It goes without saying that any form of criminal activity will always be drawn to the most lucrative pools. The current economic climate may have seen home break-ins decline with more people than ever working from home, however the property industry is not slowing. And with that, comes increased threat of cyberattack.

The Australian Cyber Security Centre (ACSC) has issued an ALERT: Cybercriminals are targeting the property and real estate sector to conduct business email compromise scams. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods.

Background – What has happened?

The ACSC has observed a growing trend of cybercriminals targeting the property and real estate sector to conduct business email compromise (BEC) scams in Australia.

In a BEC scam, cybercriminals pose as a legitimate business to send fraudulent emails to their customers or clients. In a property-related BEC, cybercriminals unlawfully gain access to emails or impersonate businesses to deceive individuals attempting to buy, sell or lease property.

Cybercriminals will impersonate parties to a property transaction (such as real estate agents or conveyancers) and insert illegitimate bank details for settlement or rental payments. Victims assume this request is legitimate and will unknowingly send ­payment to the cybercriminal’s bank account. Successful BECs can go unnoticed for weeks until businesses follow up on a missing payment.

These fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies (typically by swapping letters or adding additional characters). They might also create email addresses with Gmail, Yahoo or Outlook that use the legitimate business name. At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal.

Who is at risk?

Cybercriminals are targeting all parties involved in the real estate sector, with a particular focus on impersonating conveyancing lawyers and communicating with their clients. Cybercriminals are also singling out mortgage lenders in order to intercept property settlements.

This trend has potential for significant financial harm. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods. This includes real estate agents, conveyancers and lawyers, mortgage lenders and any clients of these businesses. From the ACSC

Who has been affected?

The Sydney Morning Herald reported in May 2021 that Domain was warning its users to be vigilant when looking to secure rental properties, after a cyber-attack managed to access personal information and demand deposits. Whilst the number of users affected by the scam were minimal, Mr Pellegrino, Domain Chief Executive, said the company was implementing further measures to complement their existing security to prevent further damage.

With other real-estate portals looking into whether their systems had been hacked too, it’s a warning to all to understand that these cyberattacks are on the rise. Nine Entertainment Co, which owns 60% of Domain, was subject to a cyberattack which hit its broadcast systems in March 2021.

How secure is your Cyber Posture and what are the vulnerabilities within your organisation?

Witz Cybersecurity’s range of unique, disruptive, and innovative technologies provides you with the next level of Cyber protection. Our range of products includes, Vulnerability scanning, Pen testing (Cymptom), Continuous Cybersecurity Health & Posture monitoring (Cyber Observer), Mobile security (MobileIron), Cyber protection and forensic audit for Healthcare (CyberMDX), Zero Trust Network Access (ZTNA with Safe-t) and others …

Can you say with certainty how secure your organisation is and what your Cybersecurity Posture is currently?

Please email me to arrange a free POC or Demo for one of our technologies. Don’t wait until you need to pay the ransomware.