Wednesday, 7 February 2018
Cyber scammers targeting Australian real estate sector:
Fake invoices being sent out by scammers posing as agents
Byron Connolly (CIO)06 February, 2018 16:19
Cyber scammers have figured out that the Australian real estate industry is a potential gold mine for social engineering attacks, according to Alex Tilley, a senior security researcher at SecureWorks.
Tilley, who was also formerly a senior technical analyst at the Australian Federal Police, told CIO Australia that fake invoices are being sent out by scammers posing as real estate agents and law firms asking for payment from a customer. He said many victims are not realising they have been scammed until the actual invoice from the agent comes through.
Tilley said it was an increasing problem but could not provide a figure on the number of agencies that had been affected. He said scams started getting more common in Australia in the last half of 2017 but had been going on for a couple of years overseas.
In 2016, an LG Hooker agency in Kallagnur in Queensland was the victim of a cyber scam when a property manager opened an email purporting to be from an energy retailer. Once opened, malicious ransomware was executed, which brought down the agency’s 30 computers and a server.
Last October, two property buyers in South Australia lost almost $1 million after falling victim to scammers using bogus email details to pose as conveyancers.
CIO Executive Council member profile: Daniel Pettman, CIO, BaptistCareMore from CIO Executive Council
“Crooks are going to where the money is and have figured out there’s a lot of money involved in real estate transactions and [cyber] protections that are placing on them aren’t exactly top notch,” said Tilley. “They [crooks] get in the middle of transactions and take the invoices. The [real estate] industry isn’t ready for it.”
Tilley said there have been a “couple of cases” where scammers gain access to emails through Outlook and it was only due to bad spelling that agents knew something was wrong.
“Somehow crooks gain access to the email addresses of real estate agents who are using only single factor authentication. They get access and will typically wait for 30 days or so for the logs to roll and start reading the emails to figure out which deals the agent or conveyancer is involved in. They will figure out the timing of the deal and inject themselves into the email chain purporting to one person or another,” he said. “The first thing you know, you’re getting an email saying you have breached your contract because the money has not been sent.”
Tilley said like banks, real estate agents and conveyancers are great targets because they transfer large amounts of money at any one time.
July 27, 2018 MELISSA HOWARD Contributing writer It might be early days, but the marijuana industry could open new doors for Victoria's...
Best Asia real estate Editor's comments; I was beginning to wonder whether I should change my forecast for Singapore real estate ba...
Australia's pensioners retiring overseas because they can't afford Australia By freelance correspondent Eden GillespieEditor's comments: As I have predicting heavily for the last 12 months one of the biggest demands for Bali real estate in the near futur...
Denpasar, May 05 2018 According to PT. Bali Affordable Lifestyles International. (PT. B.A.L.I.) who have managed award winning PT. Bali ...