Criminals stole $50,000 from a local real estate agency after one of its employees was duped by social engineering.
Attackers gained access to the online banking system of Broome-based Hutchinson Real Estate in February, WA Consumer Protection revealed.
They likely made their way into the company's network after an employee clicked on a malicious link on Facebook or one located in a phishing message in their web-based email, a company spokesperson told Real Estate Business.
Once there, hackers managed to change the bank account details of one of the company's clients which were located on a “pre-entered list” of recipients that normally receive scheduled payments.
After doing so the attackers were able to direct three of the payments to a different bank account. The bank details were later changed back to the original address to avoid fraud detection.
The agency was advised to take a "zero tolerance policy" to Facebook and web-based emails being used within the office, and to lock down anything web-based including remote devices and mobile phones. The agency was reportedly reimbursed for the attack.
