Real estate executives have seen a significant increase in wire fraud and phishing scams in recent years.

Top exposures:

Phishing and business email compromise (BEC) attacks have become prevalent in the real estate industry. These tactics primarily target companies involved in frequent wire transfers. Cybercriminals employ social engineering techniques to deceive individuals into revealing sensitive information or performing certain actions.

Ransomware attacks involve malicious actors encrypting critical data and demanding a ransom for its release. These attacks can disrupt operations, compromise sensitive information, and result in significant financial losses.

Social engineering encompasses phishing, impersonation, and psychological manipulation. They look to obtain and profit from confidential information such as credentials, financial data, email access, and client data.

Recent cyber events:

  1. A former employee at a mid-sized property management firm stole tenant account data, resulting in significant financial losses. The employee accessed the billing system for rental tenants across multiple properties and copied their card and account information. This unauthorized access allowed the employee to spend over $150,000 from the stolen accounts, leaving the property management firm responsible for compensating their tenants. A thorough forensic analysis was conducted to assess the extent of the breach and its potential impact on affected individuals.
  2. A mid-to-large-sized real estate agency experienced a breach that led to the loss of customer deposits. An agent within the firm fell victim to a phishing attack, compromising their email credentials. The attacker used a deceptive login page to gain access to the agent’s inbox, obtaining sensitive information about multiple individuals making offers on a property. With this information, the hacker altered the bank account details in the property contracts and contacted the potential buyers, posing as the agent. They instructed the buyers to transfer their deposits to a fraudulent account. This scheme targeted seven individuals, all of whom received the same message and request to secure the property.
  3. A large property development company faced a complete lock-out of its systems due to a malicious attachment. An employee at the company fell victim to a phishing email cleverly disguised as a communication from their energy provider. The email mimicked the signature and speaking style of their usual contact, leading the employee to click on a link within the email. Unfortunately, this action resulted in the compromise of the company’s computer network by malicious malware. As a consequence, the company’s systems were completely locked out, causing significant disruption to their operations.

To protect against phishing and BEC attacks, real estate professionals should consider the following measures:

  1. Train employees to identify suspicious emails and verify requests for sensitive information.
  2. Utilize email security solutions to detect and block phishing attempts.
  3. Implement multi-factor authentication for critical systems.

As cyber threats continue to evolve, the real estate industry must prioritize cybersecurity to protect sensitive information and mitigate risks. Check out our cyber playbook to safeguard your real estate organization against phishing, BEC, and ransomware attacks.

Related insights