Why PBSA sector can’t afford to ignore growing risk of cyber fraud

There’s a stark reality anyone working in the sector must now be alive to, and that’s the fact it is increasingly attracting cyber-criminals. 

Cyber fraud in PBSA sector | PBSA News
Image credit: Corstorphine & Wright.

The student property sector has embraced technology and the enormous benefits that it can bring. Never was this more accurately demonstrated than during the pandemic, where technology helped ensure the sector – and the wider housing market not survive – but thrive.

By Roy Shelton, CEO of the Connectus Group and an expert in delivering cyber-security solutions

But there’s a stark reality anyone working in the sector must now be alive to, and that’s the fact it is increasingly attracting cyber-criminals. And they are all determined to tap into the enormous sums of money that flow through businesses on a daily basis.

Cybersecurity has never been more important for student housing teams and educational institutions, especially regarding payment data. In the United States, losses due to cybercrime surpassed $12.5bn last year, a 22% increase from 2022.

Be prepared

Although awareness around cyber fraud is growing I am still astonished at how ill-prepared many businesses are in this sector.

Recently, information and intelligence shared by Bournemouth University and other UK universities, highlighted a phone scam. It targets new university students who live in student accommodation. 

Cybercriminals are cold calling new students who live in student accommodation trying to trick them into making fake accommodation fee payments over the phone. This scam includes requesting payments for outstanding accommodation fees and/or requesting personal and financial details to refund overpaid fees.

If you receive a call of this type, remember do not provide any personal or financial details regarding accommodation fee payments.

Cyber criminals

If you are unsure if the call is legitimate, advise the caller that you would like to check the details with someone in person, hang up the phone and call back on the official (advertised) accommodation provider’s telephone number.  

These types of scams are called Vishing and are a form of phishing which takes place over the phone or via voice messages.

To make their scams more realistic, cybercriminals are using specific times in the academic calendar to target students to steal financial and personal information.

The use of AI will also inevitably make cybercrime more commonplace and dangerous over the next few years. So the risks facing the sector couldn’t be more obvious. 

But how to address them?

Five main areas

There are five main areas I believe the property sector needs to be most alert to in this area.

Phishing. This is the number one cyber-security issue facing all businesses in the sector. The clue’s in the name and is a form of fraud which sees a criminal dangle bait.

The huge amount of communications and transactions which occur on a daily basis in the student property market mean staff are stretched and can easily and naively click on a harmful link and expose their businesses to risks.

The risks predominantly come from time pressures so make sure your team has breathing space to allow them to think, not rush.

Phone scams known as vishing (voice phishing) are on the rise in the property sector too. This sees scammers use ‘Social Engineering’ techniques to get hold of your information by phone or use fake text messages containing links designed to persuade victims to share personal information. 

Account take on: The increasing sophistication of deepfakes and AI poses a new risk. Voice recognition and language models which can replicate written styles make it very difficult to spot the real from the fake. The best way to avoid deepfakes is to be extremely cautious about what information you share online. Without that crib of information to work from, you’ll be harder to fake. 

Social engineering

Social engineering: These are attacks which manipulate people into sharing information they should not share. This leads to sending money to criminals or downloading malware. It has really stepped up in sophistication since the pandemic and what is fast emerging is not just the trickster trying to obtain sensitive information by deception. There have also been physical threats against staff in order to gain access to systems and make payments to unauthorised third parties. Attackers take advantage of human flaws, so invest in your people to keep your business safe.

Lack of budget: An ounce of prevention is better than a pound of cure and that’s never been truer than in cyber security. Budgets are getting squeezed across businesses but slashing money from measures which prevent you from being a victim of a crime, and risking costly fines and negative publicity, is a mistake. I see it across all sectors including in property. The fact is this: the average ransom payment for a breach, and lost revenue, is going to be greater. 

Lack of training: As companies battle to keep costs and headcount low, investment in training is currently taking a hit. This means a diminished ability to prevent breaches and a huge lack of ability to respond to a breach when it occurs.

Professional development

I’d advise businesses to treat cyber security training like any other kind of essential workplace training or professional development. And don’t be afraid to boast to customers about the investment you make in this area. They may well thank you if you help them avoid falling victim to cyber crime themselves during the completion of a property transaction. The well-known Friday-afternoon fraud has claimed too many victims over the years. Don’t let your customers be the next ones to be left counting the cost of falling victim.