The Guild of Property Professionals recently issued a stark warning to estate agents that ‘more and more’ reports are being filed about cyber-attacks on agents themselves and firms in general that work with sales and lettings agents.

Paul Offley, Compliance Officer at The Guild of Property Professionals, has said that every few weeks he is hearing of more cases where businesses have been hacked and someone has infiltrated their system to try and defraud consumers.

The Guild’s warning comes after a major cyber security incident at the Simplify Group of conveyancing firms at the end of 2021, leaving some customers unable to exchange, complete or move home. There remains unaddressed concerns about the safety of customers’ personal data, as many had given over bank details, addresses and copies of driving licences or passports in order to buy or sell their homes.

Fraudsters can use this information to make applications for credit in customers’ names. The criminals behind these cyber attacks are clever and understand individual vulnerability. They use a variety of ways to scam their targets. For example, they will develop genuine looking emails that appear to be legitimate and as if coming from within the business. Often they request a ‘credible’ financial transaction is made, either by requesting credit card details to make a purchase, or payment of a fraudulent invoice.

We have heard horror stories of tenants paying deposits to what they thought were agents, after receiving an invoice that looked to have come from a legitimate email account, but featured the fraudster’s bank details, rather than the agent’s. Another common ruse is where a staff member in the accounts department will be emailed by what looks like the Managing Director, Finance Director or other senior staff asking for ‘immediate payment’ to a bank account for work purposes, but it is of course the hacker spoofing the email addresses after finding them online and receiving the money to their own bank.

Agents need to be extra vigilant and ensure they have educated their staff on the risks and have implemented the measures that will boost their protection.

Below are some ways in which agents can increase their protection from cyber crime:

Passwords and updates
Always use strong passwords for everything, including PC access & email accounts and always use two factor authentication (2FA/MFA) where possible. Any mobiles that contain work related data should have passcodes/pattern locks or biometric locks enabled. Keep all software and operating systems, firmware and firewalls up to date.

System access
If giving suppliers access to your servers, ensure the connections are secure. As a minimum, don’t leave any access wide open to the public internet and use methods such as restricting access by IP address, but preferably using more secure connection methods such as VPN’s. The same applies for remote workers.

Phishing emails
Educate staff to be aware of and alert to ‘phishing’ emails. They often come from a known contact where their email account has been breached and accessed by hackers and scammers, who will send an online link to a document asking you to enter your email address and password to ‘login’, but is in reality just sending these details onto the hackers.

Public email addresses
Try and avoid making company email addresses publicly available, particularly individual and senior staff email addresses. Hackers will find these on your website, or other publicly available site and then spoof the email addresses as per the example above.

If you have any concerns about your IT security and would like a no obligation consultancy session with one of our cyber security experts, please call 01372 389 250 or email: [email protected]