Crims use hacked email to steal house

Crims use hacked email to steal house

Summary: An international cybercrime investigation is underway into a sophisticated scam network that left a Western Australian man half a million dollars out of pocket when criminals sold his Perth investment property using stolen credentials.

TOPICS: Security

An international cybercrime investigation is underway into a sophisticated scam network that left a Western Australian man half a million dollars out of pocket when criminals sold his Perth investment property using stolen credentials.

WA Police car

(WA Police image by Nachoman-au, CC BY-SA 3.0)

The man, Roger Mildenhall, had been overseas for more than a year when his neighbour informed him that a house of his had been put on the market and was in the process of being sold. Mildenhall then found out that another property of his had already been sold in June.

Mildenhall rushed home and action was taken to stop him losing a second property. The crimes were reported to the police last Friday.

The thieves, believed to be Nigerian, had enough information on Mildenhall to satisfy regulatory requirements.

State, federal and overseas police agencies will investigate the complex scam, which is considered the first of its kind in Australia. It is alleged scammers had stolen Mildenhall's email account and personal and property documents to sell the houses and funnel cash into Chinese bank accounts.

Police will only confirm that the scam had occurred, but the office of the Consumer Protection Commissioner said that the hacked email account was previously used by the owner to communicate with the property manager who was also the property selling agent.

Real Estate Institute of Western Australia (REIWA) spokesperson Brian Greig said that the transactions were made via email, telephone and fax, without "interpersonal connections" with the legitimate owner.

"Agents report an increasing trend that more and more transactions are done without face-to-face interaction, particularly with overseas and interstate buyers," Greig said.

"Until Friday, there were enough checks and balances to mitigate fraud.

"It is clear it was a sophisticated outfit that scammed the owner, the real estate agent, the settlement agent, the banks, and more importantly and critically, the Department of Land Administration (DOLA)."

Western Australia's Real Estate and Business Agents Supervisory Board (REBA) and Settlement Agents Supervisory Board are also conducting an investigation into the incident, and have issued email warnings to all licensees in the state calling for vigilance on real estate transactions.

The Consumer Protection Commissioner Anne Driscoll has called for real estate agents to ensure that the identity of selling agents is known.

"The matter is being fully investigated. It is important that every phase of the sale and transfer process that was undertaken in this instance is reviewed, to ascertain what went wrong. This no doubt will give some clarity about what should [or] could have been done to prevent it," Driscoll said.

"Separate to this issue, work is being done to develop standards for proposed electronic conveyancing systems. A key area of work is to establish a robust Client Identify Verification Standard."

Greig said the real estate agent involved in the scam followed due process. He added that anticipated reforms to identity checks for property owners wishing to sell would have likely failed to catch the scammers.

"They had a comprehensive understanding of how transactions take place and of the legal processes ... If they are sophisticated as they seem to be, identity checks will not be enough — they can forge them."

He said the "reasonable steps" required and taken by the selling agent are "flawed".

It is understood the real estate agency did not request a 100-point identity check and was not required to do so.

WA Police has confirmed an international investigation has been launched involving cybercrime and gumshoe policing and would not name agencies involved in the investigations.

The police did not rule out if the scammers had links to the man.

A request for comment has been lodged with the REBA and the Consumer Protection Commissioner on whether the identity verification process will be reformed in the industry.

The attack comes a month before National Identity Fraud Awareness Week in which the government aims to reduce the prevalence of scams.

Topic: Security

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It doesn't mention. Since it was theft and fraud he will of course get his stolen property back right?
  • And when was the agent going to get suspicious?? A Chinese bank account - email and fax communication!! This land agent is just too greedy by half. I trust that the owner takes the land agent civily as well. Just bizarre - this is not an Internet scam, this is a greedy agent ...
  • Since the sale of first property, and attempted sale of the second were both fraudulent he shouldn't have any real problem with legally retaining both properties.

    The big issue is for the person who bought the 1st property. Presumably they had nothing to do with the scam, but now face the fact that the home they bought ISN'T theirs and that they'll have to move out. The true owner may have to fight to get the scammed buyers out of the place though....

    Given the nature of the scam you can bet the banks and agent will be doing their best to wash their hands of all responsibility. A very thorough investigation will be needed to determine who, if anyone, is going to wear the cost of this scam.
    Scott W-ef9ad
  • The buyers of the first house are allowed to retain the house under Australian federal law. This law is designed to protect innocent third parties who are not responsible for questionable practices or illegal activity. They conducted a transaction in good faith and are not to be held accountable or fiscally responsible for the action.

    The gentleman in question, Mr. Mildenhall, will be compensated from a fund set aside by the government to settle the dispute. This fund is financed through the Australian public, who will be wearing the new coat.
  • You're quite right.

    The agent knew he was away, having previously been in contact with the owner. Given the greed of certain real estate agents and the customers they tend to deal with I'm sure the authorities will find that's where things went wrong.

    I suspect you'll find a very strong Chinese connection between the agent and the scammers they dealt with.
    Scott W-ef9ad
  • So Mr Mildenhall now has to satisfy the government as to how much his house was worth, which may not necessarily be reflected by the scam sale price.

    Would he have any recourse against the agent? Even if they operated in good faith, I find it hard to believe the transaction could have been completed without any signatures. As the agent reportedly had prior dealings with Mr Mildenhall it would be reasonable to assume they already had his signature on file and should have been able to verify it against the sale of the 1st house, which would be a wise thing to do....
    Scott W-ef9ad
  • If Mr Mildenhall had been in the habit of e-mailing scans of signed documents to the agent, then the scammers could have trawled his mail account for something with a signature. Cutting it out of an existing document and pasting it into the a new one is not exactly rocket science.
  • Having dealt in land transfers for many years, I ask: Who was holding the Certificate of Title? Who "witnessed" the vendor's ORIGINAL signature on the Transfer? Who prepared the Contract, and witnessed the vendor's ORIGINAL signature?

    Regardless of the electronic conveniences used, it doesn't take a law degree to figure out that people on BOTH sides of the transaction were involved in the scam.
  • Having a law that "protects innocent 3rd parties" when they buy what amounts to stolen goods seems like a bad idea. If the purchaser loses some/all of their money when stolen property is reclaimed and returned to the original owner, then purchasers have an incentive to make sure they are purchasing legally-obtained goods from a legit seller. Australian law seems to encourage everyone to remain as ignorant of the circumstances as possible, so that they can buy things on the sly. How does Australian law allow for the purchaser to keep the goods? Here in the U.S., the seller of stolen goods would be considered to have no legal right to sale, consequently the seller's contract with the purchaser would be invalid, regardless of whether the money was returned.
  • Privacy issues usually apply to the ability to check sellers when using a real estate company. This protects the real estate company from a buyer attempting to cut out the agency. This also means that the buyers must trust that the real estate agency has done its homework with identity and legitimacy checks. In this case the State did not require a 100 pt check, and seemingly, the false seller did meet all other requirements according to at least two of the other media stories presented. This included copies of the signature, which must be witnessed by a Notary Public. I would laugh at anyone who states that a Notary Public's seal could not be forged, or that an operation as organized as this one would not be able to fake it. Given that the real estate company was given documents from a seemingly "legit seller" and all other information was "verified" they acted on the sale. In this case, the seller is unaware of the "stolen" goods and is not maliciously attempting to hock them off the back of the truck.

    Once the point of sale has occurred, the buyer then relies on the conveyancing lawyers to verify documents. This is actually where I find the biggest issue, as I firmly believe that someone did not do the homework they were paid to do. I believe that the owner would have just cause to argue that the law firm would be at fault for the verification of the documents and potentially seek damages.
  • No infact your completely wrong the Real Estate Agent had/or has no connections with China and considering Mr Mildenhall lived in South Africa all the time sending signed documents through email and fax this is completely plausible. Nor is this a greedy agent, these are all assumptions that are made by people such as yourself.
  • The problem is the electronic titles, the whole point of indefeasibilty of titles, unlike the old deed system is that you don't have to check under the "skirt" to make sure you are getting what you paid for. I look at the title as long as it looks ok on the surface (mirror principle) I am not expected to go back through past titles or look into the bona fides of the seller. The register is everything. If someone does not register or note there interest on the title, tough! It does not exist. Not sure on your statute but in NZ the only way you don't get title is "Fraud". ( Person taking title has constructive/actual/should have known/Nelsonian blindness etc.. knowlege , lawyers get paid to help argue this point.)
    The State guarantees your title, surely it's up to the state to guarantee the security
    of the system that looks after the register.
  • I checked my accounts last night and found I could not enter into anyone of them. Finally a facebook post helped me. That comment took me here and I found the solution:
    Peter Couch