Why cybercriminals love targeting real estate agencies

In 2018, advisory firm PwC revealed that customer fraud was already the number one economic crime in Australia, with 45 per cent of companies surveyed attacked during the two previous years. The real estate sector, in particular, is proving to be a goldmine for smart cybercriminals looking for a big payday.

ASX-listed property valuation firm Landmark White experienced the danger first-hand when they suffered a breach in February 2019, which forced the company into a trading halt. The company is estimated to have lost $7m in revenue as a result and led to the resignation of its CEO at the time. When the company resumed trading in May 2019, their share price had dropped by 40%.

Why cyberattackers target real estate agencies
Considering the big sums of money and wealth of personal information involved in buying and selling property, it’s hardly surprising real estate firms are an enticing target. The real estate industry is worth around $16 billion in Australia alone and poorly secured in terms of cybersecurity.

Australia is still transitioning from the 150-year-old paper-based Torrens Title System of exchanging property to modern digital record systems. Most agencies are also in various stages of their own digital transformations, which means enterprising hackers have many potential vulnerabilities to exploit.
 
How criminals hack real estate firms (and why residential agencies are their favourite target)
Hackers tend to focus on residential real estate in particular, given the less-rigid security they’re likely to encounter. Phishing scams are still the go-to tactic for most hackers. An unsuspecting employee receives a fake but convincing-looking email, and given the huge number of online enquiries the average real estate agent receives, they make a simple human error - like clicking on a boobytrapped link or malware-laden attachment. Now the hackers can steal confidential data, hold the entire agency to ransom or hijack the identity of an employee to scam a customer.
 

If their intention is to steal funds, they usually lie in wait for a scheduled sales settlement to come through. When they see one in progress, they hijack the emails between the agent and the client and trick the buyer into sending funds to a fraudulent account. The criminals then move the funds through a complicated network of dummy accounts, making the money trail almost impossible to track.
 

The consequences of scams such as these can be severe. Not only can huge sums of money and confidential data be stolen, but the losses from the interruption of business operations can also be significant. The biggest blow, however, is the damage to a firm’s reputation. Once trust is lost, it can be very difficult to regain.
 

Real estate agencies need to become more resilient
Security risks are an inherent part of the digital economy. But that doesn’t mean the risks can’t be managed. By taking a few precautions, real estate firms can greatly reduce the chances of suffering a crippling cyberattack.

1. Update your security measures
   Use multifactor authentication where you can, and mandate the use of strong passwords for your staff. It’s also a good idea to set rules against allowing the same person to create and authorise payments. Make sure your firm has a sound cybersecurity policy, and consider getting cybersecurity insurance as well.

2. Keep your tech up-to-date
   That means regularly patching your software with the latest security updates, and using reputable firewalls, encryption, and anti-virus tools.

3. Keep data backups
   Regularly back up your files and keep a copy in a secure offsite location. Keep hard copies of critical data as well.

4. Educate your staff and your customers
   Regularly update your team about current online threats and cybersecurity best practices. Also, make sure your clients know what to expect before they carry out a transaction. Advise your clients to call you immediately if they receive an unusual request to transfer funds over email.

Conclusion
While prevention can minimise the chance of a cyber breach occurring, it won’t eliminate the possibility altogether. That’s why it might be a good idea to bring on board an external security provider who can bring in specialists to keep your business secure. Having the right safeguards in place can mean the difference between keeping your doors open or shutting up shop for good.