ARTICLE
5 December 2024

Condominiums And New Technologies: How To Mitigate Risk Of Fraud

MT
Miller Thomson LLP

Contributor

Miller Thomson LLP logo
Miller Thomson LLP (“Miller Thomson”) is a national business law firm with approximately 500 lawyers across 5 provinces in Canada. The firm offers a full range of services in litigation and disputes, and provides business law expertise in mergers and acquisitions, corporate finance and securities, financial services, tax, restructuring and insolvency, trade, real estate, labour and employment as well as a host of other specialty areas. Clients rely on Miller Thomson lawyers to provide practical advice and exceptional value. Miller Thomson offices are located in Vancouver, Calgary, Edmonton, Regina, Saskatoon, London, Waterloo Region, Toronto, Vaughan and Montréal. For more information, visit millerthomson.com. Follow us on X and LinkedIn to read our insights on the latest legal and business developments.
Over the past few years, the condo industry has seen a surge in the availability and use of new technologies.
Canada Real Estate and Construction

Over the past few years, the condo industry has seen a surge in the availability and use of new technologies. A board member in 2019 would likely have been surprised to see an upcoming Annual General Meeting scheduled on Zoom or contractor payments needing to be approved through an online payment platform.

Fast forward five years, and the use of remote services and virtual meetings has become commonplace. This shift has brought many advantages, from increasing owner engagement in virtual meetings to making board members' routine tasks easier to complete.

With the surge in technology, however, new risks have emerged. One significant area of risk is posed by the combination of the rising popularity of artificial intelligence ("AI") and the proliferation of phishing emails and so-called deepfake fraud.

A deepfake involves the alteration of audio or video to impersonate someone and spread misinformation. While deepfakes are commonly associated with attacks on major political figures and celebrities, advancements in AI have enabled bad actors to create deepfakes quickly and easily. This increased accessibility has expanded the use of deepfakes from the political sphere into the business world, and as AI and other technologies continue to advance, creating deepfakes will only become easier.

Larger condominiums can have budgets in the millions of dollars per year, making it easy to imagine a scenario in which a bad actor attempts to defraud a condominium corporation or property management provider.

Consider, for instance, a situation where a condominium corporation is undertaking a major renovation of its underground parking garage. One of the signing officers or the property management provider receives urgent emails, purportedly from the contractor, XYZ Construction, stating that a payment must be re-directed to a subcontractor to prevent work from being stopped the next day.

Aware of the importance of the project proceeding and avoiding the additional costs of a work stoppage, the board member uses an online payment platform to approve the payment.

The Board member has, however, been the subject of a fraud scheme that, while involving multiple steps, was easily executed by a bad actor. The condominium corporation's property manager was the subject of a phishing attack that gave the bad actor access to the property manager's email account and login credentials for the condominium corporation's online payment platform. The email claiming to be from the contractor did not originate from an @xyzconstruction email address, but rather from the subtly altered @xyzconsrtuction address.

As deepfake technology becomes more accessible and easy to use, bad actors may incorporate additional elements to their fraud schemes in the future, such as a manipulated voice note that adds a further air of reality to the fake payment scenario.

Fortunately, there are simple yet effective steps that board members and property managers can take to reduce the risk of their condominium corporation becoming the target of fraud, including but not limited to the following:

  • Take additional steps to verify the source of information. For example, if a request is received by email, verify that request through a phone call.
  • Be suspicious of any requests that come out of the blue and are expressed urgently.
  • Avoid acting unilaterally. If a request is made to a single board member, add all other board members to the email and ensure no action is taken until the entire board has reviewed and approved it.
  • Require at least two board members to sign cheques (perhaps with an additional layer of vetting or approval from property management for higher amounts).
  • Carefully review email addresses, especially if a request is marked as urgent or something seems off. Urgency should ring alarm bells for board members and property management providers.
  • Establish a liaison or designated point of contact with external third parties, typically through property management.
  • Be aware of the various forms phishing attacks can take, from email and text messages to manipulated voice notes or voicemails.

The recent changes and uptake in the use of technology have many benefits for the condominium industry, but care must be exercised to ensure that these new technologies do not become an opening for fraudulent activity.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More