the deposit should be paid when it was in a way that was inconsistent with the contract. This conclusion was fatal to the purchaser’s application. The vendors did not receive the deposit and they were therefor entitled to terminate the contract.
The key take-aways for clients:
- Do not take emails at face value- even if they appear to be legitimate;
- Understand the terms of your contract and ensure you are complying with the contract when you pay any deposit monies. Do not obey any request for payment of money that is inconsistent with the contract, even if the Agent requests you do so.
key information for conveyancers:
In addition to ensuring you and your clients understand and follow the above advice, make sure you are using the PEXA Key app. It offers a more secure way to communicate bank account details by removing the risks that are associated with sending these details by email.
For more information visit: https://www.pexa.com.au/pexa-key
If you do get scammed – what next?
If you believe you have transferred money to a fraudster’s account, the first step is to report this to your bank immediately – the quicker you report the incident the better chance you have of recovering the money.
If you are a conveyancer and the transaction is associated with PEXA, contact PEXA support immediately on 1300 084 515 or email [email protected]
If you are a business who has been defrauded, contact your insurer.
You should also report the incident to the Australian Cyber Security Centre via https://www.cyber.gov.au/acsc/report and contact the police.
In the event that the bank is unable to recover the money and you require advice on whether anyone else is liable to pay back the funds, seek legal advice.
More information:
If you require more information on keeping yourself or your business safe online and what to do if you are a victim of a cybercrime visit:
https://www.scamwatch.gov.au/ – for how to recognise, avoid and report scams.
https://www.accc.gov.au/publications/the-little-black-book-of-scams – to read through the Australian Competition and Consumer Commissions “Little Black Book of Scams”.
You can also follow @scamwatch_gov on Twitter and subscribe to Scamwatch radar alerts to receive up to date advice about how to avoid the latest scams impacting the community.
For conveyancers and other legal professionals, regularly check PEXA’s Security Updates page via https://community.pexa.com.au/t5/Security-Updates/bd-p/Security-Updates
Please note the above information is general in nature and is not legal advice. If you need legal advice regarding a scam, please contact our experienced team.
[1] Australian Competition and Consumer Commission. 2020. Scams Cost Australians Over $630 Million [online] Available at: https://www.accc.gov.au/media-release/scams-cost-australians-over-630-million [Accessed 7 January 2021].
[2] 254 F.R.F. 71, 91 n. 34 (E.D.N.Y 2007).
[3] Deliginnidou v Sundarjee [2020] NSWSC 437
