Cybersecurity: are you smarter than the scammers?

Cybersecurity presents a huge risk to your real estate business and is an area where you must be proactive to prevent financial loss.

With so much data and information stored electronically, it is now more likely for your business to be robbed via the internet than by someone smashing a window.

Cybercriminals are constantly coming up with new ways to access your online information. The result can be identity theft, financial plundering and a dramatic impact on your business reputation, particularly if there is a loss of client funds or personal details.

According to the ACCC’s Scamwatch, small businesses with fewer than 20 staff are most likely to be targeted by scammers. Businesses were most likely to be targeted with false billing scams, while employment and investment scams caused the most financial losses — costing nearly $1.7 million.

Here are a few common scams and cyber crimes to look out for and ways to protect your real estate agency:

Common email scams

Be wary of any emails from a financial institution, from Australia Post or Government body like Medicare. It may say something like “Please click to confirm our deposit”, “Click to confirm delivery” or “Click to confirm your account.”

Sometimes these emails are obviously fake because of poor logo imitations or obvious spelling mistakes. However, the scammers are becoming smarter (and better at writing).

One way to check if an email is legit is to look at the sender’s email address. For example, a Medicare address will always end in .gov.au. A scam Medicare email may end with something like medicare.org, medicare.net or medicare.tv.

Before you click on any link, hover over it first. This will display where the link will take you. A scam email will often send you to an online address which looks nothing like the company it is claiming to be from.

Any email claiming to have a warrant for your arrest or stressing urgent action to be taken by the Australian Tax Office is also likely to be a scam. If in doubt, pasting some of the contents into Google will often reveal the claims of the message to be false.

Business email compromise

Scamwatch is calling on businesses to urgently review how they verify and pay accounts and invoices as reports of business email compromise (BEC) increase. This warning is highly applicable to real estate businesses which often collect and transfer large amounts of money.

Scamwatch shares “BEC scams occur when a hacker gains access to a business’s email accounts, or ‘spoof’ a business’s email so their emails appear to come from the company”.

“The hacker then sends emails to customers claiming the business’s banking details have changed and future invoices should be paid to a new account. These emails look legitimate as they come from one of a business’s official email accounts. Payments then start to flow into the hacker’s account.”

“In other variations of the scam, the hacker will send an email internally to a business’s accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an off-shore account. Hackers can also request salary or rental payments be directed to a new account.”

In some circumstances, entire house deposits have made their way into the hands of hackers, to the great distress of real estate agents and their clients.

Preventing Cybertheft

Awareness and prevention are key to stop hackers from wreaking havoc.

To stay safe, four actions you can take include:

  • Reach out to your clients and ask them to confirm with you via the phone if they receive any financial-related requests via email.

  • Conduct training sessions with your staff to keep them up to date on cybersecurity.

  • Consider a multi-person approval process for transactions over a certain amount.

  • Work with your IT provider to keep your security up to date.

As a business, you should also check with suppliers if you receive requests relating to changed account details. Do this over the phone and not by replying to an email as an electronic response may come from a scammer.

Finally, it is important to include cybercrime as part of your insurance. Many business insurers now offer this, covering you for business interruption, forensic investigation, data recovery and the financial cost of being hacked or duped electronically.

Cybercrime presents a risk to all businesses. If you’re aware of the dangers and plan ahead, an attack from online criminals will be less disruptive to your agency, your clients and your reputation.