A mortgage aggregation firm has encouraged its members to review their cyber security posture amid a rise in criminal activity.
Cyber criminals have increasingly been targeting brokers, leaving many exposed to risk and not realising the threat until it is too late, Connective has warned.
Connective group counsel Daniel Oh noted that the industry has become aware of incidents where attackers were able to impersonate brokers over email, leading to either a lender or that broker’s client depositing money into the attacker’s account rather than the correct account.
This ultimately resulted in the loss of the client’s funds, he said.
The WA government issued a warning about similar scams targeting home buyers earlier this year, following reports of prospective home buyers irretrievably losing hundreds of thousands of dollars after being misled by hackers posing as settlement agents.
“Attacks like these can lead to many serious consequences, like theft of funds and exposure of private and confidential client identity and financial data,” Oh said.
“This is why brokers need to arm themselves with all the tools available to avoid a worst-case scenario.
“Brokers have been incredibly resilient and adaptable in recent times managing significant change.
“Whether it be increased compliance with best interests duty, accelerated digital transformation, or managing ongoing lockdowns, brokers have responded well – but we are seeing evidence that proactively managing cybersecurity risk has either dropped down the list of priorities, or is not even on the radar for some brokers amongst so much other change.”
He highlighted that Connective has introduced a training program for its members to raise awareness and understanding of the different threats. It covers topics such as identifying an attacker and their techniques, and methods on how brokers could protect their business against cyber criminals.
Increasing attacks in the finance space
Threats to cyber security have been under the microscope in the recent past, with two separate research reports highlighting that the financial services sector is continuing to be targeted by malicious cyber attacks, highlighting the need for vigilance and increased cyber security.
The financial services sector had the second-highest number of data breaches between January and July and has seen a rise in malicious attacks, the reports said.
Meanwhile, a report based on the Australian Transaction Reports and Analysis Centre’s (AUSTRAC) assessment of the non-bank lending and financing sector’s risk of money laundering and terrorism financing found that loan application and identity fraud are the main threats to non-banks.
AUSTRAC said that the non-bank lending and financing sector has increasingly moved to online delivery channels, which has exposed it to “cyber-enabled fraud, including fraudulent online loan applications and attempts to obtain loans using stolen or fraudulent identities”.
One method of protection encouraged by the Australian Cyber Security Centre is for businesses to introduce a system that requires at least two proofs of identity in order to grant access, also known as multifactor authentication.