top of page

Cybercrime in Lettings: The Most Common Scams and How to Stop Them

  • 19 hours ago
  • 4 min read
cybersecurity in lettings

Letting agents handle large payments, sensitive documents and time-pressured transactions. That makes you a prime target for cybercriminals. Most attacks are not clever hacks; they are scams that rely on urgency and distraction. This article explains the common forms of cybercrime in lettings and how to prevent them. 


Here are the scams you will see most often, plus practical ways to stop them.


1) Invoice and bank detail change scams


How it works


A criminal pretends to be a landlord, contractor or colleague and asks you to change bank details for certain payments. They may use a lookalike email address or a hacked mailbox. They push the urgency of the situation: “New account today or the job cannot start.”


How to stop it


  • Use a strict call back rule: confirm any bank change by phone using a number you already hold on file

  • Never accept bank changes by email or WhatsApp alone

  • Require two person approval for setting up or changing payees

  • Record who approved the change and when


2) Business email compromise


How it works


A criminal gets access to a staff email account, then watches their conversations. They learn how you talk and who pays what and when. They strike at the right moment with a fake instruction or fake attachment.


How to stop it


  • Turn on multi-factor authentication for every mailbox and system

  • Use strong unique passwords and a password manager

  • Set up alerts for new forwarding rules and suspicious logins

  • Train staff to treat last minute payment requests as a red flag


3) Phishing


How it works


You get an email or text that looks real. It might claim to be from Microsoft, your bank, your CRM provider or a portal like Rightmove. It asks you to log in, open a file or confirm sensitive details. The link steals your password or installs malware.


How to stop it


  • Teach staff to check the sender address, not just the display name

  • Avoid clicking links in unexpected emails, go to the site directly instead

  • Report suspicious emails and block the sender

  • Run short monthly refresher training and simple phishing tests


4) WhatsApp and text message traps


How it works


A criminal messages, pretending to be the director or a landlord. They ask for urgent help, often a bank change or a payment. It feels informal, so people sometimes skip the usual checks.


How to stop it


5) Fake tenant identity and document fraud


How it works


A criminal uses stolen ID or edited documents to pass referencing, then aims to secure keys to a property quickly. Sometimes they sublet illegally, use it for criminal activity or disappear leaving arrears.


How to stop it


  • Use proper ID verification tools, not just visual checks

  • Check documents for consistency across name, address, dates and fonts

  • Verify employers and landlords using independent contact details, not the ones supplied on the form

  • Be cautious with applicants who refuse video calls or want to rush to move in


6) Deposit and payment diversion scams


How it works


A criminal poses as the agent and sends a tenant fake payment details. The tenant pays the deposit or rent to the wrong account. This often happens when listings appear on multiple sites or when emails have been intercepted.


How to stop it


  • Put a clear warning in every email: “We will never change bank details by email”

  • Create a secure portal to process tenant payments, where possible

  • Ask tenants to confirm account details by phone before paying large sums


A simple security checklist for lettings teams


You can cut most risk with these basics:


  • Multi-factor authentication on email, banking and property systems

  • Two person approval for any payment or bank detail change

  • Call backs for bank changes using known numbers

  • Secure document sharing, not email attachments for passports and payslips

  • Staff training every quarter, plus short monthly reminders

  • Regular updates and tested backups

  • A clear incident plan so staff know who to tell and what to do


What to do if you think you have been hit


  • Freeze payments and contact your bank straight away

  • Change passwords and lock accounts

  • Preserve evidence, do not delete emails

  • Inform your IT support and insurer

  • Consider reporting to Report Fraud on 0300 123 2040

  • If personal data is involved, assess whether you must report to the ICO within 72 hours


Reduce cybercrime in lettings


Cybercrime in lettings is mostly about process, not technology. If you build strong habits around payments, identity checks and email security, you will stop most scams before they start. Your team will work with more confidence, and your landlords and tenants will trust you more too.


When you outsource your property management to Executive Property Management Solutions, you can rest assured that we run administrative tasks, compliance processes, tenant checks and rent collection with secure systems that keep you, your landlords and your tenants safe. Contact us today

Comments

Featured Posts
Recent Posts
Archive
Search By Tags
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page