Protect your agency from cyber crime

Be it home sales, residential or commercial rents or large-scale commercial and residential transactions real estate businesses have both a large financial role; as well as a very substantial Personal Protected Information (PPI) role across buyers, sellers, tenants, investors, and any other parties to a deal.

With scams and cybercrime breaking all records when it comes to losses for individuals and businesses, it is now more important than ever to upskill your knowledge and better protect yourself. We help to explain a few of the current and emerging threats as well as resources to help safeguard your real estate business.

1. Phishing – email and SMS

Phishing is a common attack vector for cybercriminals mainly motivated by money. The scams are designed to create some sort of illicit human reaction, get a response out of you and that could be a positive or a negative emotional response. They are typically conducted through e-mails, phone calls, text messages, and even social media messaging platforms.

Tips to identify a phishing email or text message:

1. Demanding urgent action eg. ABC Bank has temporarily suspended your online access
2. Poor grammar and spelling mistakes
3. Unfamiliar greeting or salutation
4. Inconsistencies in email addresses, links & domain names
5. Suspicious attachments
6. Emails requesting login credentials, payment information or sensitive data
7. Too good to be true eg: Congratulations, you have won a prize….

Can you spot which is the fraudulent Login address?

A. Bank@banking.com.au B. John.Bank@banking.c0m.au

A. tax@ato.gov.au B. tax@gov.ato.au

*ANSWER is B for both, the number 0 was used instead of a letter o and the correct domain name was used for ato.

Key takeaway: If you suspect a scam, DO NOT click. Go direct to a source you can trust to verify.

2. Business email attack (BEC)

BEC is a form of spear (targeted) phishing that aims to trick employees into transferring funds into a ‘new’ business bank account (belonging to the cybercriminal) or sharing sensitive information at the request of a cybercriminal impersonating a senior executive.

Cybercriminals use social engineering and/or hacking techniques to compromise legitimate email accounts or spoof (create fake) emails to make them appear to be from a high-level employee, co-worker or supplier. The most commonly spoofed positions are the CEO and managing director, targeting the CFO and finance director.

On-Demand Webinar

On-Demand Webinar

Cyber Security for Real Estate Agencies

Watch now

The 2 most common mechanisms for the delivery of a BEC attack are:

• Email Spoofing – where the email appears to be from a trusted source or colleague
• Account Compromise – where the attacker has gained access to the target email’s account via installing malware or tricking victims into providing login credentials.

Key takeaway: Ensure you have two-factor authentication turned on, set up any flags or alerts for sensitive data changes and ensure you log out of all applications when not in use and at the end of each day.

3. Ransomware

Ransomware is a common and dangerous type of malware, it is often spread using phishing emails encouraging users to click on a malicious link. Ransomware works by locking up or encrypting your files so you can no longer access them. A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files.

Key takeaway: Protect your account with secure passwords or passphrases and ensure ALL employees receive cybersecurity training and education.

4. Protecting yourself and business online

Always be vigilant and never underestimate hackers interest in your business with these top tips:

STOP – take your time before giving money or personal information

THINK – ask yourself if the message or call could be fake

PROTECT – act quickly if something feels wrong

5. Report cybercrimes & additional resources

If you have been a victim of a cybercrime, incident or vulnerability take these steps:

1. Contact your bank or card provider immediately to report the scam. Ask them to stop any transactions.
2. Report the cybercrime to (Australia) gov.au/report  or (New Zealand) https://www.cert.govt.nz/report-an-issue/
3. Reset ALL passwords for your banking and software applications
4. Watch out for follow up scams

For more detailed information and resources

• The Australian Cyber Security Centre have a number of useful resources including a Small Business Cyber Security Guide, toolkits, alerts and much more visit: cyber.gov.au
• Cert NZ also have a number of key resources including Top cybersecurity tips for business visit: cert.gov.nz

You can also watch the recording of our recent Cyber Security for Real Estate Agencies webinar and you can also check out our Cyber Security facts sheet with crucial tips on what preventative action you can take to protect your Business.