Real estate cyber security threats on the increase
Published 27 June 2018
Australia’s transition to an electronic system of exchanging property and the rise in cyber criminals targeting residential property transactions means that the Australian real estate sector may be facing a cyber security crisis, according to international insurance broker Gallagher.
Australia is midway through the shift from the 150-year-old paper-based Torrens Title System of exchanging property to electronic certificates. The electronic exchange of property will become mandatory in VIC in October 2018, and in NSW in July 2019.
However, recent high-profile breaches of the national Property Exchange Australia (PEXA) security protocols have highlighted the threat sophisticated cyber criminals bring to buyers and conveyancers.
Fairfax media reported in June that cyber criminals have been able to set up new user accounts in the PEXA system after first hacking conveyancing firms’ emails and then intercepting notification emails from PEXA. These ‘ghost users’ can then alter bank details during settlement to misappropriate funds from home owners.
Once such incident saw a Melbourne family lose $250,000 from the settlement of their house to cyber criminals. Although more than half was frozen by the banks, a figure in excess of $100,000 was non-recoverable, jeopardising the family’s planned move to the Mornington Peninsula. A few weeks earlier, a similar technique was used to misappropriate more than $1 million from a Melbourne home owner during the settlement period.
PEXA has, however, denied any claim of negligence with acting Chief Executive James Ruddock stating: “PEXA has robust fraud protections and strict authentication procedures built into its platform.”
The daily cyber threat to real estate agents is also on the up, according to business technology news website ZDS, who cite that cyber criminals are increasingly targeting residential property transactions by hacking into agents’ email accounts and providing altered bank account details to allocate funds to fraudulent accounts.
It all adds up to a virtual headache for the real estate sector, says John Apter, a specialist real estate insurance broker from Gallagher.
“We have thousands of real estate agent clients across Australia and we’ve certainly noticed increasing incidences of cyber-related claims being made against them,” he said.
“Phishing emails have become a daily challenge for most agencies, as fraudulent emails blend in with high volumes of online queries. These constant attacks inevitably lead to human error, such as clicking a link in an unsolicited email and releasing malware or a Trojan virus into the business network. This is incredibly easy to do, but can be extremely disruptive to business operations, and can be costly in terms of lost revenue brought about by an inability to trade.
“We’ve also seen examples of ‘social engineering’, whereby fraudsters access agency owners’ email accounts and issue false invoices to colleagues urging immediate payment, with money being directed to fraudulent accounts. This threat is certainly on the increase, so real estate agents should be extremely wary.”
Apter urged business owners across the real estate sector to ensure all staff are made aware of the growing risk of cyber security breaches and to educate them on what to do in the event of a breach.
“Cyber insurance should also be considered as part of your overall approach to cyber security,” Apter added. “It’s a highly relevant and cost-effective product, which addresses a very real and growing threat. Although cyber policies don't typically cover social engineering incidents, these can be covered through an additional policy endorsement, and we recommend at least considering this, too.
"Although cyber insurance won’t in itself stop breaches from happening, it can help compensate your business for any lost income brought about by cyber attacks, or liability costs related to loss of customer data.”