Cybercrime in Real Estate

There has been a substantial increase in cybercrime in real estate over the last few years.  There aren’t any federal cybersecurity laws for real estate companies.  Consequently, there’s nothing that requires them to invest in information security. They’re left on their own to insure they have strong systems. 

According to research, more than 50% of real estate companies lack the essential resources to prevent, or even deal with, cyberattacks. The amount of money that changes hands with every real estate transaction is significant. Even small real estate companies transact properties worth millions of dollars on any given day.

Clients trust real estate professionals with sensitive information.  They may share private contact details, credit card numbers, Social Security numbers as well as bank account information.  It can be used to commit both identity theft and fraud.  So it would be disastrous if that important information falls into the hands of criminals. 

What is cybercrime?

Cybercrime is defined as criminal activity aimed at computers and communication technologies. Consequently, any crimes where these technologies are used to commit online offenses  are considered cybercrime.  These can be denial-of-service attacks, the spread of malware, and hacking.

Cybercrime in real estate

Cybercriminals love targeting real state businesses. Real estate companies hold personal information for clients that are involved in high-dollar transactions. The fact that high-value transactions are happening every minute gives criminals motivation to focus on real estate companies. 

The Cloud isn’t immune to cyber attacks

Signing up for a cloud-based application or provider isn’t a foolproof method of preventing cybercrime. It doesn’t start and end with the hacking of virtual networks. Computers and other electronic devices you use in your home and office can be hacked.

Data stored in the cloud isn’t completely secure from cyber extortion, unauthorized access, deletion, use, or theft. A dissatisfied employee can also cause privacy breaches. There’s a need to protect your data at all avenues.

Why is cybersecurity important in real estate?

The digital age has revolutionized business transactions. And, with better technology, the risks have also increased. Real estate companies’ dependence on the internet to operate now means preparing for possible risks. Having systems in place to handle them is crucial.

An overwhelming number of cyberattacks targeting real estate businesses are reported daily. However, that is just a portion.  Many go unreported.  Thus, no real estate professional can ignore cybersecurity. Being informed, staying vigilant, and having a mitigation plan are all essential.


Steps to preventing cybercrime in real estate


  • Act cautiously and never act on wire transfers requested via email


Every person on a computer should have a “zero-trust mindset” in his/her everyday computer work. Any dubious links or suspicious attachments should be deleted immediately.  They should never be opened.

  • Be alert if an email has a spelling mistake. There is a higher chance it is from cybercriminals.
  • Beware of emails with a general salutation.
  • One requiring you to log in to an unknown website.
  • An email that demands immediate attention should be treated suspiciously. 

Hackers have gotten into email systems of both realtors and clients.  Once they’re in, they search for essential words for their crimes.

Wire fraud

There are a lot of real estate scams out there. The most popular thefts have occurred when the keyboard swindler sends an email to the home buyer.

These theives can capture hundreds of thousands of dollars by intercepting the buyer’s deposit before it can reach the title company. The email instructs the buyer that the wire instructions have changed; that they now need to forward the funds to a new account number.

I think I’ve scared my clients by telling them repeatedly not to do anything without asking me. But this actually happened in San Carlos. The buyer lost thousands of dollars by following the new erroneous instructions.


  • Know cybercrime risks and always be alert


Cybercriminals will flood targeted victims with daily emails. Many emails will have malicious software hidden in them. There is always a chance you may fall for such traps. The smartest of us do sometimes. So don’t transfer money just because you have received an email from someone requesting you to do so. Make a quick call to confirm your understanding.

Domain/email spoofing and business email compromises are also some of the tactics that cybercriminals use.  Unsuspecting people – including you – can easily fall victim. You may see a familiar company name, but when you look at the email address, it’s something really strange like [email protected] I try to make a habit of looking at the email address. That might be helpful for you too.


  • Take immediate action whenever you suspect fraud


Every second matters when you suspect fraud. Call the bank immediately. If the funds have already been ask them to recall the money immediately. A complaint should also be lodged with law enforcement. You can find the contact info for your local FBI office here.


  • Buy cybersecurity insurance


Companies all over the world lose billions of dollars annually to cybercrime. Small businesses are more vulnerable so they bear the highest losses. The cost of fixing a breach may be more than many businesses can manage.  It could lead to a small business closing down. Therefore, cybersecurity insurance is essential to manage possible losses. 

These insurance plans can be customized to include vendors and customers whose data and personal information are stolen. A data breach can permanently destroy the reputation of a company. Reimbursing customers for their lost of time and money can help rebuild their trust.

Cybersecurity insurance covers:

  • First-part expenses like network interruption event management as well as data restoration.
  • Stolen or damaged data and software.
  • Money lost through false requests.
  • Extortion and lost business deals.


  • Sign up for a cloud security app/plan


Any business still using outdated hard drives, printed paper or physical filing systems should get rid of them as soon as possible. Outdated data storage systems are susceptible to theft, damage, or loss and they take up too much space. There are numerous benefits to moving to a cloud platform.  Better insight into suspicious behavior and a more reliable backend thanks to the many backups are just two.



  • Limit the use of work laptops and computers for personal tasks.
  • Require employees to lock work computers each time they are not in use.
  • Educate employees on the need to use strong passwords as well as how to identify phishing scams/emails.
  • Schedule data backup regularly to prevent severe losses and damage in the event of a data breach.
  • Limit the number of people who have access to work devices.
  • Always keep your security software updated and invest in good malware and antivirus software.

4 types of cybercrimes

Cybercrimes are done through computers, laptops, and smartphones. Understanding the common ones will help you put in place strong measures to protect your business. They include:


  • Phishing


This involves an attempt by cybercriminals to obtain confidential information through a spoofed e-mail address. Phishing is most commonly done through emails.  It can also be done through instant messages, phone calls, and texts. Phishing can also involve malware attacks where the victim is tricked into opening a link or attachment that has malicious software included.


  • Email spoofing


Email spoofing is using email software that hides the real source of the email.  It appears like it is coming from a different (legitimate) address as opposed to its true criminal source. Cybercriminals are notorious for using spoofed email addresses to convince the victim it is from a familiar, trusted source. This trick makes it easier to fool people into divulging their confidential information.


  • Pharming


Cybercriminals also use a trick called Pharming.  They create a fraudulent website that is identical – or nearly identical – to a legitimate one. It makes it easy to trick unsuspecting victims into clicking the website and filling out their information.


  • Malware


Malware software is any program installed on your electronic devices to cause harm.  Devices include computer, smartphone, or laptop. Worms, spyware, viruses, ransomware, adware, keyloggers, tracking cookies, and trojan horses are all considered malware. It can affect your computer in various ways: Tracking your activities while online, hijacking or changing the computer’s primary function, and deleting or transmitting private/sensitive information.


More on hackers

Hackers have gotten creative. They’re using their computers to hack your home! Smart devices and baby monitors have been a target to get into homes without going through the front door.


Hackers cannot be controlled.  But there is so much you can do to ensure you don’t fall for their tricks. This goes for everyone in business including the large corporations with the most sophisticated systems. Besides buying cybersecurity insurance and insisting on vigilance, you could also upgrade your identify-management and digital infrastructure. Proper preparedness reduces downtime should a breach occur.