Email sent to agents was "professional attempt at deception"

The HomeOwners Alliance says a hack on its IT infrastructure was “a professional attempt at deception” by people who uploaded 5,000 email addresses to the organisation’s system.

Yesterday several agents contacted Estate Agent Today to say they had received an email from the HOA address, which has many professional contacts with agents.

The email included an attachment described as an invoice. When one agent opened the attachment it tried to download a file on to the company’s system.

Angels Media, publisher of Estate Agent Today and other Today titles, also received this kind of email.

Now Paula Higgins, the chief executive, has explained that it was a deliberate attack on the organisation. Here is her statement:

Just after 11am this morning a spam email was sent from our account in our email newsletter distribution service Mailchimp.

We worked as quickly as possible to secure the Mailchimp account and alert users via email, Facebook and Twitter. That response asked our newsletter subscribers to ignore and delete the spam email. 

First of all we would like to say thank you to all our newsletter subscribers for being so understanding and supportive.

We are a small business and pride ourselves on putting our customers first so are horrified this has happened. We take the upmost care with people's data. Our Mailchimp database holds only newsletter subscriber's email addresses. No further personal information or bank details are held. And our member details are held in a separate system so are not affected.

Mailchimp is a reputable newsletter email distribution software with numerous security features which act to keep our newsletter list safe. We are still investigating but currently we know that the email sent was spam and included a link to a file which contains Windows based malware. 

It is unclear how spammers managed to gain access to our Mailchimp account at this time but we have immediately strengthened security around the account in response. 

This was a professional attempt at deception. The perpetrators uploaded over 5,000 email addresses who were not HomeOwners Alliance subscribers. 

Our newsletter list is a GDPR compliant list based on consent. 

So if you suspect you are one of those 5,000 because you are not one of our subscribers, you should review your own email account security. We have immediately deleted all 5,000 newly uploaded emails from our list.