Story image

Australian real estate agents & buyers targeted in email hacking scam

19 Feb 18

Real estate agents and home buyers in Victoria are being targeted in a possible email hacking scam that has caused losses of more than $200,000 so far.

Consumer Affairs Victoria says that agents and buyers should take extra precautions to ensure that their money transfers are secure.

The hacking scam appears to target real estate agents’ email accounts. These are then being used to send emails with instructions for home buyers to deposit funds into an incorrect banking account.

A similar scam was also spotted in South Australia last year. The scam left two home buyers $900,000 out of pocket. One Perth woman also lost $557,000 to hackers after they used the same technique.

According to buyers in Victoria, they received an email with a contract of sale and trust account details for a deposit payment to a selling agent.

Shortly afterwards, the buyers then received a second email from the same email address. The email says there was an ‘error’ in the first email and buyers should deposit their money into a different account.

“If you have purchased a home and receive an email from the estate agent with trust account details to make payment, call the agent or visit them in person to verify that the email is legitimate,” comments Consumer Affairs Victoria director of consumer affairs Simon Cohen.

The second email may be the work of scammers who are siphoning money into accounts not connected to the real estate agent.

““As the scammers could have hacked into the client’s or the agency’s email server, it may appear genuine so we recommend that the change is confirmed with a phone call to the agency’s previously known number to verify if the request is authentic. Don’t reply to the email or use any numbers provided in the email as you could be communicating with the scammers,” explains the Government of Western Australia’s Department of Mines, Industry Regulation and Safety.

“It’s believed the hacking may have occurred as a result of accessing email accounts via public Wi-Fi and consumers and industry professionals are cautioned about the dangers of using your email on open networks such as these when arranging important transactions.”

Cohen adds that buyers must be careful and carefully check before depositing funds.

“Be very suspicious if you receive a second email telling you to make payment into another account, even if it is from the same email address.”

“We also strongly encourage estate agents, and all businesses, to regularly review and secure their online systems to avoid these situations.”

Consumer Affairs Victoria offers the following tips to spot potential scams:

  • consider setting up a two-step verification process with your email accounts.
  • change your passwords and other verification details regularly
  • delete spam messages without opening them
  • do not share your email address online unless you need to.

Any businesses or individuals who believe they have been tricked into paying money into the wrong account are urged to contact their bank immediately.

Ransomware infection? Here’s how you control the damage
Ransomware has evolved to be more sophisticated and targeted, and remains a threat to businesses of all sizes.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Don’t let your network outgrow your IT team
"IT professionals spend less than half of their time at work optimising their networks and beefing it up against future security threats."
Three access management trends making waves in APAC
Consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.