Edinburgh tenants have reported a spate of ‘fake flat’ scams on property websites like Zoopla after estate agents were 'hacked' and fake listings posted.
In an interview with teacher Elly Darragh last week Edinburgh Live revealed how scammers have been posting fake listings on property portal Zoopla using the accounts of legitimate estate agents.
Elly said she was nearly stung for hundreds of pounds after falling for a bogus advert for a deluxe flat on Edinburgh’s Lindsay Road, listed by an Aberdeen estate agent.
After we published Elly's story a number of readers said they had seen identical scam listings posted on Zoopla and other property portals, from the same estate agent as well as others.
Now Edinburgh Live has learned that estate agents have been hacked, with scammers stealing their credentials in a phishing attack and using them to post scam listings on Zoopla.
We spoke to Aberdeen estate agents PMC Management and Letting whose Zoopla account had posted several scam listings last week.
A spokeswoman from PMC said they discovered a scammer had posted 10 bogus Zoopla listings under their name in Edinburgh, Glasgow and Dundee and reported it on Friday.
Speaking on Monday, she said: “Lettingweb called this morning and said there was a problem in the feed between them and Zoopla.”
Lettingweb.com is a service used by estate agents that puts their property adverts across multiple property portal websites like Zoopla, Prime Location and Trovit all at the same time.
All three businesses – Zoopla, PMC and Lettingweb – agree there has been a data breach.
But Zoopla denied that they had suffered any breach themselves, saying: "We're aware that fraudsters are targeting agents with phishing emails. They do this in an effort to get agents to share their login details so they can then upload properties. We work hard to prevent this and regularly share with agents advice on how to keep their businesses secure."
Meanwhile a spokesman from Lettingweb said, "After analysing our own logs we can confirm that no breach had occurred from our side and that the letting agent username and password was used to access the account and post properties legitimately through the platform."
"It is evident that online scammers are targeting letting agents with phishing emails posing as portals and other suppliers in an attempt to obtain their login details."
Other estate agents in the capital told Edinburgh Live they had been sent fake emails claiming to be from Zoopla, in an attempt to harvest their login info.
While it is unclear how many agents have fallen for the phishing scam, it is customers using their platforms who risk shelling out hundreds of pounds on deposits for flats that don't exist - and it seems unlikely the problem will be resolved while none the businesses involved will admit they have made any mistake.
