Skip to main content
Sign in
Find an Agent
Store
REI Forms Live
News & Media
Create Account
Cart
Search
Toggle search
Keyword search
Toggle navigation
Keyword search
Social engineering scams – every business is at risk
2 November 2018
Australian businesses increasingly depend on computer networks and data to perform day-to-day functions, but as this dependency grows, the frequency and severity of network security incidents also rises.
Research from
Jardine Lloyd Thompson
(JLT) and
CFC Underwriting
(CFC), two global leaders in insurance, shows a prominent cause of substantial loss is through electronic funds transfer fraud, often conducted via social engineering scams.
What are social engineering scams?
Social engineering is deceiving or manipulating people into carrying out a particular act, for example transferring money, sharing confidential information or following a malicious link.
[1]
Proving it is a serious and evolving issue, funds transfer fraud was responsible for the loss of over $12.5 billion worldwide between October 2013 and May 2018.
[2]
Real estate has been identified as a growing target for funds transfer fraud, with an increase in cybercrime of 1100 per cent between 2015 and 2017.
[3]
Types of scams
Once confined only to the real world, the technological revolution has enabled social engineering scams to go digital.
These scams take many forms. One of the more common business scams is CEO fraud. This is when a scammer impersonates a CEO and instructs the finance department to make an urgent payment. This is usually achieved under the guise of paying an overdue bill to a supplier. Some scammers even monitor the CEO’s social media account and send the fraudulent email when they know the CEO is out of the office. This means the recipient cannot access the CEO easily and the transaction is more likely to be processed.
In May 2017, the Real Estate Institute of New South Wales (REINSW) reported a cyberattack that saw
$750,000 stolen from an agency trust account
. In July 2018, the industry body received a phone call from an agent who transferred funds to fraudulent bank detail. The information was sent to the agent from the same email address the vendor used throughout the campaign, but the email was not from the vendor.
Other scams include phishing of customers by impersonating an organisation and manipulating documents.
CFC reports a client was contacted by what they thought was their bank and told there was suspicious activity on their account. The client was asked to change their account details over the phone, enabling the scammers to access the accounts and steal $89,000.
In another case, scammers hacked a client’s computer system and changed the bank details on the invoices sent to customers. When customers paid their accounts, the money was sent to the scammers's bank account.
How can you minimise your risk?
While it’s hard to eliminate the risk of becoming a target for social engineering scams and other cybercrime, there are ways you can limit your vulnerability:
Implement call back procedures | Validate financial information with a simple phone call for every new payee account or account details change.
Establish multi-factor authentication on email accounts | If you use web-based email accounts, ensure you set up additional verification steps for external connections. This is usually a verification code sent via SMS.
Educate your team | Raising awareness among your team is one of the simplest ways to detect and avoid scams and cyberattacks.
Want more?
What happens when $750,000 is stolen from your trust account?
Find out
Have a question about this or any other issue?
Contact the REINSW Helpline
Want to keep up-to-date with industry news?
Become a member
[1] CFC Underwriting, (2018, September 21). Retrieved from https://www.cfcunderwriting.com/media/3176?topic=1
[2] Federal Bureau of Investigation, (2018, July 12). Retrieved from https://www.ic3.gov/media/2018/180712.aspx
[3] Ibid.
Share this page
Share on Facebook
Share on X (Twitter)
Share on LinkedIn
Email
More options
Bookmarks
Google+
MySpace
Reddit
StumbleUpon
Tumblr
Yammer
Related articles
Property managers must be vigilant when using RBO
(
7/03/2019
)
Phishing for funds
(
1/02/2019
)
REINSW calls for Parliamentary Inquiry into Fair Trading
(
22/11/2018
)
Social engineering scams – every business is at risk
(
2/11/2018
)
NSW Fair Trading Proof of Identity Checklist
(
20/09/2018
)
Do you know all of your member benefits?
You could be missing out.
View all member benefits
{1}
##LOC[OK]##
{1}
##LOC[OK]##
##LOC[Cancel]##
{1}
##LOC[OK]##
##LOC[Cancel]##