Cybercriminals Turn Their Eyes to the Real Estate Industry

Cybercriminals Turn Their Eyes to the Real Estate Industry

Attention real estate industry workers! Be extra wary of emails and calls that come from anyone you haven’t met or spoke with before. This warning comes directly from the FBI who warns that attacks on real estate sector are on the rise. 

Let’s go over the types of scams that are hitting real estate firms and what precautions you can take to prevent them from being successful.

Attacks Trending Up

Cybercriminals Turn their Eyes to the Real Estate Industry

According to the FBI, from 2015 to 2017 there was over an 1100% rise in the number of victims within the real estate industry and an almost 2200% rise in the reported monetary loss.

Scams have been reported in all 50 states and in 150 countries. Victim complaints filed with the Internet Crime Complaint Center (IC3) and financial sources indicate fraudulent transfers have been sent to 115 countries.

Business Email Compromise (BEC) 

Cybercriminals Turn their Eyes to the Real Estate Industry

Business Email Compromise (BEC) cybercrimes typically begin with a phishing or imposter attack targeting a real estate company. While these attacks take many forms, in the simplest version the hacker pretends to be someone the recipient knows — a trusted partner or vendor, for example — and begins requesting usernames and passwords to the real estate company’s network.

The cybercriminal may also request proprietary data on competitive market research, or personal information on clients such like names and email addresses — all of which a hacker can sell online.

However, due to the large sums of money being transferred through real estate transactions, hackers have been known to keep the information themselves and dig deeper into the attack. 

If the criminal has performed a successful phishing attack, it’s possible they’ll acquire log in credentials to your real estate company’s email platform. From there, they’ll likely send emails posing as the agent directly to current customers who are about to close on a property with closing instructions and fraudulent wire transfer details.

Once the money is sent, unless the scam is detected before the wire transfer completes, it will likely be lost forever. In similar schemes, hackers will contact a customer’s agent/representative and send them phishing attacks directly.


Protecting yourself from scams 

Cybercriminals Turn their Eyes to the Real Estate Industry

Criminals targeting the real estate industry are persistent and often try their luck with everyone involved in a transaction until they find something useful. The best defense for real estate agents and customers alike is to add a verification step into all requests for a change in payment type and/or location. Since the bad actors behind these attacks often request changes to the original recipient’s financial information, it can only help you to verify all changes made to transaction details.

Be mindful of phone conversations. From the FBI announcement, victims have reported receiving phone calls from BEC actors requesting personal information for verification purposes. Financial institutions report seemingly reputable phone calls acknowledging a change in payment type and/or location. Some victims even note they were unable to distinguish the fraudulent phone conversation from legitimate conversations. One way to counteract this fraudulent activity is to establish code phrases that would only be known to the two legitimate parties.

If you discover a fraudulent transfer, time is of the essence.

First, contact your financial institution and request a recall of the funds. Different financial institutions have varying policies; it is important to know what assistance your financial institution will provide when attempting to recover funds.

 Second, contact your local FBI office and report the fraudulent transfer. Law enforcement may be able to assist the financial institution in recovering funds.

Finally, regardless of dollar loss, file a complaint with or, for BEC victims, The IC3 will be able to assist both the financial institutions and law enforcement in the recovery efforts.

Read our blog about the state of small business cyber security, to learn what steps you can take to protect your organization and arm your employees against cybercrime.

Written by Jim Anderson