Organized crime gangs are suspecting of stealing more than £10 million (roughly $14,559,776) after targeting home buyers and sellers and hacking into their email accounts.
People both buying and selling homes are vulnerable to a newer method of fraud, which involves attackers breaking into targets emails and tricking the interested buyers to send the funds to the hackers bank account. The payout is huge, with 91 more people reportedly falling victim to the cybercrime since it began.
According to the Telegraph, the average payout per scheme is a massive £112,000 (roughly $163,069). Of the nearly 100 people who reported falling victim to the massive financial fraud, they have sent the hackers a combining total of £10 million.
Here is a breakdown of how the scam works:
- First, hackers must gain access to the email accounts being used for communication between the real-estate agent and buyer or seller.
- Hackers monitors the mailbox, waiting for when the sale is in its finalizing stages and nearing completion.
- If the buyer is the target, the hacker will send an email posing as the real-estate agent stating that the deal has been finalized. The hacker will send a fake email saying the agent’s banking information has changed, and provides a new set of bank details for the buyers to send the funds to.
- If a seller is targeted, the hacker will send emails posing as the agent or lawyers involved pretending to be the seller, again sending an email stating their bank details have changed, sending over the hackers bank numbers.
- If all goes as planned and the fraud goes undetected, the hacker/s just got a few hundred thousand dollars richer.
This isn’t the first time hackers have abused a similar home buying and selling scam. Just last year a couple sent £340,000 right into a hackers bank account for the sale of their London flat. Fraudsters had gotten the couple to do so by hacking into the firm the couple were working with and sending an email to the law firm, again posing as the vendors, stating they wanted the money transferred to a different account number.
Following the massive fraud, the London couple who sold their home last year had lost nearly £50,000 out of pocket after their lawyers emails had been hacked. Just two days before the set completion date the couple’s law firm had emailed them requesting their bank details for the payment to be sent.
The couple replied to the firm, however the hackers were quick to work, intercepting the mail and then sending the law firm another email telling them to transfer the amass of funds to another bank number. A few days after the fraud was uncovered, the account was frozen and £271,000 was returned to the sellers account, still leaving them £62,000 out of pocket. An additional £13,500 was later recovered from another account.
Following the crime, the law firm in question said they did not believe they were at fault and that the couple would suffer the £48,500 loss. However after filing numerous complaints, which the company continuously denied, the law firm’s insurer paid out the couples existing lost funds.
Others have not been so lucky, when another English couple were left £25,000 out of pocket due to the fraud.
Who is behind this fraud? According to police, searches for the hacker gangs are coming up empty but they suspect “crime syndicates abroad.” According to data released by the National Fraud Intelligence Bureau just last October, victims began reporting up to two fraud incidents every week, making an average of £250,000 a week.
“We are getting more and more instances of this,” said Steve Proffitt, deputy head of Action Fraud. “The outcome for the fraudster is tremendous. They can earn £1m on the sale of a house in the south-east.”
Though police have little data to no data on what exactly is going on, they believe attackers are infecting victims machines with malware, which gives the hackers the initial chance to get front line access to their mailbox and process of the home sale.
There is little home buyers and sellers can do to protect themselves, though mitigation techniques such as enabling two-factor authentication on email and other sensitive accounts is recommended. Another thing is to double-check any changes made last minute, alerting all parties and receiving multiple forms of confirmation before sending any funds.
While hackers are cashing out on millions from a simple scam, authorities around the world are left completely clueless!