Consumer Affairs Victoria has received reports of a possible hacking scam targeting the email accounts of estate agents.
The scam sees home buyers deposit money into wrong bank accounts. We know how hard it is to get deposits saved, so heed the following advice.
The new hacking scam targeting Victorian home buyers and real estate agents has seen reported losses in excess of $200,000.
In most cases, the home buyer was sent an email from the selling agent with the contract of sale and trust account details for payment of the deposit. Shortly afterwards, they received a second email from the same email address, advising them of an ‘error’ in the first email, and to deposit their money into a different account.
While it looks legitimate, the second email is possibly a hack – and money paid goes to an account not related to the selling agent.
If you have purchased a home and receive an email from the estate agent with trust account details to make payment, call the agent or visit them in person to verify that the email is legitimate. Be very suspicious if you receive a second email telling you to make payment into another account, even if it is from the same email address.
CAV strongly encourage estate agents, and all businesses, to regularly review and secure their online systems. Follow these tips to help keep email accounts safe:
- consider setting up a two-step verification process with your email accounts. This requires a user to provide more than one type of proof that they are authorised before they can access an account
- change your passwords and other verification details regularly
- delete spam messages without opening them
- do not share your email address online unless you need to. Consider setting up a separate email just for online transactions, and another for communicating privately with clients and customers.
If you are an estate agent sending account details for customers to make payment via email, the department encourage you to advise them to:
- be very wary if they receive a second email telling them to pay into another account, even if the email comes from the same address
- call your office to check the email’s legitimacy.
Any business or individual who believes they have been tricked into paying money into an incorrect account, should contact their bank immediately.