Aggregator cautions on the growing risk of phishing after broker email accounts were compromised
Cyber attacks have greatly increased in prevalence during the pandemic – particularly during periods of working from home, according to Connective group legal counsel Daniel Oh. Speaking to MPA, he said the clients of brokers are being scammed out of large sums of money due to “man in the middle attacks” – a phenomenon whereby a hacker gains access to a victim’s email account and tricks their contacts into thinking they are requesting a funds transfer.
“Basically, you’ve got a hacker living rent free in a broker’s inbox, trawling through all the folders, the personal documents a customer has sent to that broker, their ID, their bank statements, etc,” he said. “They’re really clever because they’re covering their trail – they’ll delete sent items from the sent inbox, they’ll have rules to send things to the junk box so the person who has been hacked doesn’t know they’re living in their rent free, until bang, something happens and money goes missing.”
He said while this sort of attack is prevalent across the world in multiple industries, brokers and their clients are particularly at risk because of the personal information and large sums of money involved in property transactions.
“Because brokers collect all this personal, sensitive financial information and often they just store it in their Outlook folders,” he said. “It’s just there for someone to sit there, observe, collate and god knows what they’re doing with it until they strike.”
Connective general manager of technology Jon Meadows said the man in the middle type of attack followed a cookie cutter approach.
“We’ve seen numerous examples and they all follow the same path,” he said. “A broker’s email has become compromised. The hacker lives in there for an amount of time and spots an opportunity such as a settlement happening or a progress payment for a construction loan. They’ll look to defraud either the client or the bank.
“During the exchange of those funds, the hacker will jump in and grab the last names in the middle of that transaction and say, can you move the funds to these accounts instead? We’ve seen examples of the client asking, are you sure this is correct to the hacker, who is digitally read as the broker, and they have grabbed hold of copies of back-channel messages from banks that are stored in the broker’s inbox from months ago and they have then altered those back-channel messages to prove that they should put money into that account.
“The hacker places himself in the middle. Every email the hacker sends on behalf of the broker is deleted through the rules and every response that that client then sends is forwarded on usually to a temporary account.”
Not only does this cause stress and mental anguish for the client who has been tricked into parting with their money, it also causes stress for the broker, who has worked hard to build trust throughout the transaction.
Meadows said in order to avoid phishing attacks that lead to the broker being defrauded, multi-factor authentication should be set up on both the broker’s email account and on all digital devices being used.
“Multi-factor authentication works on the principle of something known and something owned,” he said. “Something known is your username and password, and what you own has to be in your physical presence at that moment in time to prove it’s you that’s logging in. There cannot be a man in the middle attack if you have multi-factor authentication set up. It reduces the chances by close to 100%.”
Oh said brokers should be especially careful when it comes to storing client information and advised brokers to use their aggregator’s CRM rather than their Outlook or Gmail account. Connective has invested heavily in the security of its Mercury platform, he added.
“Think about where you are storing this personal information, think about the security,” he said. “Should you be receiving your customer’s personal information on a Gmail account and just leaving it there?”
He also advised brokers to check whether they are covered for cyber attacks as part of their professional indemnity insurance.