It might seem like a straightforward task, but sending the wrong bank details to a landlord or tenant — or having those details intercepted or tampered with — could cost your agency thousands of pounds.
Email is still the most common way agents communicate with tenants, landlords, and contractors. But sharing sensitive information like bank account details via email carries significant risks. Cybercriminals increasingly target these systems to steal data, carry out phishing scams or even alter payment instructions. So it’s essential that everyone in your team understands how to handle this type of information securely — not just IT managers or senior staff.
Here are some clear, practical tips that everyone in a lettings office can follow to reduce the risks when sharing bank details.
- Understand the Risks
Before you send any bank details, stop and think about what could go wrong:
- Emails can be intercepted if they’re not encrypted. Think of an unencrypted email like a postcard — it can be read while in transit.
- Fraudsters can impersonate colleagues or tenants, asking for bank details or trying to redirect payments.
- Your inbox could be compromised, especially if your email password is weak or reused.
These risks apply to every inbox — whether you’re the owner, office manager or a junior negotiator — so take precautions every time.
- Never Type Bank Details Directly Into the Email
Typing bank details into the body of an email is the least secure option. Here are safer alternatives:
- Is a Screenshot Safer Than Typing the Details?
A screenshot can be slightly safer than typed text, as it’s harder for email-scanning bots or malware to read. But if the email is intercepted, the image is still accessible — so it’s not a fully secure method. Treat it as slightly better than plain text, but still with caution.
- Use a Password-Protected Attachment
Create a PDF or Word document with the bank details and protect it with a strong password. Send the document via email, but never send the password in the same message— share it separately by phone, text, or a messaging app.
- Use a Secure File-Sharing Service
Services like Dropbox, OneDrive or Google Drive let you upload files and share them securely. You can set expiry dates, view-only permissions, or password-protect access. Again, send any password separately.
- Use Property Software with Secure Logins
If you use property management software, it may allow tenants to log in to a secure portal where they can view payment details safely. Make sure the software provider monitors any changes to bank details so you have an audit trail.
- Use Encrypted Messaging Services
Tools like Microsoft Teams or Signal offer encrypted messaging and are far safer for sharing sensitive info than regular email or text.
- What About WhatsApp?
Many letting agents use WhatsApp daily — often on personal mobiles, company devices, or even shared office phones.
The good news is that WhatsApp is end-to-end encrypted, meaning messages can only be read by you and the recipient. That makes it far more secure than email for sending sensitive details — if you’re sending them to a verified contact.
However, there are still important points to consider:
- WhatsApp doesn’t automatically create a central record like email or property software, which could cause issues later if there’s a dispute.
- If the WhatsApp account is shared between staff, it can be difficult to track who sent what, or keep records of communication.
- You still need to be cautious — only share bank details with verified contacts, avoid copying and pasting into the chat, and consider using a password-protected file even on WhatsApp.
- If you use WhatsApp for work, WhatsApp Business may be more appropriate as it provides some extra tools and separation from personal messages.
In short: WhatsApp can be a secure option, but only if it’s used properly — and with proper internal controls in place.
- Double-Check the Recipient
Before sending anything, triple-check the tenant’s name, email address or mobile number, and what they’ve requested. If you’re not 100% sure, verify it by calling them or speaking to a colleague. A small mistake can send sensitive data to the wrong person.
- Never Send Sensitive Info on Public Wi-Fi
If you’re working from a café, train, or anywhere with public Wi-Fi, avoid sending bank details unless you’re connected via a VPN (Virtual Private Network), which adds a layer of encryption.
- Keep Your Devices and Apps Updated
Hackers often exploit old versions of software. Make sure your computer, phone, browser and email software are up to date with the latest security patches.
- Use Two-Factor Authentication (2FA)
Every email account used for business should have 2FA switched on. This means even if someone steals your password, they can’t access your account without your phone or second verification step.
- Have a Simple Office Policy Everyone Understands
Create a short guide for your team that outlines how to share bank details safely. Everyone — from junior staff to managers — should know:
- Never to type bank details directly into emails
- How to send secure attachments or links
- When and how to use WhatsApp or other tools
- Who to ask if they’re unsure
Run through examples at team meetings and remind staff regularly. Security works best when everyone plays a part.
Final Thoughts
Email isn’t naturally secure, but with a few simple steps, it can be made much safer. Whether you’re a branch manager or just starting out in lettings, follow these best practices to protect your agency and your tenants.
When in doubt, pause and double-check— and if there’s a safer alternative to email, use it.
