Consumers often at mercy of businesses’ weak cyber security

WATCH ABOVE: A Cambridge home buyer who bought in to a cyber scam had no idea she was being targeted. As Sean O’Shea reports, an expert says businesses have to harden their cyber security efforts. 

TORONTO–An Ottawa-area cyber security expert says many businesses fall short when protecting their emails, leaving their customers at risk.

“If people knew how much risk they take on a daily basis…I think would make changes, and these changes are necessary,” said Patrick Malcolm, a cyber security expert near Ottawa.

Last week, Global News reported on a cyber crime involving 22-year-old Kaitlyn DiMarco, who purchased her first home in Cambridge, Ontario. After buying the house, the property and paying a deposit, she received an email from her Re/Max Twin City Realty agent, Tina Goldrick.

The email sought an extra $10,000, purportedly for title insurance on the property. Believing the email to be genuine, since she had been communicating with the agent through Goldrick’s Gmail address, DiMarco sent the money.

“No second thoughts,” said DiMarco, “it was from her,” she said reflecting on the wire transfer. But the email solicitation didn’t come from Goldrick (who says she told DiMarco earlier that the next financial milestone would be closing) it was engineered by a cyber scammer, who had taken over Goldrick’s account.

“To be honest, I said we’ve been screwed,” said Linda DiMarco, Kaitlyn’s mother, thinking back to the moment she found out her daughter had been scammed.

Re/Max told Global News this is the first scam of its kind reported in the company’s network. It intends to help its brokers and agents with additional security measures, although it has not yet communicated what those are.

The Re/Max Twin City Realty brokerage reconstructed and security-hardened its website after the fraud was reported and Tina Goldrick, who is an agent with the brokerage, hired a consultant to improve security.

“The real estate agent in question did not have multi-factor authentication installed,” said Malcolm, referring to the breach. “As a result they only had a simple password to protect their account. And that is always the weakest method.”