Real estate agents must protect their business or pay the price

This incident unfortunately highlights the vulnerability of trust accounts, and sheds light on the ever increasing severity of cyber threats faced by the real estate sector.

As authorities investigate the breach, it is crucial to examine the cyber security implications of this more closely, including phone scamming and “threat actors” who aim to exploit knowledge of the last four digits of trust accounts.

Putting effective remediation strategies in place is essential to address this growing problem.

The following list outlines current real estate cyber security issues:

Phone scamming

Cyber criminals have expanded their reach beyond online platforms and are increasingly resorting to phone scams to target real estate agents and associated sectors, such as conveyancers. By impersonating legitimate individuals, scammers manipulate trust account holders into divulging sensitive information or transferring funds to fraudulent accounts. This incident serves as a stark reminder of the need for heightened vigilance in verifying the authenticity of phone calls and protecting sensitive information. It is vitally important that organisations document a strict and confidential process of validation.

Last four digits exploitation

Threat actors (scammers playing the role of someone you might know or be in a transaction with) have devised methods to acquire the last four digits of trust accounts, adding a very concerning dimension to fraudulent activities. Armed with this knowledge, scammers can pose as individuals or organisations and manipulate unsuspecting victims into providing additional information or completing transactions. The exploitation of these last four digits exacerbates the vulnerability of trust accounts and underscores the urgency for enhanced security measures.

Escalating severity

This incident exemplifies the escalating severity of cyber threats faced by the industry. Cyber criminals are becoming more sophisticated in their techniques, exploiting vulnerabilities, and employing social engineering tactics to deceive their targets. As their methods evolve, the risk to real estate agencies and their clients continues to grow, necessitating the urgency for robust cyber security measures.

And while there is no silver bullet to stop scammers, all real estate agents should have the following remediation strategies in place:

Enhanced phone security

Real estate agents should exercise caution when receiving phone calls, especially those related to trust account transactions. Implementing verification protocols, such as confirming caller identities through alternate means, can help mitigate the risk of falling victim to phone scams.

Two-Factor Authentication (2FA)

Implementing 2FA adds an extra layer of protection to sensitive accounts, including trust accounts. By requiring an additional form of authentication, such as a unique verification code sent to a trusted device, real estate agents can minimise the risk of unauthorised access, even if scammers possess some account-related information.

Strengthened data privacy

Real estate agencies must prioritise the protection of personal and financial information by implementing stringent data privacy measures. This includes encrypting sensitive data, regularly updating security protocols, and ensuring access to trust accounts is only performed by authorised personnel.

Improved information sharing

Industry-wide collaboration is vital in combating cyber crime. Real estate agencies should establish channels for sharing information and best practices to stay updated on emerging threats and preventive measures. By leveraging collective intelligence, the industry can enhance its ability to identify and thwart cyber attacks effectively.

Ongoing security training

Regular cyber security training is essential for real estate agents and agency staff. But please, don’t waste time with cookie-cutter training and phishing testing. Invest in training tailored to your specific business, and build policies around it. This training should include education on evolving tactics employed by scammers and highlight the risks associated with phone scams and knowledge of trust account details.

Other mitigation strategies, such as the verification of banking details and accounts, would go a long way to fix these issues but will require a lot of work and co-operation between financial institutions.

New types of financial tools that exist in the fintech space could also be used for payment security and verification over time.

The recent breach highlights the escalating cyber security concerns faced by the industry.

With the rise of phone scamming and the exploitation of last four digits of trust accounts, real estate agencies must take proactive measures to protect themselves and their clients by enhancing phone security, implementing two-factor authentication, prioritising data privacy, promoting information sharing, and providing ongoing education.

We cannot ignore the fact that scammers are getting smarter and their scams are getting more sophisticated. It’s time to protect your business, or pay the price.

Thomas Jreige is a tactical cyber security and intelligence expert.