Real estate remains a uniquely vulnerable industry to cyberattacks, and has the losses to prove it.
From 2015 to 2017, business email compromise attacks, or BECs, on real estate increased by 1,110%, according to an FBI Internet Crime report. BECs are a form of phishing, wherein a hacker poses as a trusted correspondent as a way to obtain sensitive information such as financial data.
Real estate transactions are dependent on communication between companies, sometimes ones with no shared history, and sometimes involving the electronic transfer of large sums of money. Worse still for security, transactions often have deadlines that can add stress and prevent ideally thorough vetting, Steel Root founder and Managing Director Ryan Heidorn and GreatHorn Solutions Engineer EJ Whaley wrote in a column for Info Security Group.
Phishers often prioritize organizations that may be new to a robust real estate market, or have more employees or low levels of cybersecurity, Heidorn and Whaley said. Within those companies, a hacker would then select someone who interacts with other parties, perhaps a lender, broker or attorney, and use publicly available data on social media sites like LinkedIn or Facebook to “get a feel” for information and context that would make it easier to impersonate the individual.
A phisher would initiate contact with a target’s colleague through what cybersecurity calls a “door knock,” wherein they would pose as a party interested in doing business.
“This request is usually responded to promptly, but in responding the colleague may unwittingly hand over valuable information such as the format of the email signature used in the organization along with any logos, color schemes, or website links,” Heidorn and Whaley wrote.
From there, a more believable impersonation can be formed, and if successful can give a hacker access to multiple parties involved in the transaction — and thus more opportunities to intercept financial information or even payments.
The FBI found that in 2017, $969M was stolen from homebuyers and real estate companies by hackers. In 2018, BECs that specifically targeted the real estate industry stole nearly $150M. As such attacks have grown so commonplace, everyone needs to be vigilant.