Posted 2 February 2016 by Keith Osborne
We speak to Richard Davies, executive director and head of residential at Chestertons about how to guard against cyber-crime during a property transaction
Is there a point during the buying, selling or letting process that is particularly vulnerable to cyber-crime?
It is generally at the later stages of a transaction that involve the exchange of sensitive details culminating with an electronic transfer of funds. However, cyber-criminals are aware of the timelines so it’s best to remain alert throughout the entire process.
Should I be worried about cybercrime when searching for properties online?
It’s unlikely, however, as soon as you start registering to receive details from websites and estate agents, you should be careful. Give just enough details for companies to get in touch with you as required. Do not give any bank details at this point.
When should I take conversations “off-line”?
Treat all communications via email, online forms or social media as potentially visible to hackers and fraudsters. If you want to give sensitive details including names, addresses, bank details, etc, then it’s probably best to pick up the phone or go into a branch so there will be no electronic trail.
What does a fraudulent email look like?
It will look exactly the same as an email that you would expect to receive, complete with official-looking headers or footers, long chunks of small-print or compliance statements about FSA regulation, etc. Check the actual address the email is from by hovering over the “reply to” address with your mouse.
Be aware of “urgent” headings like “Important account update” or “transaction suspended”. NEVER click a link asking you to “reset your password”; “update your details” or “check your account”; your bank or solicitor will not send an email like this.
Spelling errors, unusual or incorrect grammar, poor punctuation and missing/incorrect information should ring alarm bells. If you are worried your email or bank account has been hacked, log out of the email and open a new browser window to log into your account independently. Better still pick up the phone.
What makes a cybercriminal or fraudulent email seem credible?
Some email scams are very sophisticated and rely on using a few pieces of relevant information such as your name, address or financial details (many of which may be in the public domain) to win your confidence and to prevent your suspicion.
How do I know who to trust?
Get to know the names of everyone involved in your transaction and preferably meet them in person and at their place of work. If someone calls or emails on behalf of your solicitor, bank, estate agent or surveyor, don’t inadvertently give away relevant information, such as the name of the person you have dealt. Don’t reply to emails you don’t recognise; contact the relevant person or firm to verify they are trying to get in touch.
How can I minimise risk when choosing which professionals to instruct?
Always check professional credentials and ask for personal recommendations. Many professional membership bodies will have listings or an online checker you can use to verify that your agent, lawyer, lender or surveyor really is accredited and hasn’t been disbarred or suspended.
What IT measures can help keep me safe?
Change passwords regularly and don’t use the same log-in details across multiple accounts. Use a strong password with a mixture of letters, cases, numbers and special characters. Never share them or write them down, and be careful who you copy in to your emails as you are potentially widening the exposure if yours or their email account is compromised.
Treat a property sale as a confidential business transaction never share relevant or sensitive data – including addresses and exchange dates via social media. A reputable business they should have their own dedicated and secure mail server such as firstname.lastname@example.org webmail address not @gmail.com or @yahoo.co.uk – if not, ask why not!
What should I do if I suspect fraud?
Report it directly to the company using a name or contact that you know to be correct. If you think your account has been hacked, reset the password and delete non-essential correspondence, particularly from your “sent mail” folder.
Most email providers allow you to report suspect emails as junk or “phishing” scams easily online, check their website to find the exact address. If it doesn’t sound quite right, then it probably isn’t.