Wednesday, 7 February 2018
Cyber scammers targeting Australian real estate sector:
Fake invoices being sent out by scammers posing as agents
Byron Connolly (CIO)06 February, 2018 16:19
Cyber scammers have figured out that the Australian real estate industry is a potential gold mine for social engineering attacks, according to Alex Tilley, a senior security researcher at SecureWorks.
Tilley, who was also formerly a senior technical analyst at the Australian Federal Police, told CIO Australia that fake invoices are being sent out by scammers posing as real estate agents and law firms asking for payment from a customer. He said many victims are not realising they have been scammed until the actual invoice from the agent comes through.
Tilley said it was an increasing problem but could not provide a figure on the number of agencies that had been affected. He said scams started getting more common in Australia in the last half of 2017 but had been going on for a couple of years overseas.
In 2016, an LG Hooker agency in Kallagnur in Queensland was the victim of a cyber scam when a property manager opened an email purporting to be from an energy retailer. Once opened, malicious ransomware was executed, which brought down the agency’s 30 computers and a server.
Last October, two property buyers in South Australia lost almost $1 million after falling victim to scammers using bogus email details to pose as conveyancers.
CIO Executive Council member profile: Daniel Pettman, CIO, BaptistCareMore from CIO Executive Council
“Crooks are going to where the money is and have figured out there’s a lot of money involved in real estate transactions and [cyber] protections that are placing on them aren’t exactly top notch,” said Tilley. “They [crooks] get in the middle of transactions and take the invoices. The [real estate] industry isn’t ready for it.”
Tilley said there have been a “couple of cases” where scammers gain access to emails through Outlook and it was only due to bad spelling that agents knew something was wrong.
“Somehow crooks gain access to the email addresses of real estate agents who are using only single factor authentication. They get access and will typically wait for 30 days or so for the logs to roll and start reading the emails to figure out which deals the agent or conveyancer is involved in. They will figure out the timing of the deal and inject themselves into the email chain purporting to one person or another,” he said. “The first thing you know, you’re getting an email saying you have breached your contract because the money has not been sent.”
Tilley said like banks, real estate agents and conveyancers are great targets because they transfer large amounts of money at any one time.
Josh Zimmerman and Caitlyn RintoulThe West Australian Sunday, 2 June 2019 2:00AM Astor Arcade owner Bruno Zimmermann.Picture: Ian Munro Pr...
There will be only a few times during your life when you will be offered a relatively safe investment return of 10 % to 15% per year. ...
Best Asia Real Estate Editor's Comments: The below article points out the fact that baby boomers, after working a lifetime to ach...
Best Asia real estate editor's comments; Just one more piece of proof that investors are pulling out of the Australian real estate ...