In today’s digital age, the convenience of online communication has transformed the way we conduct business, particularly in the real estate industry. However, with this convenience comes a new set of risks, especially when it comes to financial transactions. One of the most alarming threats facing the real estate sector is the rise of business email compromise (BEC) scams, where cybercriminals gain access to legitimate business email accounts and use them to defraud unsuspecting victims.
In this article, we will focus on how these scams can affect real estate transactions, particularly when a buyer is about to pay a deposit. However, it’s important to note that anyone transferring a large amount of funds could be at risk.
Understanding Business Email Compromise Scams
What is a Business Email Compromise Scam?
A business email compromise scam occurs when a cybercriminal gains access to a legitimate business email account and uses it to trick others into transferring funds to a fraudulent account. In the context of real estate, scammers often target emails that contain trust deposit details, including bank account numbers and BSBs for sales deposits. Once they have access, the scammer monitors the email account for such transactions.
When a legitimate email is sent with deposit instructions, the scammer immediately sends a follow-up email using the compromised email account’s stationery. This fake email instructs the recipient that the initial account details were incorrect and provides new “correct” details, which actually direct the funds to the scammer’s account.
This scam is particularly devastating because the fraudulent email often appears entirely legitimate, leading the buyer to unknowingly transfer their deposit to the wrong account. Unfortunately, once the funds are transferred, they are often difficult, if not impossible, to recover.
How Does Email Compromise Happen?
How Does My Email Account Become Compromised?
The most common way an email account becomes compromised is through phishing attacks. Scammers often send emails with malicious attachments or links that, once clicked, allow them to gain access to your email account. These emails might appear to be from a trusted source, making them difficult to spot.
Once the scammer has your email account’s login details, they can monitor your sent items, waiting for the perfect opportunity to intercept a transaction. Given the high value of transactions in real estate, these scammers are particularly interested in intercepting communications related to deposit transfers.
Protecting Yourself and Your Clients
What Can You Do to Help Protect Against This Type of Scam?
While these scams are sophisticated, there are several steps you can take to protect yourself and your clients from falling victim.
- Verify Payment Details Through Trusted Channels
One of the most effective ways to prevent falling victim to a BEC scam is to verify payment details through a trusted channel. For example, instruct your clients to verify any BSB and account numbers by calling your office on a trusted phone number. Ensure that they find your contact details independently, such as through your website or a business card, rather than relying on the details provided in an email. Scammers can easily include a fake phone number in their fraudulent email, so independent verification is key.
- Include a Warning in Deposit Instruction Emails
To help protect your clients, include a clear warning in all deposit instruction emails. This warning should outline what to do if they receive a follow-up email or phone call asking them to change the BSB or account number. Here’s an example you can use:
IMPORTANT: Changes in BSB, account number, or payment instructions: If you receive a follow-up email or phone call from us claiming that the BSB and/or account number in this email is incorrect, or that we have provided you with incorrect payment instructions, please contact our office or your sales agent immediately by phone. Do not transfer any funds until you have spoken directly with a trusted person involved with this transaction and can verbally confirm the payment instructions.
- Be Cautious with Email Attachments
Scammers often gain access to email accounts through malicious attachments. Never open attachments from unknown senders, and be cautious even with known senders if the email seems out of character. If an attachment is unexpected, verify its legitimacy by contacting the sender through a separate communication channel.
- Use Up-to-Date Security Software
Having an up-to-date anti-virus and security software is essential in protecting your business from scams. This software can help detect and prevent malware from compromising your email account. If your business has managed IT services, ensure that your provider includes email security as part of your plan. Regularly updating your software is crucial, as new threats emerge all the time.
- Consider Using PayID
Another way to protect your transactions is by using PayID. PayID allows deposits to be sent to your ABN, and the funds appear in your account instantly. The benefit of PayID is that the person sending the funds can verify your company name before completing the transfer, adding an extra layer of security.
If You Suspect Your Account is Compromised
If you suspect that your email account has been compromised, it’s important to act quickly. Contact your IT provider immediately to secure your account and prevent further breaches. Additionally, inform your clients and financial institutions as soon as possible to mitigate any potential damage.
Contact Your Bank
If you believe that a scammer has targeted your account, report it to your bank immediately. They may be able to help recover the funds if the transaction was recent. Below are the contact numbers for major Australian banks:
- ANZ: 13 70 28
- Westpac: 1300 364 294
- CommBank: 13 22 21
- NAB: 13 10 12
- Bendigo Bank: 1300 236 344
Business email compromise scams are a growing threat in the real estate industry, but with the right precautions, you can protect yourself and your clients. By verifying payment details, warning clients about potential scams, and using secure communication methods, you can significantly reduce the risk of falling victim to these fraudulent schemes. Staying vigilant and proactive is essential in safeguarding your business and maintaining the trust of your clients.
Further Reading
ABC News: Scammers target Australian real estate sales through payment redirection scams
Money Magazine: Two common real estate scams and how to avoid them
News.com.au: Aussie couple’s loss exposes huge scam targeting property sales
