Real estate agency hacking leads to bogus rental ads: Real estate bulletin issue 143 (May 2017)
25 May 2017
A Perth real estate agency’s computer system has been accessed by scammers, resulting in bogus advertisements being posted on numerous rental accommodation websites.
Actions are being taken to have the fake ads removed and block / close an email address being used by the scammers (see the image for the relevant email address beginning "rentscall@").
Bogus rental ad
Sample of a bogus advertisement being posted on numerous rental accommodation websites.
The Department of Commerce has issued an urgent warning to prospective tenants who applied for the bogus properties, as by providing their personal and financial details they could become the victim of identity theft or find their bank accounts compromised.
Any rental applicants who may have been exposed to the scammers should be directed to the Department's media release.
While this scam appears to be aimed at tenants, it is a timely reminder to real estate businesses that scammers are constantly developing new methods to target individuals and businesses.
Every business should have procedures and protocols which will prevent unauthorised access to their computer system and to detect malware. Having up-to-date anti-virus and anti-malware software is essential.
Tips to protect yourself
To help prevent fraudulent activity or loss:
- Ensure the latest security software (e.g. anti-virus, anti-spyware, firewall) is installed on computer systems and the operating system is kept up-to-date.
- Remind staff of basic electronic security measures. If suspicious emails from any source contain an attachment, do not open them as they may contain malicious software (i.e. malware). Delete these emails immediately. Do not click on any links within these emails.
- Be wary of unsolicited emails purporting to be from your bank or other services as some of these may be spam or hoaxes.
- Use strong passwords, and do not use the same password on different sites.
- Secure your wireless network and be careful when using public wireless networks.
- Consider using security tokens for e-banking and ensure the device protocols are set to the highest possible level for all staff members.
- Do not store payee lists within your online bank accounts as there are many ways to manipulate these entries. When creating an electronic transfer of funds, the payee’s details should be entered manually on each occasion.
- When accessing your bank online, always type the address into the address bar. Never click on an online link or ‘favourite link’ to access your bank’s webpage as these can be manipulated to send you to a counterfeit site (known as phishing)