Consumer Affairs Victoria has received recent reports of a possible hacking scam targeting the email accounts of estate agents, and causing home buyers to deposit their money into the wrong bank account.
In most cases, the home buyer was sent an email from the selling agent with the contract of sale and trust account details for payment of the deposit. Shortly afterwards, they received a second email from the same email address, advising them of an `error’ in the first email, and to deposit their money into a different account.
While it looks legitimate, the second email is possibly a hack - and money paid goes to an account not related to the selling agent.
If you have purchased a home and receive an email from the estate agent with trust account details to make payment, call the agent or visit them in person to verify that the email is legitimate. Be very suspicious if you receive a second email telling you to make payment into another account, even if it is from the same email address.
We strongly encourage estate agents, and all businesses, to regularly review and secure their online systems. Follow these tips to help keep email accounts safe:
- consider setting up a two-step verification process with your email accounts. This requires a user to provide more than one type of proof that they are authorised before they can access an account
- change your passwords and other verification details regularly
- delete spam messages without opening them
- do not share your email address online unless you need to. Consider setting up a separate email just for online transactions, and another for communicating privately with clients and customers.
For more information on maintaining your security online, visit the Email page on the Federal Government’s Stay Smart Online website.
If you are an estate agent sending account details for customers to make payment via email, we encourage you to advise them to:
- be very wary if they receive a second email telling them to pay into another account, even if the email comes from the same address
- call your office to check the email’s legitimacy.
Any business or individual who believes they have been tricked into paying money into an incorrect account, should contact their bank immediately.
Instances of cybercrime can be reported to the Australian Cybercrime and Online Reporting Network.
IDCare is a not-for-profit organisation that provides free support services and resources to people and organisations targeted by cybercriminals and scams. For more information, visit the IDCare website.
While our recent reports indicate possible hacking of estate agent email accounts, any business or individual can be a target for cybercriminals. For more information on staying safe online, visit the Stay Smart Online website.