Take a minute now to thank Congress for passing the bipartisan Infrastructure Investment and Jobs Act.


Real Estate Industry Vulnerable to Cyberattacks

By Anthony SanFilippo
August 2019

The news is seemingly filled with stories of data breaches, cyberattacks and compromised social media accounts.

Everyone is vulnerable in one way or another, and that is no different when it comes to the real estate industry – and that includes brokers, agents, and yes, homebuyers themselves.

According to an FBI Internet Crime report released in June, business email compromise attacks (BEC’s) on real estate increased by a whopping 1,110 percent.

These BEC’s stole almost $150 million from the real estate industry alone in 2018. Combined with other cyberattacks by hackers, both homebuyers and real estate agencies lost $969 million in 2017.

Hackers obtain sensitive information via a complex effort consisting of false identities.

How It Happens

For example, a hacker might pose as a potential homebuyer via email to a real estate agent to garner a response from an agent or broker. This “phishing” expedition will provide the hackers with key email information – such as an agency’s branding, electronic signature, and other useful information to seem legitimate.

Then, once they have forged this information into a dummy email address, they can pose as a member of the agency to generate conversation with another company that could lead to the electronic transfer of large sums of money.

Because these transfers have deadlines, proper vetting is often not completed and lower level security measure that are in place don’t flag these communications as a cause for concern.

Hackers tend to target companies that are new to the real estate market, or have a sizeable number of employees, which creates a situation where oversight of a business transaction could be missed.

Once the company has been infiltrated by the hacker, they will pose as someone who does frequent business on behalf of the company – like a broker, or an attorney – and use other information that can be found publicly online – usually through a social media platform like Facebook, Instagram or even LinkedIn – to create an online clone of the individual to help better impersonate them in email communication.

Once this hacker is deemed trustworthy, they are often granted access to multiple parties within a transaction, allowing them to spread their web of deceit and be able to further gain access to personal information and ultimately the money that is stolen.

Commercial Real Estate Not Immune

Commercial Real Estate companies are also prime to be hacked and stolen from, according to a report in the Commercial Observer.

That report indicated that although more than 33 percent of real estate firms have been victimized by a cyberattack, that representatives of the more than 50 percent of those polled said they were not adequately prepared to prevent an attack like that from occurring.

On the commercial front, a lack of understanding and an unwillingness to budget for security enhancements when the company is still making good money year-over-year by sticking to the status quo are the biggest problems.

But, as more and more commercial properties are developed with modern technology in building automation that manages all aspects of the building from the elevators to it’s heating and air conditioning, more modernized buildings are equally at risk because there are now more digital access points for hackers to get into a company’s digital infrastructure.

A cyberattacker can find a way to create the evacuation of a newly built or recently modernized skyscraper by accessing the electricity system of a building, turning off all the power and forcing a mass evacuation.

A lot of Fortune 500 companies have turned to hiring an information security officer to deal with the prevention of cybersecurity initiatives. This has helped, but it’s an expensive endeavor that most real estate agencies couldn’t afford themselves.

It’s a tough spot to be in for most agencies, and potential homebuyers and sellers need to be aware. As these kinds of data breaches are becoming the norm, everyone needs to remain vigilant in an effort to stop them from happening.


Related Stories