Blog by Duwayne Lake, Operations Director of Veco™
Did you know that we offer a bespoke IT systems service for Estate and Letting Agents in and around the M25? We support a number of existing Veco users and also Agents who use other CRM Software. Because we specialise in the agency sector, we know the specific challenges agents find in their day-to-day operations.
The Guild of Property Professionals recently issued a stark warning to estate agents that ‘more and more’ reports are being filed about cyber-attacks on agents themselves and firms in general that work with sales and lettings agents.
The Guild’s warning comes after a major cyber security incident at the Simplify Group of conveyancing firms at the end of 2021, leaving some customers unable to exchange, complete or move home. There remains unaddressed concerns about the safety of customers’ personal data, as many had given over bank details, addresses and copies of driving licences or passports in order to buy or sell their homes. Fraudsters can use this information to make applications for credit in customers’ names.
We have heard horror stories of tenants paying deposits to what they thought were agents, after receiving an invoice that looked to have come from a legitimate email account, but featured the fraudster’s bank details, rather than the agent’s. Another common ruse is where a staff member in the accounts department will be emailed by what looks like the Managing Director, Finance Director or other senior staff asking for ‘immediate payment’ to a bank account for work purposes, but it is of course the hacker spoofing the email addresses after finding them online and receiving the money to their own bank.
Agents need to be extra vigilant and ensure they have educated their staff on the risks and have implemented the measures that will boost their protection. Below are some ways in which agents can increase their protection from cyber crime:
Passwords & Updates
Always use strong passwords for everything, including PC access & email accounts and always use two factor authentication (2FA/MFA) where possible. Any mobiles that contain work related data should have passcodes/pattern locks or biometric locks enabled. Keep all software and operating systems, firmware and firewalls up to date.
If giving suppliers access to your servers, ensure the connections are secure. As a minimum, don’t leave any access wide open to the public internet and use methods such as restricting access by IP address, but preferably using more secure connection methods such as VPN’s. The same applies for remote workers.
Educate staff to be aware of and alert to ‘phishing’ emails. They often come from a known contact where their email account has been breached and accessed by hackers and scammers, who will send an online link to a document asking you to enter your email address and password to ‘login’, but is in reality just sending these details onto the hackers.
Public Email Addresses
Try and avoid making company email addresses publicly available, particularly individual and senior staff email addresses. Hackers will find these on your website, or other publicly available site and then spoof the email addresses as per the example above.
If you have any concerns about your IT security and would like a no obligation consultancy session with one of our cyber security experts, please email email@example.com or call 01372 389 250.