SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Email Security
#
Banking
Australian real estate agents & buyers targeted in email hacking scam
Mon, 19th Feb 2018
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Real estate agents and home buyers in Victoria are being targeted in a possible email hacking scam that has caused losses of more than $200,000 so far.

Consumer Affairs Victoria says that agents and buyers should take extra precautions to ensure that their money transfers are secure.

The hacking scam appears to target real estate agents' email accounts. These are then being used to send emails with instructions for home buyers to deposit funds into an incorrect banking account.

A similar scam was also spotted in South Australia last year. The scam left two home buyers $900,000 out of pocket. One Perth woman also lost $557,000 to hackers after they used the same technique.

According to buyers in Victoria, they received an email with a contract of sale and trust account details for a deposit payment to a selling agent.

Shortly afterwards, the buyers then received a second email from the same email address. The email says there was an ‘error' in the first email and buyers should deposit their money into a different account.

“If you have purchased a home and receive an email from the estate agent with trust account details to make payment, call the agent or visit them in person to verify that the email is legitimate,” comments Consumer Affairs Victoria director of consumer affairs Simon Cohen.

The second email may be the work of scammers who are siphoning money into accounts not connected to the real estate agent.

““As the scammers could have hacked into the client's or the agency's email server, it may appear genuine so we recommend that the change is confirmed with a phone call to the agency's previously known number to verify if the request is authentic. Don't reply to the email or use any numbers provided in the email as you could be communicating with the scammers,” explains the Government of Western Australia's Department of Mines, Industry Regulation and Safety.

“It's believed the hacking may have occurred as a result of accessing email accounts via public Wi-Fi and consumers and industry professionals are cautioned about the dangers of using your email on open networks such as these when arranging important transactions.

Cohen adds that buyers must be careful and carefully check before depositing funds.

“Be very suspicious if you receive a second email telling you to make payment into another account, even if it is from the same email address.

“We also strongly encourage estate agents, and all businesses, to regularly review and secure their online systems to avoid these situations.

Consumer Affairs Victoria offers the following tips to spot potential scams:

  • consider setting up a two-step verification process with your email accounts.
  • change your passwords and other verification details regularly
  • delete spam messages without opening them
  • do not share your email address online unless you need to.

Any businesses or individuals who believe they have been tricked into paying money into the wrong account are urged to contact their bank immediately.

Related stories
Avocado Consulting expands partnership with CyberArk
Australian firms struggle with connectivity failures & security threats
Can misconceptions derail the effectiveness of operational resilience?
Mako boosts defence against cyber attacks with Radware's protection services
Appdome, Atlassian to automate secure mobile app delivery
Top stories
Check Point boosts email security with new AI-powered features
SentinelOne makes it to CRN's inaugural AI 100 list
Upwind fortifies Cloud Security Platform with identity security
Genetec unveils Security Center SaaS for cloud & hybrid deployments
IBM strengthens cyber resilience alliance with Cohesity