By Michele Lerner
When it comes to cybercrime, real estate agents and their clients have a target on their backs.
“The real estate business is essentially one-stop shopping for the cybercriminal," says John “FBI John” Iannarelli, a cybersecurity consultant and former FBI agent. “Cybercriminals are interested in stealing money and personal information. Cybercriminals realize that by targeting the real estate profession, they can steal both.”
As a $32 trillion industry that requires extensive communication between a variety of companies and individuals, real estate is unfortunately enticing to criminals.
"According to a Silicon Valley bank study, affluent individuals are 43% more likely to be the targets of financial crimes like identity theft than the general population,” says Mykolas Rambus, CEO and co-founder of Hush, a digital privacy service. “In a region like Northern Virginia, that’s a large part of both real estate agents and clients.”
Real estate agents are pressed for time, interact with the general public frequently and use multiple devices to do their work, says Rambus.
“That’s the kind of combination that cybercriminals look for to convince a distracted person to click on a link or download an image that might seem safe but leads to being hacked,” Rambus says.
Most importantly, Rambus points out, Realtors are involved in big money transfers.
“Real estate typically deals with expensive assets and a lot of personally identifiable information, all of which makes it an attractive target,” says Mark Stamford, founder of OccamSec, a security consultant firm.
Phishing and other risks
Despite years of security awareness training, people still click on email links that look enticing, Stamford says.
“It’s easy to make an email look like it comes from anyone, so before wiring money or sending any other kind of payment, make sure you’re sure the requestor is who they say,” Stamford says. “Where possible, use multifactor authentication. Passwords get compromised all the time, so where you can rely on something besides a password, do so.”
Business email compromise (BEC) is the most common scam facing real estate agents and their clients, says Iannarelli.
“A BEC involves the cybercriminal hacking into the broker email and watching email traffic,” Iannarelli says. “When an email is sent to a client with wiring instructions for payment, the cybercriminal intercepts the message and changes the wiring instructions so that the money is sent to another bank account controlled by the criminal and then quickly transferred overseas.”
The money is typically gone before anyone inquires about the funds transfer, he says. If the hack occurred at the broker’s email, the real estate office is liable for the loss, Iannarelli says. To prevent wire fraud, real estate agents or title companies should call their clients and review wiring instructions rather than rely on email.
Another common issue is malicious links in emails that closely resemble those sent by brands such as financial institutions, real estate companies and advertisers, says Rambus.
“Real estate agents should do a search about themselves to make sure no one is impersonating them online, which is another way cybercriminals fraudulently weave their way into transactions,” says Rambus.
While social media benefits Realtors by boosting their visibility and networking ability, Stamford recommends being wary of oversharing.
“Would you give access to all your personal photos to a stranger? No? Then why do it on website that anyone can look at?” Stamford asks. “How many of your password reset questions are info that’s available on your personal pages?”
10 ways to protect yourself and your clients from cybercriminals
Some of the best ways to prevent becoming a cybersecurity victim are common sense steps that you’ve heard before, but it doesn't hurt to be reminded. Others are a little less intuitive.
- Make sure all your electronic tools are secure, says Rambus, with all the latest malware software installed.
- Use a VPN on public Wi-Fi.
- A strong password prevents hacking and many cybercrimes, says Iannarelli. “A unique password should be used for every application and program so that if one password is compromised, the cybercriminal will not be able to use the same password to access any other sites used by the victim,” Iannarelli says.
- Consider using a password keeper to store all your login information and passwords in an encrypted format, recommends Iannarelli. That way you only need to remember one password to log onto the password keeper.
- Don’t open unexpected attachments or attachments from unknown senders.
- Use multifactor authentication whenever possible.
- Carefully check all emails to be certain they are from the real sender. Avoid clicking on links if there’s a chance this is fraudulent use of a logo.
- Confirm via phone all wire transfers.
- Remind all clients that wire transfers will be confirmed by phone and not via email.
- Remind your clients you will never ask for personally identifiable information such as Social Security number or bank account codes.
NAR cybersecurity resources:
Michele Lerner, a freelance writer based in the Washington, D.C. area, has been writing about real estate and personal finance for more than 20 years.