Real estate agency loses $50k in social engineering attack

By on
Real estate agency loses $50k in social engineering attack

Malicious link gives access to attackers.

Criminals stole $50,000 from a local real estate agency after one of its employees was duped by social engineering.

Attackers gained access to the online banking system of Broome-based Hutchinson Real Estate in February, WA Consumer Protection revealed.

They likely made their way into the company's network after an employee clicked on a malicious link on Facebook or one located in a phishing message in their web-based email, a company spokesperson told Real Estate Business.

Once there, hackers managed to change the bank account details of one of the company's clients which were located on a “pre-entered list” of recipients that normally receive scheduled payments.

After doing so the attackers were able to direct three of the payments to a different bank account. The bank details were later changed back to the original address to avoid fraud detection.

The agency was advised to take a "zero tolerance policy" to Facebook and web-based emails being used within the office, and to lock down anything web-based including remote devices and mobile phones. The agency was reportedly reimbursed for the attack.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?