Skip to content

IT Security Alert – Surging Property-Related BEC Threats

Aug 31, 2021

Blog Security

[vc_row][vc_column][vc_column_text]In this week’s Australia Cyber Security Centre (ACSC) Partner update, we received notification of a marked and growing trend involving cybercriminals targeting the property and real estate sector to conduct property-related BEC (business email compromise) scams in Australia.

This recent alert highlights the use of BEC scams to target real estate agents, conveyancing lawyers and mortgage brokers, as well as other key parties involved in property transactions.

The details provided by the ACSC are as follows:

“In a BEC scam, cybercriminals pose as a legitimate business to send fraudulent emails to their customers or clients. In a property related BEC, cybercriminals unlawfully gain access to emails or impersonate businesses to deceive individuals attempting to buy, sell or lease property.

Cybercriminals will impersonate parties to a property transaction (such as real estate agents or conveyancers) and insert illegitimate bank details for settlement or rental payments. Victims assume this request is legitimate and will unknowingly send ­payment to the cybercriminal’s bank account. Successful BECs can go unnoticed for weeks until businesses follow up on a missing payment.

These fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies (typically by swapping letters or adding additional characters). They might also create email addresses with Gmail, Yahoo or Outlook that use the legitimate business name. At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal.

Cybercriminals are targeting all parties involved in the real estate sector, with a particular focus on impersonating conveyancing lawyers and communicating with their clients. Cybercriminals are also singling out mortgage lenders in order to intercept property settlements.

Settlement agents and lawyers should be wary of updating bank account details – particularly before updating Property Exchange Australia (PEXA), an online service that deals with property transactions. When cybercriminals impersonate a property seller and request their bank details to be updated, settlement agents using PEXA will change these details in the system. PEXA remains secure yet the new bank account details are fraudulent, resulting in the buyer sending funds to the cybercriminal’s bank account.

This trend has potential for significant financial harm. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods. This includes real estate agents, conveyancers and lawyers, mortgage lenders and any clients of these businesses.”

The ACSC recommends to:

  • Verify payment details: If any party to a property transaction notifies you, they have updated their bank details, take extreme care to confirm changes by calling the sender’s established phone number or meeting them face-to-face before transferring any funds.
  • Training and awareness: Ensure staff are trained to identify suspicious emails, including requests to change bank account details or emails linking to fake websites. The latter may be a phishing attack which could capture passwords and compromise account security.
  • Secure your email account: Knowing cybercriminals will attempt to access systems through compromised passwords, it is recommended that individuals and businesses use strong passphrases and enable or implement multi-factor authentication on email accounts to help prevent unauthorised access.”

Further to those recommendations made by the ACSC, there are a number of actions we recommend your organisation should now take to reduce your risk of exposure to property-related BEC scams including:

  • Sharing this information with your broader team and encouraging them to be alert to possible threats.
  • Fast-tracking internal discussions around the deployment of multifactor authentication, cybersecurity awareness training, password management tools and other critical IT security measures that may have been sidelined or are on hold.
  • Make some time now to revise and refine your business processes around access, approvals and payments, to ensure that there is “no single point (or person) of failure” and that checks and balances are in place to prevent unintended financial transfers.

If you require any further details on this recent alert, or would like to fast track firming up your IT security provisions, give Maxsum a call on 1300 629 786 or Contact us right here.

[/vc_column_text][vc_empty_space][vc_single_image image=”2657″ img_size=”full” alignment=”center” onclick=”custom_link” link=””][vc_empty_space][/vc_column][/vc_row]