• Bradley Sing

    Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

    Comments:0

    Add comment
Bradley Sing

Why cybercriminals love targeting real estate agencies

Content

In 2018, advisory firm PwC revealed that customer fraud was already the number one economic crime in Australia, with 45 per cent of companies surveyed attacked during the two previous years. The real estate sector, in particular, is proving to be a goldmine for smart cybercriminals looking for a big payday.

ASX-listed property valuation firm Landmark White experienced the danger first-hand when they suffered a breach in February 2019, which forced the company into a trading halt. The company is estimated to have lost $7m in revenue as a result and led to the resignation of its CEO at the time. When the company resumed trading in May 2019, their share price had dropped by 40%.

Why cyberattackers target real estate agencies
Considering the big sums of money and wealth of personal information involved in buying and selling property, it’s hardly surprising real estate firms are an enticing target. The real estate industry is worth around $16 billion in Australia alone and poorly secured in terms of cybersecurity.

Australia is still transitioning from the 150-year-old paper-based Torrens Title System of exchanging property to modern digital record systems. Most agencies are also in various stages of their own digital transformations, which means enterprising hackers have many potential vulnerabilities to exploit.
 
How criminals hack real estate firms (and why residential agencies are their favourite target)
Hackers tend to focus on residential real estate in particular, given the less-rigid security they’re likely to encounter. Phishing scams are still the go-to tactic for most hackers. An unsuspecting employee receives a fake but convincing-looking email, and given the huge number of online enquiries the average real estate agent receives, they make a simple human error - like clicking on a boobytrapped link or malware-laden attachment. Now the hackers can steal confidential data, hold the entire agency to ransom or hijack the identity of an employee to scam a customer.
 

If their intention is to steal funds, they usually lie in wait for a scheduled sales settlement to come through. When they see one in progress, they hijack the emails between the agent and the client and trick the buyer into sending funds to a fraudulent account. The criminals then move the funds through a complicated network of dummy accounts, making the money trail almost impossible to track.
 

The consequences of scams such as these can be severe. Not only can huge sums of money and confidential data be stolen, but the losses from the interruption of business operations can also be significant. The biggest blow, however, is the damage to a firm’s reputation. Once trust is lost, it can be very difficult to regain.
 

Real estate agencies need to become more resilient
Security risks are an inherent part of the digital economy. But that doesn’t mean the risks can’t be managed. By taking a few precautions, real estate firms can greatly reduce the chances of suffering a crippling cyberattack.

 

  1. Update your security measures
    Use multifactor authentication where you can, and mandate the use of strong passwords for your staff. It’s also a good idea to set rules against allowing the same person to create and authorise payments. Make sure your firm has a sound cybersecurity policy, and consider getting cybersecurity insurance as well.

  2. Keep your tech up-to-date
    That means regularly patching your software with the latest security updates, and using reputable firewalls, encryption, and anti-virus tools.

  3. Keep data backups
    Regularly back up your files and keep a copy in a secure offsite location. Keep hard copies of critical data as well.

  4. Educate your staff and your customers
    Regularly update your team about current online threats and cybersecurity best practices. Also, make sure your clients know what to expect before they carry out a transaction. Advise your clients to call you immediately if they receive an unusual request to transfer funds over email.

 

Conclusion
While prevention can minimise the chance of a cyber breach occurring, it won’t eliminate the possibility altogether. That’s why it might be a good idea to bring on board an external security provider who can bring in specialists to keep your business secure. Having the right safeguards in place can mean the difference between keeping your doors open or shutting up shop for good.

Technical Consultant, Mimecast

Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

Stay safe and secure with latest information and news on threats.
User Name
Bradley Sing