Sydney-based Lewis Pentelow had secured the purchase of a $600,000 Melbourne property and was preparing to make his $50,000 deposit, as originally reported by RealEstate.com.
The initial deposit email from his conveyancer was legitimate, with the 32-year-old checking details multiple times before sending the initial payment.
However, when he paid the rest 24 hours later, he noted that the name did not match. However, the email looked legitimate with the same logo and details of sale, so he sent the rest.
“They knew all the details of when it was happening … and even though I was very cautious, I was just cautious to get the [bank account] details right,” he said.
Unfortunately, Pentelow had become a major victim of phishing.
After losing the $50,000 deposit, he no longer had the money to settle on the house, and his bank, ING, was only able to recover $1,800.
“Honestly, I thought I could get through to the bank a little bit more … My buyer’s agent was like, ‘Keep at them, keep at them’. But you just get kind of tired of it.,” he said.
“They just don’t really care that and that’s probably the worst thing.
“They’ll send emails, so I’d follow up with stuff, and they’d send like lifeline contacts or mental health stuff. And I was like, ‘Are you serious?’”
Unfortunately, in the case of a phishing scam, while a bank may do what it can to get your money back, it is not their responsibility to ensure a full return. The individual is responsible for sending money to the right place.
“ING has strong verification, fraud‑monitoring and recovery processes, and we act quickly when notified of suspected fraud,” an ING spokesperson told RealEstate.com
“Like all banks, recovery outcomes depend on how rapidly scammers move funds and whether other institutions can return them.”
While Pentelow is hoping that the loss will be covered under conveyancer insurance, this would require proving that his system had been compromised. While it is unclear how the scammers attained the details of the sale, the phishing email is not proof of a compromise, but just of social engineering.
Pentelow managed to settle on the house after loaning money from a friend, and is now paying them back.
With real estate phishing scams on the rise, ING launched a new Confirmation of Payee (CoP) system in October 2025, which flags any discrepancies in the transaction details to block phishing and other scams.
“The banks have to have that feature [now] because it’s happened so much apparently,” said Pentelow.
“So it’s kind of annoying that if it was six months later, it wouldn’t have happened.
“Or if I was just with a different institution, it wouldn’t have happened.”
What can buyers do to prevent getting caught in a phishing scam?
For those looking to buy a property soon, the best thing that can be done is repeated verification. Verify that you are speaking to your conveyancer every single time you communicate.
Ideally, this means in-person conversations that ensure that no distant scammer is listening and intercepting. Make payments in person if possible.
When in-person interactions aren’t possible, verify all contact information and keep an eye out for any mistakes. These can be as small as using a different but similar looking character, even swapping out an a for an ɑ, or using ascii characters to write ä or more. Differences can be subtle.
Double and triple check email addresses, phone numbers and other details to ensure they match the ones found on the firm’s website and in previous communications that can be verified as legitimate.
Use secure payment platforms that can be easily tracked and returned in the case of a scam. If you do identify that you have been scammed, contact the bank immediately to give them the best chance of recovery.
Don’t make any upfront payments when possible, and if a situation seems too good to be true, assume it is.
In situations like this, scammers are almost exclusively motivated by financial gain, and do not target individuals based on anything else. They work on urgency, pressuring their victims, and aim for a path of least resistance. They want easy money.
It is also worth having two-factor authentication (2FA) on all accounts possible. If you have an account with your real estate agent or conveyancer, enable 2FA to ensure that even if a scammer gets your details, they can’t login to your accounts.
Daniel Croft