In today's digital age, the act of entrusting our personal information to websites and online platforms has become a routine yet profound decision, echoing the sentiments of taking a leap of faith.

It is a lot like taking a ride in an autonomous vehicle where you have to place your trust in the hands of technology as the driverless vehicle propels you towards your chosen destination. You can only hope that nothing goes wrong along the way and that all the bugs have been ironed out.

Similarly, the internet, born out of necessity and ingenuity, was not crafted with security as its primary focus. Instead, it emerged as a decentralised network, interconnecting various nodes without a centralised security infrastructure. This design relied heavily on the foundation of trust among its users, a concept that flourished in the internet's early days when it was primarily utilised by academics and researchers who shared familiarity and mutual respect.

But in today’s world, we must all acknowledge the existence of potential security threats. As the internet expanded its reach and evolved into a global platform connecting billions of users worldwide, maintaining trust and security has become increasingly challenging. The inherent openness of the internet, coupled with its distributed nature, posed significant challenges for implementing robust security measures.

Doors wide open

Despite the promises of secrecy and security of many service providers, falling victim to data breaches, which result in the exposure of personal details is now quite the norm. Such breaches not only shattered the trust of users but also laid bare some of the ineffective safety practices of organisations and companies, including insufficient security seals or worse, leaving the door literally open for anyone who is internet technology savvy.

A good analogy of this is taking a walk through a back alley and the door of a home is left open because the owner is unaware of it. This, unfortunately, is more common than initially thought.

Just taking into account the real estate industry, there are many cases where many individuals’ sensitive information like their identity card numbers, phone numbers, home and email addresses and even scanned images of their MyKad can be accessed, without even hacking into the data repository. All because the entry into the data repository is left open. This underscores a pervasive disregard for security in favour of rapid market penetration and cost-cutting measures, revealing systemic failures within the cybersecurity landscape of real estate stakeholders.

Wong Wing Keong, a cybersecurity practitioner, has been walking the back alleys, so to speak, to look for such unattended, forgotten and unprotected data which unscrupulous individuals might use and inform the owners to close those doors.

Among the cases he has come across involved the Tribunal for Homebuyers’ Claims (Tribunal Tuntutan Pembeli Rumah or TTPR for short) by the Housing and Local Government (KPKT) and several property developers who were registering interested buyers on their websites.

With just a few taps on the keyboard, personal information of potential buyers and claimants was revealed. This alarming scenario highlights the urgent need for comprehensive cybersecurity measures that prioritise user privacy and data protection.

On a brighter note, the TTPR server has since been taken down, effectively sealing off access to sensitive information. So Kudos to KPKT for taking proactive measures on their part.

A similar door-left-opened case involved Prasarana Malaysia Bhd’s concession offers as highlighted in Wong's Linkedin page. According to Wong, it appears that some of the sensitive information that was used in the applications was also stored in an online repository that allows public access. Thankfully, Prasarana has also tightened up its cybersecurity measures and removed confidential data from public exposure.

These are just a couple of examples of the vulnerabilities of information kept by property stakeholders but the issue is more widespread since such personal data is also kept by other organisations in private as well as public sectors, not just the property sector.

However, it must be noted that hacking is an entirely different issue, which is different to the above cases. Hackers are skilled individuals in information technology who achieve illegal cybersecurity breaches by non-standard means, known as hacking. It is the misuse of devices like computers, smartphones, tablets and networks to cause damage to or corrupt the data repository, gather information on users, steal data and documents or disrupt data-related activity.

On a wider scale

IBM Security, its annual Cost of a Data Breach Report, revealed that the average cost of a data breach in Asean countries, including Malaysia, surged to $3.05mil (RM14.42mil) in 2023. This figure represents an all-time high for the report and reflects a notable 6% increase compared to the previous year.

Two primary causes contribute to the persistence of cybersecurity vulnerabilities: The exploitation of known system vulnerabilities and social engineering tactics. Despite efforts to address these vulnerabilities through system updates, patches and employee training programmes, challenges persist, exacerbated by the rapid evolution of cyber threats and the increasing sophistication of malicious actors. Moreover, the economic incentives often prioritise speed to market and cost-saving measures over robust security protocols, further perpetuating the cycle of vulnerabilities and breaches.

The economics of cybersecurity reveal deep-rooted market failures, stemming from the internet's structure as a public good and the asymmetry of information regarding security measures. The lack of liability for system and platform owners, as well as data custodians and processors in the event of breaches further diminishes incentives for investing in robust security measures, leading to a vicious cycle of underinvestment and inadequate protection of user data.

Addressing these challenges demands a multifaceted approach involving collaboration among various stakeholders, including government agencies, private sector entities and civil society organisations. Enhanced security features tailored to user behaviour, sustained support for critical open-source initiatives and third-party evaluations of security standards can contribute to a more resilient digital environment. Governments also play a crucial role through legislation, mandates and enforcement mechanisms to ensure accountability and transparency in data protection.

While implementing these measures entails costs and resource allocation, the consequences of inaction are far-reaching, impacting not only affected individuals and organisations but also the broader digital trust and security ecosystem. Investing in cybersecurity is not merely a matter of mitigating risks but safeguarding fundamental aspects of privacy, trust and societal well-being in an increasingly interconnected world. As such, it is imperative that we prioritise cybersecurity as a fundamental pillar of our digital infrastructure and commit to building a safer and more secure online environment for all.

Circumventing property scams

Navigating the real estate landscape as a newcomer can often feel like diving into unknown waters, with tales of digital impersonations, vanishing deposits, and shadowy backdoor deals lurking beneath the surface. 

The rapid digitisation of commerce, accelerated by the global pandemic, has opened new avenues for enterprising organisations and companies to launch platforms for their services and the property sector is no exception. However, with the proliferation of online real estate businesses comes an increased risk of falling victim to fraudulent transactions.

Recent cases serve as poignant examples of how scammers exploit unsuspecting individuals. In these incidents, perpetrators convinced victims to pay a deposit to secure a home viewing appointment. Armed with unregistered identity cards, these fraudsters impersonated legitimate property agents, often providing doctored images of credentials to bolster their deception. 

Additionally, instances of scammers uploading fake property listings on reputable websites have become alarmingly common, leaving victims grappling with the realisation of being duped, often after it's too late to rectify the situation.

Scammers leverage technology and social media to easily target prospects, posing a significant challenge for both buyers and sellers who fall prey to unregistered estate agents or real estate negotiators.

Real estate transactions, laden with large sums of money changing hands, present lucrative opportunities for scammers. The usual modus operandi of scammers who create fraudulent online platforms to syphon funds from unsuspecting customers. Many transactions involve collecting deposits for property sales or rentals, with scammers often absconding with the funds, leaving buyers at a loss.

The Malaysian Institute of Estate Agents (MIEA) underscored the importance of engaging registered real estate agents to mitigate such risks. Unlike unregistered individuals, registered agents are bound by regulations to deposit all funds into accounts managed by their firms, under the client's name. This legal safeguard ensures that buyers are protected in the event of malpractice or fraud, significantly reducing the likelihood of exploitation.

In light of these challenges, prospective buyers and sellers are urged to exercise caution and due diligence when engaging in real estate transactions. Verifying the credentials of agents, conducting thorough background checks on properties, and seeking legal advice can help mitigate the risks associated with fraudulent activities. Additionally, raising awareness about the prevalence of real estate scams and promoting consumer education are essential steps towards fostering a safer and more transparent real estate market for all stakeholders.

Stay ahead of the crowd and enjoy fresh insights on real estate, property development, and lifestyle trends when you subscribe to our newsletter and follow us on social media.