The Top Cyber Security Threats to Real Estate Companies
Gone are the days when hackers would only target retailers. These days, the bad guys an target businesses in any industry, especially those that aren’t quite up on cyber security.
The real estate industry is one such group, and according to a recent survey, about half of businesses in the real estate industry are not prepared to handle a cyberattack. Federal law requires some industries, like hospitals and banks, to have some type of security in place for things like that, but the real estate industry is quite vulnerable. Here are some of the security threats you should look out for if you’re in the real estate industry:
Business Email Compromise (BEC)
A BEC, or business email compromise, is a type of cyberattack that tricks a business into wiring money to a criminal’s bank account. The hackers do this by spoofing email addresses and sending fake messages that seem like they are from a trusted business professional, such as the CEO or a company attorney. The FBI has found that multi-billions in business losses can be attributed to BEC.
That’s scary enough, but the FBI also says that real estate companies are specially targeted in these attacks and every participant in the real estate transaction is a possible victim.
Mortgage Closing Wire Scam
Prior to closing on the sale of a home, the buyer receives an email from their real estate agent, title attorney or other trusted service professional with specific details of the time, date and location of the closing. In this same email, there are detailed and urgent instructions on how to wire money for the down payment but to a criminal’s bank account. Within moments of the wire transfer, the money is withdrawn, and the cash disappears.
A report by the FBI's Internet Crime Complaint Center totals the number of victims of the mortgage closing wire scam ballooned to 10,000 victims, an 1,110 percent increase in the years 2015 to 2017 with financial losses totaling over $56 million, which is a 2,200 percent increase.
Another threat to real estate companies is ransomware. This is the type of malware that makes the data on your device or network unavailable until you pay a ransom. This is very profitable for hackers, of course, and it is becoming more and more popular. All it takes is one member of your team clicking on a link in an email, and all of your data could be locked.
Ransomware doesn’t just target computers though. It can target any device that is connected to the internet including smart locks, smart thermostats and even smart lights, which are gaining a lot of popularity in American homes. When digital devices get infected with ransomware, they will fail to work.
Though most people hear about ransomware these days, there are other types of malware out there that hackers use, too. For instance, you have probably heard of Trojans a.k.a. Spyware or Malware, which is very much still around. These can be used by cybercriminals to spy on their victims and get a person’s banking information or even wipe out their accounts. Malware can also be used to steal personal information and even employee information, such as client data, credit card numbers and Social Security numbers. Again, real estate companies are not exempt from this type of attack and are now even bigger targets.
Cloud Computing Providers
If you are part of the real estate industry, your business is also at risk of becoming a victim thanks to cloud computing, which is more economical these days. A cyber thief doesn’t have to hack into a company to get its data; all they need to do instead is target the company’s cloud provider.
It might seem that by using a cloud company you are lowering the risk of your business becoming a target, but the truth is, the risk still lies with your company, how secure your own devices are and how effective passwords are managed. In most contracts with cloud computing companies, the customer, which would be your business, is not well-protected in the case of a cyberattack.
Protecting Your Real Estate Company from Becoming a Victim of a Cyberattack
Now that you know your real estate company is a potential target of cybercriminals, you might be wondering what you can do to mitigate this risk. Here are some tips:
- Create New Policies – One of the things you can do is to develop new policies
in your agency. For example, in the case of BEC scams, if you have a policy that
you never wire money to someone based only on information given via email,
you won’t have to worry about becoming victimized in this type of scam. Instead,
you should talk to the person sending the email in person or via a phone call just
to confirm. Make sure, however, that you don’t call a number from the suspicious
email, as this could put you right in touch with the scammer.
- Train Your Staff – Another thing that you should consider is better staff training.
Most hacking attempts come via email, so by training your staff not to blindly
open attachments or click on any links in emails, you could certainly save your
staff from these scams. Check out our S.A.F.E. Secure Agent for Everyone
Certification Designation course, which is a marketing differentiator that offers
ideas and methods to promote proactive strategies to ensure incident-free
results. Learn how to develop client-centered procedures customized for safety
- Train Your Clients – Mortgage closing wire fraud scams can be manageable if
not preventable. Inform your clients that in the process of buying or selling a
home, there will be many emails to and from your real estate agent and other
service professionals including your attorney, mortgage broker, insurance
companies and home inspector. Tell them: Call Your Agent: Under no
circumstances and at no time in this process should the client or service
professional engage in a money wire transfer unless the client specifically speaks
to the real estate agent in person or over the phone to confirm the legitimacy of
the money wire transaction. Email Disclosure: Clients should always look for
language in the real estate agent’s email communications stating the above or a
- Back Up Your Systems – It is also very important that you always back up
everything. This way, if your system does get hacked, you won’t have to pay a
ransom, and you will be able to quickly restore everything that you need.
- Better Your Cloud Computing Contracts – Since you know that cloud
providers don’t really like to take on the responsibility in the case of a
cyberattack, you might want to start negotiating with the company in question
about what you can do about that. This might include getting better security or
adding some type of notification requirements.
- Consider Cyber-Liability Insurance – You also have the ability to get cyber-
liability insurance. This could really help you to cut the risk to your real estate
business. There are all types of policies out there so make sure to do your
research, or better yet, speak to a pro about what you might need.
Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.