Story image

Australian real estate agents & buyers targeted in email hacking scam

19 Feb 2018

Real estate agents and home buyers in Victoria are being targeted in a possible email hacking scam that has caused losses of more than $200,000 so far.

Consumer Affairs Victoria says that agents and buyers should take extra precautions to ensure that their money transfers are secure.

The hacking scam appears to target real estate agents’ email accounts. These are then being used to send emails with instructions for home buyers to deposit funds into an incorrect banking account.

A similar scam was also spotted in South Australia last year. The scam left two home buyers $900,000 out of pocket. One Perth woman also lost $557,000 to hackers after they used the same technique.

According to buyers in Victoria, they received an email with a contract of sale and trust account details for a deposit payment to a selling agent.

Shortly afterwards, the buyers then received a second email from the same email address. The email says there was an ‘error’ in the first email and buyers should deposit their money into a different account.

“If you have purchased a home and receive an email from the estate agent with trust account details to make payment, call the agent or visit them in person to verify that the email is legitimate,” comments Consumer Affairs Victoria director of consumer affairs Simon Cohen.

The second email may be the work of scammers who are siphoning money into accounts not connected to the real estate agent.

““As the scammers could have hacked into the client’s or the agency’s email server, it may appear genuine so we recommend that the change is confirmed with a phone call to the agency’s previously known number to verify if the request is authentic. Don’t reply to the email or use any numbers provided in the email as you could be communicating with the scammers,” explains the Government of Western Australia’s Department of Mines, Industry Regulation and Safety.

“It’s believed the hacking may have occurred as a result of accessing email accounts via public Wi-Fi and consumers and industry professionals are cautioned about the dangers of using your email on open networks such as these when arranging important transactions.”

Cohen adds that buyers must be careful and carefully check before depositing funds.

“Be very suspicious if you receive a second email telling you to make payment into another account, even if it is from the same email address.”

“We also strongly encourage estate agents, and all businesses, to regularly review and secure their online systems to avoid these situations.”

Consumer Affairs Victoria offers the following tips to spot potential scams:

  • consider setting up a two-step verification process with your email accounts.
  • change your passwords and other verification details regularly
  • delete spam messages without opening them
  • do not share your email address online unless you need to.

Any businesses or individuals who believe they have been tricked into paying money into the wrong account are urged to contact their bank immediately.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.