Real estate agencies have been urged to take a zero tolerance policy to Facebook and internet-based email accounts after cyber criminals targeted one office in Western Australia.
WA Consumer Protection has confirmed that the hackers stole $50,000 from a Broome real estate agency after they hacked into the company’s online banking system in February.
Mandy Reed, general manager at Hutchinson Real Estate, told Residential Property Manager that the cyber-fraudsters most likely accessed the company bank account after a compromised email allowed malicious software (or malware) to be installed.
"We got done alright,” said Ms Reed. “We were doing a reconciliation of one of our bank accounts when we realised the money that was supposed to come into it never arrived. So we looked into it because it came from a trust account. We rang the bank and found out it had been directed to a bank account in west Sydney.”
It’s being alleged the bank account details of one of the agency’s clients were changed on a ‘pre-entered list’ of recipients who receive regular payments.
Three payments from the agency’s trust account totalling $50,000 were re-directed away from the intended bank account. It appears the account details were later changed back to the original, in the hope that the fraud would not be detected. The agency has since been reimbursed by their bank.
“What the fraud squad reported to us was that it possibly came about by someone clicking on a dangerous email link, or may have been from someone trying to view something on Facebook,” said Ms Reed, adding that the malware may have been lurking in their system for a while, as the business only recently ramped up its cyber security.
Ms Reed added the fraud experts advised the agency to take a zero tolerance policy to Facebook and for web-based emails being used within the office.
"They told us to lock down anything web-based to the point where we are really minimising the risk, even down to remote devices, charging phones, downloading photos from our phones that we may have taken from properties that we’ve gone out to, even iPads we use when conducting inspections," she said.
This recent cyber-theft follows a similar case in March last year when a Perth settlement agency had $50,000 in two BPay transactions taken from their trust account.
WA commissioner for consumer protection, Ms Anne Driscoll, warned real estate to be alert to this type of fraud and to have strict security protocols in place to avoid falling victim.
“While the property industry has been targeted in these cases, fraud of this kind can affect any business so it’s essential that businesses have procedures and protocols in place to prevent unauthorised access to their computer system and systems to detect malware,” Ms Driscoll said.
“Staff should be trained to ensure that suspicious emails are deleted immediately, attachments are never opened and links never activated. Having up-to-date anti-virus and anti-malware software is essential for any business.
“In light of these attempted frauds, it is our advice that real estate and settlement agents manually input bank account details of clients when making electronic bank payments, rather than relying on the accuracy of details in pre-entered lists.”