The Top Cyber Security Threats to Real Estate Companies

Gone are the days when hackers would only target retailers. These days, the bad guys an target businesses in any industry, especially those that aren’t quite up on cyber security.

The real estate industry is one such group, and according to a recent survey, about half of businesses in the real estate industry are not prepared to handle a cyberattack. Federal law requires some industries, like hospitals and banks, to have some type of security in place for things like that, but the real estate industry is quite vulnerable. Here are some of the security threats you should look out for if you’re in the real estate industry:

Business Email Compromise (BEC)

A BEC, or business email compromise, is a type of cyberattack that tricks a business into wiring money to a criminal’s bank account. The hackers do this by spoofing email addresses and sending fake messages that seem like they are from a trusted business professional, such as the CEO or a company attorney. The FBI has found that multi-billions in business losses can be attributed to BEC.

That’s scary enough, but the FBI also says that real estate companies are specially targeted in these attacks and every participant in the real estate transaction is a possible victim.

Mortgage Closing Wire Scam
Prior to closing on the sale of a home, the buyer receives an email from their real estate agent, title attorney or other trusted service professional with specific details of the time, date and location of the closing. In this same email, there are detailed and urgent instructions on how to wire money for the down payment but to a criminal’s bank account. Within moments of the wire transfer, the money is withdrawn, and the cash disappears.

A report by the FBI's Internet Crime Complaint Center totals the number of victims of the mortgage closing wire scam ballooned to 10,000 victims, an 1,110 percent increase in the years 2015 to 2017 with financial losses totaling over $56 million, which is a 2,200 percent increase.


Another threat to real estate companies is ransomware. This is the type of malware that makes the data on your device or network unavailable until you pay a ransom. This is very profitable for hackers, of course, and it is becoming more and more popular. All it takes is one member of your team clicking on a link in an email, and all of your data could be locked.

Ransomware doesn’t just target computers though. It can target any device that is connected to the internet including smart locks, smart thermostats and even smart lights, which are gaining a lot of popularity in American homes. When digital devices get infected with ransomware, they will fail to work.

Generic Malware

Though most people hear about ransomware these days, there are other types of malware out there that hackers use, too. For instance, you have probably heard of Trojans a.k.a. Spyware or Malware, which is very much still around. These can be used by cybercriminals to spy on their victims and get a person’s banking information or even wipe out their accounts. Malware can also be used to steal personal information and even employee information, such as client data, credit card numbers and Social Security numbers. Again, real estate companies are not exempt from this type of attack and are now even bigger targets.

Cloud Computing Providers

If you are part of the real estate industry, your business is also at risk of becoming a victim thanks to cloud computing, which is more economical these days. A cyber thief doesn’t have to hack into a company to get its data; all they need to do instead is target the company’s cloud provider.

It might seem that by using a cloud company you are lowering the risk of your business becoming a target, but the truth is, the risk still lies with your company, how secure your own devices are and how effective passwords are managed. In most contracts with cloud computing companies, the customer, which would be your business, is not well-protected in the case of a cyberattack.

Protecting Your Real Estate Company from Becoming a Victim of a Cyberattack

Now that you know your real estate company is a potential target of cybercriminals, you might be wondering what you can do to mitigate this risk. Here are some tips:

  • Create New Policies – One of the things you can do is to develop new policies
    in your agency. For example, in the case of BEC scams, if you have a policy that
    you never wire money to someone based only on information given via email,
    you won’t have to worry about becoming victimized in this type of scam. Instead,
    you should talk to the person sending the email in person or via a phone call just
    to confirm. Make sure, however, that you don’t call a number from the suspicious
    email, as this could put you right in touch with the scammer.
  • Train Your Staff – Another thing that you should consider is better staff training.
    Most hacking attempts come via email, so by training your staff not to blindly
    open attachments or click on any links in emails, you could certainly save your
    staff from these scams. Check out our S.A.F.E. Secure Agent for Everyone
    Certification Designation course, which is a marketing differentiator that offers
    ideas and methods to promote proactive strategies to ensure incident-free
    results. Learn how to develop client-centered procedures customized for safety
    and security.
  • Train Your Clients – Mortgage closing wire fraud scams can be manageable if
    not preventable. Inform your clients that in the process of buying or selling a
    home, there will be many emails to and from your real estate agent and other
    service professionals including your attorney, mortgage broker, insurance
    companies and home inspector. Tell them: Call Your Agent: Under no
    circumstances and at no time in this process should the client or service
    professional engage in a money wire transfer unless the client specifically speaks
    to the real estate agent in person or over the phone to confirm the legitimacy of
    the money wire transaction. Email Disclosure: Clients should always look for
    language in the real estate agent’s email communications stating the above or a
    similar facsimile.
  • Back Up Your Systems – It is also very important that you always back up
    everything. This way, if your system does get hacked, you won’t have to pay a
    ransom, and you will be able to quickly restore everything that you need.
  • Better Your Cloud Computing Contracts – Since you know that cloud
    providers don’t really like to take on the responsibility in the case of a
    cyberattack, you might want to start negotiating with the company in question
    about what you can do about that. This might include getting better security or
    adding some type of notification requirements.
  • Consider Cyber-Liability Insurance – You also have the ability to get cyber-
    liability insurance. This could really help you to cut the risk to your real estate
    business. There are all types of policies out there so make sure to do your
    research, or better yet, speak to a pro about what you might need.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Getting attacked by a Police Dog

Have you ever seen men getting “attacked” by a police or military dog as part of the dog’s training? The men (I’ve never seen a woman, but I’d like to think there are some strong, feisty women who suit up for this role) wear either just a big padded thing on one of their arms, or they’re engulfed entirely in a padded suit.

The dog lunges for the padded arm, and the “victim” can’t do squat while this occurs.

So from the man’s point of view, what is this all like? According to an article on, a 125-pound Military Working Dog named Fritz “attacked” the author who was wearing a “heavily padded safety suit” that included a “rubber prosthetic arm.”

He was instructed to hold out his arm while Fritz sat obediently. The dog was given orders by a handler to clamp onto the author’s arm. The 150-pound author had no control over his body being thrashed about. The goal is to prevent the dog from biting up and down the arm, which the author was not able to do.

The dog instantly released his “victim” upon hearing commands. The author was then told to “say something mean to the dog and then run away” to “provoke him.” So the author said “Profane-you Fritz!” and bolted.

Fritz bolted after him “at full speed, in anger.” Now let me interject here. I question that the dog was angry. A human might be if you said something mean, but not a dog. I’m no dog expert, although Ive had 2 German Shepherds in the past 2 years, but it’s fair to suppose that the combination of tone in the author’s voice, and his sudden sprinting away, kicked up Fritz’s instinct to charge after prey. This is why dogs run after a tossed ball.

The author was brought to the ground in an instant. Fritz remained clamped onto him as the handlers escorted him and the dog towards some spectators. Fritz was rewarded with just a pat on the head (but hey, maybe to a dog, that’s serious stuff).

I’ve always wondered what this is like from the dog’s point of view. If the dog was truly in attack, shred-him-up mode, wouldn’t he go for the face instead of clinging on to just a padded arm that tastes like rubber and not live flesh? When people are attacked by dogs while jogging, walking or inside their homes, almost always, they receive injuries (sometimes very serious) to the face and scalp, even neck. Such dogs will also often tear out chunks of the victim’s legs.

But police or military dogs in training always go after that big rubber arm—and stay with it. To a degree, the dogs think it’s just a game, especially since sometimes, the “victim” is the dog’s own handler—who in the next scene is lovingly interacting with the animal.

Anyway, most dogs are a great layer for home protection no matter their size or abilities. Clearly some dogs aren’t, but, if it is remotely territorial it can act as an additional set of eyes and ears. And if the dog barks upon hearing an intruder, it can act as a layer added to an alarm system.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

False Alarms are costly

Unfortunately, cheaper, older security motion detectors can’t distinguish between a 150 pound man and a squirrel or even some papers blowing around. This causes police and firefighters to respond to false alarms. False alarms caused by the elements or animals are common (in the millions each year) and occur with business as well as residential systems.

3HOn average, a police officer uses 20-40 minutes to respond to an alarm. Multiply that out by millions of false alarms. This problem drains resources.

The Drain

In the U.S., 94-95 percent of police responses to burglar alarms are false. The cost comes to $30-$95 per incident–$1.8 billion total in the year 2000, says the Center for Competitive Government at Temple University. Some of this money goes towards preventing and remedying wear and tear on first responders’ vehicular equipment.

Wind, papers and animals aren’t the only problem; prank or ridiculous 9-1-1 calls also factor in, and so do carelessness, mistakes and even frightened but aggressive homeowners who mistake first responders for intruders.

Whopping Fines

The moment someone realizes an alarm was tripped accidentally, they should notify the police and their alarm company to cancel the response. Residents and business owners can be fined for false alarms—three and a row can cost over $300 in some areas. Fees vary by location; a first time violation may cost $50. Good hard fines will sink in deeper and motivate system owners to take measures to reduce false triggers.


  • A system that triggers a call to the homeowner or business owner’s mobile phone first. If there’s no answer it goes to the home phone. If there’s no answer it goes to the police.
  • Having a home security system with security cameras allows the homeowner to quickly check on the home via their mobile to see if there is an actual problem.
  • The alarm system should be thoroughly re-evaluated by the company to make sure that a glitch isn’t responsible for at least some of the false triggers.
  • Homeowners should determine if there is enough time when entering or exiting the home when alarms are often triggered.
  • Proactively plan when another person is entering the home such as guests, contractors, cleaners etc. Those “inexperienced” with your alarm are often the culprits.
  • Homeowners must ingrain into themselves the habit of checking to see if the alarm is on before opening the door to check the thermometer outside, retrieve the newspaper or let the dog out in the middle of the night.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

5 Considerations Before Buying a Home Security System

There are numerous considerations to be made when investing in a home security system today. While the options for the type and scope of system have been narrowed down, it’s the nuances of price, service, contracts and if it’s a do-it-yourself (DIY) project, among other things, that can all make or break the long-term satisfaction rating you’ll have.

  1. Costs: You get what you pay for. Bells and whistles add up to more fees up front and with monthly monitoring. Some alarms cost little up front and have larger monitoring fees. Others cost more up front and may be a DIY job, but with smaller monitoring fees. Do the math.
  2. Remote control: For a few bucks more, most systems are equipped with the ability to control them from your smartphone, tablet or PC. Straight up, it’s worth every penny.
  3. Invest in monitoring: An alarm system that triggers a breach always sets off a siren. And while noise is a good deterrent, it’s not nearly as effective as gun-wielding police being dispatched and showing up in your driveway. Spend the few extra bucks for the monitoring.
  4. Customer service: Alarms have many little parts that “brick.” Over time, they fail, parts break, things go wrong, and alarms need replacement parts or service. Check out the reviews of a company’s ability to service its customers before you sign on the dotted line. There’s nothing more frustrating than bad customer service.
  5. Installation: Are you a do-it-yourselfer? If so, you can often save lots of money in the long term. If you need hand holding and don’t know how two-sided tape works, then having an alarm company do the installation may be your best option. Keep in mind that with a DIY job, you do it on your own time. With an alarm company doing it, you will have as many as five service installers traipsing through your house for up to three days.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

Rihanna’s Home Targeted by Burglars

Chances are, if you own a $12 million home like Rihanna, someone with bad intentions is going to want a piece of it (or something in it). But you don’t need to be rich to be the target of a burglary. Millions of less extravagant homes are burglarized every year.

BET reports, “The singer’s Cali mansion, valued at $12 million, is equipped with a security system, including cameras along the private road leading up to it (and a sign that reads, ‘Smile, you’re on camera.’). The intruders were caught on tape, and although they were successful in trespassing, the would-be burglary was cut short when the break-in sounded off the alarm. The noise caused them to flee.”

“Equipped with a security system…the noise caused them to flee.” That statement warms the cockles of my heart.

Famous people are no strangers to home break-ins. Celebrities are targeted because of their notoriety and vast wealth. They also travel quite a bit, so their homes are often unoccupied. There’s even a movie about it, inspired by real events that took place in the Los Angeles area over five recent years. The Bling Ring is about a bunch of L.A. kids who rob celebrities’ homes. It started as a group of fame-obsessed teens who used social media to track celebrities’ everyday activities, such as when they were home and not home. They also determined what they wanted to steal from the celebs’ homes based on photos of their stuff the celebs posted on their social pages. When the Bling Ring (that’s the name they gave themselves) knew the celebs were out, that’s when they burglarized their homes.

I’ll guarantee you that the security systems the majority of celebrities have aren’t much more advanced than ones for everyday people; the technology is pretty much the same, and maybe because the owners have a bit more money the systems have a few more bells and whistles. So…be like a celebrity and get a home security system.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

Good Heavens! Churches are Big Targets for Burglars

Is nothing sacred? Well, no. Not even churches. Really, especially churches. The problem with churches, like any public place, is that by design, they are open for anyone to come in and worship at any time. But in the case of a burglary, they are open for a bad guy to scope the place out. And it’s no secret that churches collect money—and lots of it.

In Pennsylvania, the Titusville Herald reports three state police agencies are investigating suspected burglaries at more than six churches after several local churches were struck by a rash of burglaries over one weekend—and most of the burglaries happened without any forced entry.

Investigators believe more than one person was involved due the weight of the items stolen, including a big, heavy safe. All of the burglaries included some kind of lockbox or safe being stolen. Some were at night, and some were in the day. No security alarms were activated. The article doesn’t mention the presence of any security cameras on site, either.

It’s pretty simple: If you are an establishment that is open to the public and you have cash in a safe or lockbox or have valuables on hand that can be sold or fenced on the black market (or even metal of any kind that can be sold at a scrap yard), then you need to beef up your security and stop thinking, “It can’t happen to us.”

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

Selling Your Smartphone? Beware of Stowaway Data

5WUpgrading your mobile device? It has become standard practice to upgrade to a newer device every one to three years. And when doing so, people often sell, donate or discard the old one. The goal is often to sell the old one to make up the difference in cost for the new one.

However, I conducted a test in which I purchased a bunch of used devices off of Craigslist and eBay to see if I could still find personal data on them. I found a startling amount of personal data, including photos, phone numbers, addresses, emails, text messages and even passwords.

While most of us would think we are safe if we do a factory reset on our mobile device, this is not always the case. On some Android phones, even though some of the phones’ owners had done a factory reset, I was still able to find data on them. Here’s how to get your devices squeaky clean:

  • Wipe your phone: For mobile phones, you want to do a factory reset. The software to do this is built into the phone.
    • Android factory reset: Menu > Settings > Privacy > Factory Data Reset.
    • iPhone factory reset: Settings > General > Reset > Reset All Settings.
    • Blackberry factory reset: Options > Security Options > General Settings > Menu > Wipe Handheld.
    • Windows 7 phone factory reset: Settings > About > Reset Phone.
    • On any other operating systems or Symbian-based phones, you will need to do a search on your phone online, such as, “Phone Name, Model Number, Carrier, Factory Reset.”
    • Remember to remove or wipe any media, like SD cards or SIM cards. These are so cheap, it’s better to cut them in half with a scissors or reuse them.
    • Still unsure if you’ve gotten all your data off? Get a drill and poke lots of holes in the device and its hard drive, or hit it with a sledgehammer. This may be lots of fun, but it also may make it less saleable. J

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

6 Tips on Securing Your Home From Those You ‘Trust’

5HThere are going to be times in your life when you will need to simply trust people who you let into your home for various reasons. People such as:

House cleaners: House cleaners get in the nooks and crannies of your home and have to be trustworthy. They see everything, they touch everything, and if they find your grandmother’s ring wedged behind the couch pillows, you want to trust that they will bring it to your attention.

Contractors: When bringing in a plumber to make a repair or install an appliance, or a carpenter, painter, electrician or anyone else, know that someone in one of these crews will be looking at your stuff as a week’s pay.

Babysitters or nannies: You not only trust them to come into your home, but you also are trusting them with your kids. Anyone you trust your kids’ safety with can do the most damage because they are SO trusted they think you aren’t paying attention at all.

Roommates: Living with someone requires the utmost trust. But what makes you think that dude you found on Craigslist is actually 100 percent honest and upfront with you?

The New York Post reports, “A real-estate agent sold an Upper West Side town house to the owner of an art gallery—then allegedly looted the home of more than $500,000 in high-end goods when the victim and her family were away in the Hamptons.” One source reported, “He has a drug and gambling problem.”

Well, there you go. Drugs make nice people bad people. Drugs make honest people liars. And some people just come out of their mamas as liars and bad guys.

So what does a trusting person do?

  1. Background checks: Before letting anyone into your home, make sure the employer has done a background check and you do one on a roommate or nanny. But just because the person has a clean record doesn’t mean his or she isn’t smoking a little crack here and there. So…
  2. Drug testing: Insist on drug testing for anyone who enters your home—especially if that person is taking care of your kids. But people can scam a drug test, and some people who don’t do drugs are just plain liars. So…
  3. Get a safe: Put all your valuables into a safe that is bolted to the floor. You can also remove your valuables and/or put them into a safety deposit box. Insure everything, too. But it’s not always convenient, practical or possible to remove everything. So…
  4. Install security cameras: Security cameras tied into a home security system that can be monitored from your mobile device allow you to keep an eye on things. You can even point to the cameras when you leave and joke with the contractor and do the dual finger point and say in your best Robert DeNiro voice, “I’m watching you, Focker.” But cameras don’t always “prevent” someone from stealing something, but they do act as a deterrent. So…
  5. Lock off certain rooms: Installing interior door locks will prevent someone from simply walking into a bedroom or office and rummaging through your stuff. But anyone with a leg and a foot can easily kick in a bedroom door. So…
  6. Cross your fingers, hope and trust: You should do all of the above to add multiple layers of security to your home, even when protecting your stuff from those you trust. Trust is overrated; we do it too much. But still, we wouldn’t be able to function in an interdependent society without it. Just sayin’.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.

10 security tips when selling your house

The housing market is coming back, and lots of people are selling their homes—and you may be considering it too. Will you use a real estate agent or do it yourself? No matter which path you choose, there are safety and security considerations for both. When opening your home to strangers, the risks to your family’s personal security increase dramatically.

For one illustration, KHOU reports, “Two women are accused of posing as a real estate agent and prospective buyer to burglarize a house. They allegedly called her Realtor last minute to say they were close by. Police said the women had given the license number and name of a legitimate real estate agent to obtain permission to enter. Once inside, they allegedly took watches, jewelry and a credit card.”

When selling your home and someone knocks on the door and begins to con the homeowner with the above not-too-far-fetched scenario, more than likely the home owner will let him or her in.

Use caution—and, if you use a real estate agent, discuss the following:

  1. Recognize that when placing ads or displaying a yard sign, scammers will notice too. You are going to have to set boundaries and begin to think differently in this process. It’s never OK for anyone to enter your home unannounced. Even if a person set an appointment, it’s best to have a real estate agent along. And always pay attention to whoever enters. Don’t just let a stranger (even one claiming to want to pay hundreds of thousands of dollars for your home) roam free.
  2. Lock up: Remove your valuables or put them in a safe; medicines or anything else of resale value is often targeted. When suspecting or seeing someone steal something, just let the person have it. Never confront a thief, and never try to take it back. Leave your own house immediately, as a thief could turn violent instantly. Your job isn’t to prevent theft—merely to deter it.
  3. Be suspect: Being guarded and alert can keep you from getting into a vulnerable situation. Expect every bad guy or gal to show up in a nice car, well dressed, and even with family. Sometimes the person has business cards stating his or her profession. Regardless, don’t let your guard down.
  4. Signage and ads: Use advertising as your first layer of defense. Include phrases like “Appointment only” and “Driver’s license required for admission” and “Pre-approved documents required.” Include signage at the front door, such as “Video surveillance in use” or “Driver’s license required,” as well as signage showing you have a home security system.
  5. Use the buddy system: Strength comes in numbers. Having two or more people on site is best, so set appointments around spouse or friend availability.
  6. Identification: Request ID when people walk in. If they have a problem with this, then that’s a red flag and you need to tell them to leave.
  7. Determine any vulnerabilities: When showing a property, think in terms of where your screams would not be heard, such as a basement, attic, garage, etc. It may be necessary to send potential buyer to these areas alone.
  8. Dress appropriately: Expensive jewelry is a no-no. Pajamas or provocative attire sends the wrong message. Be professional.
  9. Intuition: Trust your gut and pay attention to your intuition. If something seems wrong, something is wrong.

10. Home security: Install a home security system with cameras. Not only does this help to secure the home, but it also increases resale value.

Top 5 Home Security System Scams

When a home security salesman comes a-knockin’, beware, pay attention and know what you are getting into. He might not be who he says he is, or he might have tactics under his belt that will cost you big time.

WZZM reports, “For a couple of years now, the Federal Trade Commission has been warning people about shady practices by some door-to-door salespeople, especially those representing home security systems. While many reps are legitimate, others have found success using high pressure tactics and outright lies to get you to switch companies or sign you up for new service.”

Protect yourself:

  • Never let anyone inside your home. It’s just not a good idea.
  • Always ask for identification and keep the conversation outside.
  • Door-to-door salespeople should tell you their name, business name and the services they wish to sell before asking you any questions.
  • Salespeople should show you their state-issued “pocket card” or license and ID. Take the time to scrutinize their documentation.

The FTC lays out some tips to recognize when a scammer is on your doorstep:

  • They may make a time-limited offer and claim that you need to act now.
  • They may pressure their way into your home and then refuse to leave.
  • They may use scare tactics. For example, they may talk about a supposed rash of burglaries in your neighborhood.
  • The sales agents may state or imply that they are from your existing security company and that they’re there to “upgrade” or “replace” your current security system.
  • They may claim your security company has gone out of business, that they’ve taken over the accounts, and that you have to buy new equipment and sign new contracts.

At this point, with the internet being so accessible and all the major security companies at your fingertips—coupled with doing all the legwork for you—it makes no sense to even open the door when a salesman comes ringing.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.