Body Corporate and Strata Manager Fraud — The Melbourne Property Scam Hitting Owners

Melbourne's high concentration of apartment buildings, strata-titled townhouses, and mixed-use developments has created a significant concentration of body corporate and owners corporation activity — and with it, an attractive target for cybercriminals. Strata managers and body corporate committees collect levies, manage substantial maintenance funds, approve and pay for large building works, and communicate primarily by email. This combination makes them a prime target for financial fraud.

Levy Payment Interception

Criminals compromise the email accounts of strata managers or body corporate administrators — or create convincing lookalike email addresses — and send fraudulent notifications to lot owners advising of changes to levy payment bank details. In Melbourne apartment complexes with dozens to hundreds of lots, even a fraction of lot owners acting on the fraudulent instructions before the fraud is identified can result in significant total losses. Lot owners who make payments to the fraudulent account lose their money and may still face debt recovery action from the genuine body corporate for unpaid levies.

Maintenance and Building Works Fraud

Fake invoices for maintenance services — lift servicing, fire safety inspection, insurance premium, gardening, cleaning — are sent to body corporate managers who may be managing dozens of properties and processing many invoices monthly. Without careful verification, fraudulent invoices for services that appear plausible can be paid from maintenance funds. The fact that maintenance funds belong to lot owners collectively adds a layer of fiduciary responsibility to the strata manager to prevent this loss.

Major Works Payment Fraud

When a body corporate undertakes major building works — a building repaint, a roof replacement, structural repairs — the payment amounts are substantial. Business email compromise attacks targeting the communications between strata managers, builders, and committees can intercept payment instructions for these large amounts. A single modified bank account detail in a major works payment can result in losses in the tens to hundreds of thousands of dollars.

Protections for Strata Managers and Committees

Multi-factor authentication on all email accounts and management system access is essential — this prevents email compromise, which is the primary enabler of most strata fraud. A strict verbal verification policy for any change to payment details must be implemented and actively enforced. Lot owners should be educated proactively — at each AGM and in onboarding communications — that levy bank account details will never change by email alone. Any communication about changed payment details should prompt a direct call to the strata manager's known office number. IntrusionX can assist Melbourne strata management firms and body corporates with both security implementation and lot owner communications — contact us for a free consultation.

Technology Controls for Strata Management Businesses

Strata management businesses managing multiple properties should implement technology controls that reflect the volume and value of transactions they process. A dedicated accounts payable workflow that requires dual approval for payments above a threshold — one person initiates, a second approves before funds move — dramatically reduces the likelihood of successful fraud. This control is standard in corporate finance environments and is increasingly being adopted by professional services firms of all sizes. Combined with MFA on email, it creates multiple layers of verification that attackers must overcome.

Educating Your Lot Owner Community

Proactive communication with lot owners about fraud risks is an important part of a strata manager's risk management. Including a brief fraud awareness notice in AGM papers, in quarterly communications, and in onboarding documents for new lot owners — explaining that levy bank account details will never change by email alone — sets expectations that protect both lot owners and the strata manager. Lot owners who have been pre-warned are significantly more likely to call to verify before acting on any suspicious payment instruction. IntrusionX can provide security awareness resources tailored for strata management businesses and body corporates — contact us to find out more.