Experts in the Media

Ches Rafferty – Real Estate Business

CEO of Scantek Solutions

Property sector must be on the alert for increasing cyber threats.

When the private details of millions of Optus and Medibank customers were stolen in two brazen cyber hacks last year, Australian businesses, including the property sector, were well and truly put on notice that criminal hackers had Australia in their sights.

The cyber criminals responsible for those hacks then attempted to extract ransom payments from the companies and eventually the data was offered for sale on the dark web.

The dark web is awash with personal data illegally obtained from companies, government agencies and personal accounts. It’s a veritable Aladdin’s cave for scammers and crooks with stolen usernames, passwords, credit card numbers, driver’s licenses, medical records and passports, all on offer.

So, what are the implications of the Optus and Medibank hacks for the property sector? First up, these recent high-profile events should have raised alert levels for everyone in the industry.

Late last year, the Australian Cyber Security Centre (ACSC) warned of an increasing risk of scams in the real estate industry, with payment redirection scams becoming more common, resulting in almost $2.7 million being stolen in the first half of 2022, which compared to the previous year, was a 124 per cent increase. That amount is a small change when you consider that it’s estimated Australians lost up to $4 billion to scammers in 2022, but given the high value of property transactions, the sector is likely to come under continued attacks.

The property sector needs to collect a substantial amount of personal information from clients and like all sectors that collect personal data, there is a responsibility to maintain their clients’ data safely and securely. Commonly collected information like bank account details, phone numbers, addresses and email details, driver’s licenses, passports, birth certificates and Medicare cards are incredibly valuable to criminals, as they provide all the rich details needed to undertake a complete identity theft and/or takeover. Ensuring that individual businesses have a robust framework of data security in place and are using industry best practices to secure any data they have collected and stored must be a priority.

The sector has improved its verification of identity (VOI) processes with most states now having stricter practices aimed at limiting the opportunity for land title fraud due to identity theft. While these regulatory changes have greatly reduced incidences of fraudsters stealing or faking an owner’s identity and then successfully selling their property, it has added another layer of administrative processes and costs to buying, selling and renting property.

Manual verification is still used by a proportion of the industry, and while the process is rigorous as fraudsters have become more sophisticated, visual verification of documents is no guarantee of their authenticity or that the person that’s presenting them is who they say they are.

There are digital platforms and apps that remove any of the guesswork, or human error in the verification process. Often, these platforms will use AI technology, and complete verification of documents and IDs via the Australian government’s document verification service (DVS). This process can take seconds, rather than hours or days, which is the case for manual ID services like the Australia Post VOI check.

Make no mistake, this year, cyber criminals will be redoubling their efforts to target vulnerable businesses and sectors in Australia, as they’ve recognised our investment in IT security, and overall; cyber security awareness is much lower here than in Europe or North America. And while the federal government is pouring significant resources into fighting this scourge, in the end, it’s up to each business to make their systems, and their customers’ data, as safe as possible.

 

 

https://www.realestatebusiness.com.au/tech/25180-property-sector-must-be-on-the-alert-for-increasing-cyberthreats