25 February 2021
Social engineering fraud has increased in frequency and severity in recent years. Fraudsters have become especially sophisticated when targeting unsuspecting victims and the financial consequences of these crimes can be devastating. And real estate agents are prime targets for cyber criminals given their involvement with large and frequent financial transactions.
The term ‘social engineering fraud' – sometimes known as ‘invoice fraud’ or ‘payment transfer fraud’ – refers to a variety of techniques used by fraudsters to deceive and manipulate victims into surrendering funds or giving over confidential information.
Over time, techniques have become increasingly sophisticated and can be very difficult to detect. For example, cyber criminals will often intercept communication lines (such as email) over a span of weeks or even months, waiting for the prime opportunity to issue a plausible, yet fraudulent, payment request.
By piecing together information from various sources, these fraudsters appear convincing and trustworthy, as they work to impersonate trusted contacts of the target. The complex nature of these schemes often makes it extremely difficult to identify the fraud before it’s too late. Victims range from small businesses to large organisations, across many industries and geographies.
Even prior to the onset of the COVID-19 pandemic, it was apparent that the worldwide cost of cyber-crime was substantial. A 2019 Internet Security Threat Report released by Symantec Corporation revealed that there were 800 million victims of online crime. Of these, 117 million involved identity theft and just under 40 per cent resulted in financial loss.
With the onset of the global health crisis, online fraud and phishing attempts have become increasingly problematic, with fraudsters seeking to exploit fears over the Coronavirus outbreak. The Australian Cyber Security Centre revealed a raft of local examples.
For example, one scheme involved fraudulent emails that appeared to come from the World Health Organisation. These emails requested donations to a false COVID-19 Response Fund.
Other scams have purported to provide useful, but ultimately malicious, information regarding infection maps or details about testing stations, in an attempt to steal sensitive data from the recipient’s device, including usernames and passwords.
Statistics show that the frequency and severity of cyber-attacks on businesses is a major concern.
More than 40 per cent of all cyber-attacks are aimed at smaller businesses. Why? Because cyber-criminals view small to medium enterprises (SMEs) as more favourable targets. Moreover, 60 per cent of SMEs don’t survive a cyber-attack or data breach. The average cost of a cyber-attack on an SME is now more than USD $200,000.
But how do these attacks happen? Insurer claims data for real estate agents in Australia shows an increase in claims arising from email compromise. As an example, your agency’s network security may be breached, resulting in a malicious third-party gaining access to internal communications. That person may then pose as a director of your agency and successfully defraud one of your clients of payment by way of a false invoice directing monies to a fraudulent bank account.
While there are many variances to the sophistication and root cause of these sort of attacks, one thing remains the same – the risk posed to business demands action.
Although it may seem to be common sense, being alert to the most basic of things can have a big impact when it comes to preventing cyber-crime. The following are some basic steps to help better protect your business from social engineering fraud.
Written payment and verification procedures. Have documented and rigorous procedures in place for payments to third parties and authentication of payment requests. This should include:
You should also ensure that your staff are familiar with these procedures and that regular training is provided.
Suspicious emails. Provide training to staff about how to identify suspect emails, including:
It’s difficult to determine exactly how a given social engineering claim will play out, because these types of scams have become so varied in their approach. Ultimately, there’s no one-size-fits-all insurance policy to cover this type of loss.
But, rest assured, the Realcover and Marsh teams are experts in the exposures faced by real estate professionals and have comprehensive and tailored products readily available to protect your business.
Some critical policies that all real estate professionals need include:
Marsh Advantage Pty Ltd and Marsh Pty Ltd (Marsh) arrange this insurance and are not the insurer. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, conditions, and exclusions of the applicable individual policies. Marsh cannot provide any assurance that insurance can be obtained for any particular client or for any particular risk. Copyright © 2020 Marsh Advantage Pty Ltd. All rights reserved.
Realcover’s professional indemnity insurance policy has been designed with your needs in mind. For more information and to discuss your insurance needs, please contact Realcover by speaking with a Marsh representative on 1800 990 312 or email [email protected]
From VOLVO, BMW and TESLA Check them out.
Also, Keep track of your CPD hours with the NEW CPD Diary in your member portal! Log in today.