Picture: Handre van der Merwe, BUI head of marketing; Guiseppe Virgillito, FNB Head of Digital Banking; Berry Everitt, CEO Chas Everitt International Property Group
The pandemic saw an alarming increase in cyberattacks, also targeting real estate transactions. What digital security measures should estate agencies get in place?
According to Interpol, there has been an alarming increase in cyberattacks during the Covid-19 pandemic. Criminals have been quick to take advantage of the weaknesses in corporate and government security protocols that have arisen because more people are working from home.
Read more about this in ‘INTERPOL report shows alarming rate of cyberattacks during COVID 19’
Seeing more phishing and vishing attacks
Closer to home, Handre van der Merwe, BUI head of marketing, confirms that they’ve seen an increase in the number of phishing email campaigns that uses Covid-19 related social engineering attack techniques. Phishing is one of the main methods of social engineering employed by fraudsters. This is where a person is tricked into providing confidential information like Personal Identification Numbers (PINs) or One Time Pins (OTPs), usually via email, or even the person’s cloud login details (usually via SMS) which can compromise one’s identity and even bank accounts.
According to Giuseppe Virgillito, FNB Head of Digital Banking, vishing attacks are also on the rise, with many fraudsters posing as bank representatives calls the person and then use scare tactics to convince their ‘target’ that their money is at risk if they don’t share their account or card information. “They even convince some people to make payments themselves, convincing them that this action will reverse the supposed fraud being committed (while actually the person is making payments to the fraudsters),” he adds.
Virgillito says it is not just individuals that are targets. Businesses are also at risk, with cyber criminals using various means to try and access their banking or customer data. The most typical methods include virus attacks via emails, public website hacks and exploiting software vulnerabilities to access stored data.
Online property transactions are also vulnerable
Real estate agents and companies usually fall into the small, medium and micro enterprise (SMME) businesses category that often do not have access to expert cyber security resources and tools that make them susceptible to these kind of attacks says Van der Merwe. “We have been contacted by at least one real estate organisation that fell victim to a COVID-19 phishing email that resulted in a Ransomware compromise of the branch office,” he says.
Remote working and the need for social distancing has led to a greater reliance on online communication between estate agents, their clients and conveyancers during a property transaction. While more expedient, this mode of communication could also be more vulnerable to electronic interception. Berry Everitt, CEO of the Chas Everitt International property group, agrees that the real estate value chain is unfortunately an obvious target for cybercriminals all over the world. This is due to the fact that it always has multiple parties interacting with each other to complete a transaction, and thus offers a much greater possibility of there being a weak point that is easily exploited than a process controlled by one company on one digital network. “Real estate transactions also often involve the transfer of relatively large sums of money – from buyers to attorneys, for example, or from banks to attorneys, and attorneys to estate agencies. Being able to siphon this cash off to a dummy account at any stage of the transaction is thus likely to prove quite lucrative for cybercriminals – and we are aware that there have already been a few cases of this happening in South Africa.”
One type of scam, he says, is for the hacker to initially pose as the home buyer and send an email to the transferring attorney in which he makes some excuse about needing a pro forma invoice with the attorney’s banking details. Once this invoice is sent, on the attorney’s letterhead, the hacker will alter the banking details to those of his own account, and then pose as the attorney and quite simply send the buyer an email request to pay the amount shown on the invoice.
“There are, however, several other interactions between the parties in a real estate transaction that could be targeted, and the best defence is for everyone concerned to become more aware of the fact that the Covid-19 pandemic has made life a lot easier for cybercriminals. They no longer have to hack their way into corporate computer networks that are usually quite well defended, but can just target the millions of individuals now working and transacting from home, on computers and other devices that are often completely unprotected.”
Protection measures to take
Chas Everitt recently spend in excess of R300k on new digital signature security measures. “We take the privacy of information very seriously, not just because of the new POPI Act but because of the huge financial damage and distress that can result simply from a lack of awareness, and we believe that even smaller companies can easily afford to educate themselves and their customers and staff about the increased dangers of cybercrime now, and to put the basic protective measures in place,” Everitt explains.
These measures include adding a WhatsApp link on outgoing emails from their agents. This means the recipient can immediately send a Whatsapp to check the legitimacy of the email, and its digital signature. They’ve also added a scrolling ‘flag’ beneath the digital signature with tips on how to avoid becoming victims of cybercriminals.
Van der Merwe makes the following two recommendations how small and medium businesses can protect themselves:
- Practice good cyber hygiene. Always ensure that your devices are updated with the latest patches, use always up-to-date anti-malware software and turn on multi-factor authentication on all and especially online services.
- Secondly, invest in user awareness training – sometimes referred to as organisation cyber resilience training – to help users spot suspicious emails, not click on untrusted links or open untrusted files and understand other social-engineering attacks.
Going forward Interpol reckons it highly likely that cybercrime will increase. Cybercriminals will continue to hone their skills in hacking to take advantage of the vulnerabilities related to remote working and online transfers of large sums of money. They warn online users to be particularly aware of coronavirus-themed online scams, phishing campaigns and business email compromise schemes.