Latest News

How to reduce cybercrime fraud

19 December 2017

Sophisticated cybercrime fraud is on the rise, but there are practical ways to reduce the risks in real estate according to experts from Macquarie Bank in a recent webinar with REINSW.

“We’ve been increasingly aware that email scams are more prevalent than before, and scams which are targeting real estate are really starting to impact our clients,” said Innes Kirkwood, National Head of Residential and Commercial Real Estate for Macquarie Banking and Financial Services Group. 

“Clients, vendors, tenants or landlords’ email addresses can be hacked, and those emails can be siphoned off and replied to without anyone having any idea.”

Jonathan Martin, Fraud Investigation Specialist for Macquarie Banking and Financial Services Group, emphasised how real estate businesses and employees must increase their understanding of current fraud trends and learn how to mitigate risks.

“I can’t reiterate enough that the best defence is your own internal controls, identifying the warning signs, and you,” Mr Martin said. “The devil’s in your details. Be certain who you’re dealing with, learn to spot scams and if in doubt, don’t enter details.”

The impact of fraud

According to the Association of Certified Fraud Examiners 2016 Report to the Nations on Occupational Fraud and Abuse, the financial services sector is the biggest victim of fraud loss across the Asia Pacific region, with $6.3 billion in fraud losses and a $2.7 million average loss per case. The average duration of a case is 18 months, while 40% of cases go undetected for five years. 

In one concerning recent example, a Sydney agent saw over $750,000 disappear from their Trust Account. Find out more here.

Mr Martin added that fraud can impact a business if four main ways:

  1. Loss of revenue
  2. Reputational damage
  3. Litigation / HR costs
  4. Low staff morale.

Fraud trends

There are a number of current trends in fraud to be aware of:
  • Email account compromises
  • Phishing (sending false messages or emails to obtain sensitive information) and malware (viruses, spyware, worms, trojans, rootkits)
  • ATM skimming
  • Phone porting
  • Fake documents and document theft
  • Fake online profiles
  • Scams.

How do cyber criminals operate?

Mr Martin explained that fraudsters use a combination of web-based email account compromises and social engineering – the art of manipulating people for confidential information. They set up filter rules and frequently review hacked client emails for critical information, such as conversations with their family or advisor, and copies of their driver’s licence, passport and signature.

“Once the crook’s got control of the mailbox and has all the information, they will basically start to email you from the client’s email, talking like the client. And that’s why you fall victim to it,” Mr Martin said. 

“Verbally contact your clients when dealing with email instructions, and ask questions. You know your client better than anybody – does it sound like your client? If you’re processing transactions for an organisation, just ring them.”

Protection against fraud

To better protect ourselves against cybercrime fraud, we first need to recognise the nature of these serious threats, Mr Martin suggested. 

“In the business banking space, clients’ emails are being compromised and, for example, they’ll write to the real estate agent and say, ‘I’ve moved bank accounts, so can you move all my new rental income into this new account?’. And it’s being done. You’re updating your clients’ records without contacting your clients to verify the instruction is actually genuine,” he said.

To protect yourself, your business and your clients, Mr Martin recommended staying alert to the following ‘red flags’:

  • Payment instructions via email
  • Web-based email account
  • Time of email
  • Client’s travel plans
  • Unusual requests
  • Unusual terms e.g. ‘wire transfer’
  • Moving funds to third parties
  • Urgency
  • Poor grammar.

What else can you do?

  • Email vigilance
  • Virus protection
  • Establish protocols e.g. red flags and escalation procedures
  • Advise clients of security measures
  • Check websites are secure
  • Avoid PC compromise risk.