SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Australian real estate agents & buyers targeted in email hacking scam

Mon, 19th Feb 2018
FYI, this story is more than a year old

Real estate agents and home buyers in Victoria are being targeted in a possible email hacking scam that has caused losses of more than $200,000 so far.

Consumer Affairs Victoria says that agents and buyers should take extra precautions to ensure that their money transfers are secure.

The hacking scam appears to target real estate agents' email accounts. These are then being used to send emails with instructions for home buyers to deposit funds into an incorrect banking account.

A similar scam was also spotted in South Australia last year. The scam left two home buyers $900,000 out of pocket. One Perth woman also lost $557,000 to hackers after they used the same technique.

According to buyers in Victoria, they received an email with a contract of sale and trust account details for a deposit payment to a selling agent.

Shortly afterwards, the buyers then received a second email from the same email address. The email says there was an 'error' in the first email and buyers should deposit their money into a different account.

"If you have purchased a home and receive an email from the estate agent with trust account details to make payment, call the agent or visit them in person to verify that the email is legitimate," comments Consumer Affairs Victoria director of consumer affairs Simon Cohen.

The second email may be the work of scammers who are siphoning money into accounts not connected to the real estate agent.

""As the scammers could have hacked into the client's or the agency's email server, it may appear genuine so we recommend that the change is confirmed with a phone call to the agency's previously known number to verify if the request is authentic. Don't reply to the email or use any numbers provided in the email as you could be communicating with the scammers," explains the Government of Western Australia's Department of Mines, Industry Regulation and Safety.

"It's believed the hacking may have occurred as a result of accessing email accounts via public Wi-Fi and consumers and industry professionals are cautioned about the dangers of using your email on open networks such as these when arranging important transactions.

Cohen adds that buyers must be careful and carefully check before depositing funds.

"Be very suspicious if you receive a second email telling you to make payment into another account, even if it is from the same email address.

"We also strongly encourage estate agents, and all businesses, to regularly review and secure their online systems to avoid these situations.

Consumer Affairs Victoria offers the following tips to spot potential scams:

  • consider setting up a two-step verification process with your email accounts.
  • change your passwords and other verification details regularly
  • delete spam messages without opening them
  • do not share your email address online unless you need to.

Any businesses or individuals who believe they have been tricked into paying money into the wrong account are urged to contact their bank immediately.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X