CYBERCRIME PREVENTION GUIDE
Frequently Asked Questions
What is Cybercrime?
Cybercrime or computer-oriented crime, is a crime in which a computer is the object of the crime (hacking, phishing, spamming). Cybercriminals may use computer technology to access personal information, business trade secrets or use the internet for exploitative or malicious purposes. Criminals can also use computers for communication and document or data storage. Criminals who perform these illegal activities are often referred to as hackers.
Todays, Cybercrime is considered as a major international threat to global market, commerce and a real headache for banks, utilities firms, online retailers, etc., including their customers. Considering the large amounts of money involved, cybercriminals are very keen to target property transactions.
Is there a point during the buying, selling or letting process where I am particularly vulnerable to cybercrime?
It is generally the later stages of a transaction that involve the exchange of sensitive details and, as a rule of thumb, the later the stage, the more sensitive the information you will need to share, generally culminating with an electronic transfer of funds. Cybercriminals are aware of the timelines involved in buying and selling property or completing on a lease agreement and will ultimately be looking to intercept at the point that money is being transferred between parties. However, they could gain access to your email at any point during a transaction and then wait until funds are due to be transferred before trying to intercede, so it's best to remain alert throughout the entire process.
Should I be worried about cybercrime when just searching for properties online?
When simply searching on property sites, the opportunities for hackers are very limited, however, as soon as you start registering to receive details from websites and estate agents, you should be careful about how much information you share, especially if there is no pre-existing relationship with the firm that you're contacting. Remember to give just enough details for agents, surveyors or lenders to get in touch with you as required and understand your basic requirements. Do not give any bank details at this point.
When should I take conversations "off-line"?
Treat all communications via email, online forms or social media as potentially visible to hackers and fraudsters. If you want to talk about sensitive details including names, addresses, bank details etc, then it's probably best to pick up the phone or better still go into a branch where you can talk confidentially and there will be no electronic trail for criminals to expose or exploit.
What does a fraudulent email look like?
A fraudulent email will, at first glance, often look exactly the same as an email that you would expect to receive, complete with official-looking headers or footers, long chunks of small-print or compliance statements about FSA regulation etc. However, there are a few things that you should look out for:
- The sender's email address: What appears in the "from" line of an email may not be the sender's actual email address. To check the actual address the email is from, hover over the "reply to" address with your mouse and the reply address should be shown. You could also start a reply to see where it will be sent to, but don't send it!
- The Urgent language: Fraudulent mail often deploys urgent language, with headings like "Important account update" or "transaction suspended". They may purport to be from a bank or building society warning you that your account has been compromised.
- The request: Fraudsters will generally need you to perform an action before they can access your details. Therefore, it is commonplace for fraudulent emails to include a link for you to click to "reset your password"; "update your details" or "check your account". NEVER CLICK a link in an email like this – your bank or solicitor will not send an email like this.
- Bad spelling and grammar: Although it happens more often than they'd like, emails from professional companies don't generally contain mistakes. Spelling errors, unusual or incorrect grammar, poor punctuation and missing/incorrect information should ring alarm bells.
If you are worried your email or bank account has been hacked, then log out of the email and open a new browser window to log into your account independently – better still pick up the phone.
What makes a cybercriminal or fraudulent email seem credible?
Some email scams are very sophisticated, and rely on using a few pieces of relevant information such as your name, address or financial details (many of which may be in the public domain) to win your confidence and to prevent your suspicion.
People are often targeted at random with mail claiming to be from a particular bank; don't be caught out if this guesswork just happens to be correct and you do hold an account with that particular bank. Likewise, if your email account has been hacked, a determined fraudster could contact you by email or phone purporting to be any party in the transaction to draw out information from you, trading on one or two bits of relevant information or pretending to be someone who is genuinely involved in the transaction.
How do I know whom to trust?
Is there any way that I can minimise risk when choosing which professionals to instruct?
Always check professional credentials when selecting who you will instruct to act on your behalf, and ask for personal recommendations or professional referrals if you don't have an agent, conveyancing solicitor or mortgage lender that you've used before.
If you don't recognise the name or acronym of a particular body or scheme, look them up. Many professional membership bodies will have listings or an online checker you can use to verify that your agent, lawyer, lender or surveyor really is accredited and hasn't been disbarred or suspended. Online review sites can offer a guide, but remember these can be open to abuse so don't take such recommendations as gospel.
Any other tips to help me prevent fraud?
What IT measures can help keep me safe?
What should I do if I suspect fraud?
If you suspect fraud, you should act as follow:
- Report it directly to the company using a name or contact that you know to be correct.
- If you think your account has been hacked then reset the password and delete non-essential correspondence, particularly from your "sent mail" folder.
- Most email providers allow you to report suspect emails as junk or "phishing" scams easily online, while banks and building societies typically have whole teams to defend against fraud and cybercrime and will likely have a dedicated phishing@ or spam@ email address where you can forward suspicious emails to have them checked out – check their website to find the exact address. It's much safer to incorrectly flag a genuine email as spam than trust a scammer and hand over sensitive information without verifying they are who they say they are.
- Ask questions about and pay attention to relevant information which you're given along the way about how to prevent fraud or identity theft. Estate agents, lawyers and financial organisations must all conform to stringent compliance legislation to this effect, which is designed to protect all parties involved.
Please note this is just a general guide to staying safe and secure online and in digital or phone communications during your property transaction. It is neither an exhaustive list of the sorts of techniques cyber criminals may use, nor a fail-safe defence against them. Remember, the best approach is always to build a trusted relationship with recognised and certified professionals, exercise caution and common sense throughout the process, and don't be afraid to ask questions and query why you're being asked to share information and with whom. If it doesn't sound quite right, then it probably isn't.