Will Clinton and Jessica Greentree fell victim to an email impersonating their solicitor’s office as they entered the settlement phase of buying their first home.

They transferred tens of thousands of dollars to the account listed in the missive, unaware it was a “mule” account scammers used to redirect their funds.

It was a devastating blow to the couple after scrimping to buy a property, having forgone holidays and even going as far as sharing a meal when they rarely ate out.

“It was devastating,” Ms Greentree told The Project.

“Will had contacted me while I was at work, I just went into tears. It was just devastating that a year and a half worth of savings, just gone in an instant.”

Mr Clinton said finding out they’d been scammed was “gut-wrenching”, while his partner added it was “probably the worst day of our life”.

There were no “red flags” in the fateful email, according to Mr Clinton, who said all the details all matched up.

“We thought everything was legit, because they had all our details, the correct price, the correct address,” he said.

“And the email had the letterhead down the bottom. It had everything.”

Ms Clinton said they had spoken with the real-life solicitor the previous day, who had told the couple they would be in contact about paying the deposit.

“And then it was the next day that we received that email. So we thought, you know, everything lined up perfectly,” she told the Channel 10 program on Sunday.

What has added insult to injury is the fact their bank, Macquarie, has offered just $500 as a goodwill payment for the loss.

Banks do not always cover scam losses, arguing those who transfer funds to dodgy accounts have technically authorised the transactions.

“We’re the victims of the cyber crime and they’re saying that we authorised the transaction,” Mr Clinton said.

“But nobody in their right mind would authorise a transaction to somebody that is posing to be someone else.

“We just thought that was disgusting … just couldn’t even fathom that as a response to our issue.”

The couple were able to drop the upfront house deposit from 10 per cent to five per cent, allowing them to still buy the home “using pretty much every cent we had”.

They’ve now put renters in the property to allow them to pay off the mortgage while they financially recover.

Residential property is Australia’s most valuable asset class, with Forbes in March valuing it at $10.4 trillion.

Professor Richard Buckland, a cyber security expert at the University of NSW, told The Project rackets targeting home buyers are highly lucrative for scammers.

Some of them are impersonating Property Exchange Australia (PEXA) – the official platform for property settlements – to trick unsuspecting purchasers.

“Millions of dollars in a transaction are available if the attacker gets it right, so they’re highly incentivised,” Professor Buckland said.

“PEXA scams are costing over a million dollars a year. It’s millions and expected to grow.”

He said some scams started with real estate agents of conveyancers being tricked into handing over sensitive data, their details, allowing fraudsters access to target victims.

“It’s a complex thing that goes wrong in a complex way,” Professor Buckland said.

“We should be thinking ‘who’s able to fix this?’

“And there it’s clearly the banks and PEXA themselves.”

In 2022, PEXA issued a warning over cyber criminals targeting the housing sector “in droves” – with the data and money on offer “placing a sizeable target on the industry”.

The body used examples of a Western Australian woman swindled out of $732,000 and a Sydney couple who lost $1 million in September 2021.

Its chief information security officer, David Willett, said at the time people should not take chances with such important data and money exchanges.

More Coverage

Company collapses, customer deposits gone

Alex Turner-Cohen

‘Desperately behind’: Worst state for housing

Blair Jackson

“Do not use email as a channel for exchanging bank account details as part of settlement. This is simply not a secure way to communicate this incredibly sensitive information – and places you at a greatly heightened risk of a cyber-attack.

“The inherently safer method is to verbally confirm bank account details over the phone or in-person.”

Scamwatch reports Australians have lost $159.8 million to scams in 2024 alone, with the majority coming in investment frauds.