An international cybercrime investigation is underway into a sophisticated scam network that left a Western Australian man half a million dollars out of pocket when criminals sold his Perth investment property using stolen credentials.
The man, Roger Mildenhall, had been overseas for more than a year when his neighbour informed him that a house of his had been put on the market and was in the process of being sold. Mildenhall then found out that another property of his had already been sold in June.
Mildenhall rushed home and action was taken to stop him losing a second property. The crimes were reported to the police last Friday.
The thieves, believed to be Nigerian, had enough information on Mildenhall to satisfy regulatory requirements.
State, federal and overseas police agencies will investigate the complex scam, which is considered the first of its kind in Australia. It is alleged scammers had stolen Mildenhall's email account and personal and property documents to sell the houses and funnel cash into Chinese bank accounts.
Police will only confirm that the scam had occurred, but the office of the Consumer Protection Commissioner said that the hacked email account was previously used by the owner to communicate with the property manager who was also the property selling agent.
Real Estate Institute of Western Australia (REIWA) spokesperson Brian Greig said that the transactions were made via email, telephone and fax, without "interpersonal connections" with the legitimate owner.
"Agents report an increasing trend that more and more transactions are done without face-to-face interaction, particularly with overseas and interstate buyers," Greig said.
"Until Friday, there were enough checks and balances to mitigate fraud.
"It is clear it was a sophisticated outfit that scammed the owner, the real estate agent, the settlement agent, the banks, and more importantly and critically, the Department of Land Administration (DOLA)."
Western Australia's Real Estate and Business Agents Supervisory Board (REBA) and Settlement Agents Supervisory Board are also conducting an investigation into the incident, and have issued email warnings to all licensees in the state calling for vigilance on real estate transactions.
The Consumer Protection Commissioner Anne Driscoll has called for real estate agents to ensure that the identity of selling agents is known.
"The matter is being fully investigated. It is important that every phase of the sale and transfer process that was undertaken in this instance is reviewed, to ascertain what went wrong. This no doubt will give some clarity about what should [or] could have been done to prevent it," Driscoll said.
"Separate to this issue, work is being done to develop standards for proposed electronic conveyancing systems. A key area of work is to establish a robust Client Identify Verification Standard."
Greig said the real estate agent involved in the scam followed due process. He added that anticipated reforms to identity checks for property owners wishing to sell would have likely failed to catch the scammers.
"They had a comprehensive understanding of how transactions take place and of the legal processes ... If they are sophisticated as they seem to be, identity checks will not be enough — they can forge them."
He said the "reasonable steps" required and taken by the selling agent are "flawed".
It is understood the real estate agency did not request a 100-point identity check and was not required to do so.
WA Police has confirmed an international investigation has been launched involving cybercrime and gumshoe policing and would not name agencies involved in the investigations.
The police did not rule out if the scammers had links to the man.
A request for comment has been lodged with the REBA and the Consumer Protection Commissioner on whether the identity verification process will be reformed in the industry.
The attack comes a month before National Identity Fraud Awareness Week in which the government aims to reduce the prevalence of scams.