Wednesday, 7 February 2018

Cyber scammers targeting Australian real estate sector:

Fake invoices being sent out by scammers posing as agents

Byron Connolly (CIO)06 February, 2018 16:19

Cyber scammers have figured out that the Australian real estate industry is a potential gold mine for social engineering attacks, according to Alex Tilley, a senior security researcher at SecureWorks.

Tilley, who was also formerly a senior technical analyst at the Australian Federal Police, told CIO Australia that fake invoices are being sent out by scammers posing as real estate agents and law firms asking for payment from a customer. He said many victims are not realising they have been scammed until the actual invoice from the agent comes through.

Tilley said it was an increasing problem but could not provide a figure on the number of agencies that had been affected. He said scams started getting more common in Australia in the last half of 2017 but had been going on for a couple of years overseas.

In 2016, an LG Hooker agency in Kallagnur in Queensland was the victim of a cyber scam when a property manager opened an email purporting to be from an energy retailer. Once opened, malicious ransomware was executed, which brought down the agency’s 30 computers and a server.

Last October, two property buyers in South Australia lost almost $1 million after falling victim to scammers using bogus email details to pose as conveyancers.

CIO Executive Council member profile: Daniel Pettman, CIO, BaptistCareMore from CIO Executive Council

“Crooks are going to where the money is and have figured out there’s a lot of money involved in real estate transactions and [cyber] protections that are placing on them aren’t exactly top notch,” said Tilley. “They [crooks] get in the middle of transactions and take the invoices. The [real estate] industry isn’t ready for it.”

Tilley said there have been a “couple of cases” where scammers gain access to emails through Outlook and it was only due to bad spelling that agents knew something was wrong.

“Somehow crooks gain access to the email addresses of real estate agents who are using only single factor authentication. They get access and will typically wait for 30 days or so for the logs to roll and start reading the emails to figure out which deals the agent or conveyancer is involved in. They will figure out the timing of the deal and inject themselves into the email chain purporting to one person or another,” he said. “The first thing you know, you’re getting an email saying you have breached your contract because the money has not been sent.”

Tilley said like banks, real estate agents and conveyancers are great targets because they transfer large amounts of money at any one time.

No comments:

Post a Comment

Perth’s popular Beaufort Street strip is battling to survive

Josh Zimmerman and Caitlyn RintoulThe West Australian Sunday, 2 June 2019 2:00AM Astor Arcade owner Bruno Zimmermann.Picture: Ian Munro Pr...