Attacking Real Estate Businesses in Addition to Buyers
Beyond the BEC and phishing attacks against buyers themselves, real estate businesses are also directly targeted, albeit to a lesser extent. According to Proofpoint’s Threat Insight blog:
These include email attacks on realtors, homeowners insurance agencies, and more, in which the primary payloads included remote access Trojans (RATs). Because of the nature of the transactions in which these business engage, RATs and information stealers offer additional opportunities for threat actors to steal a range of personal and banking information.
Real estate businesses, mortgage companies, brokers, title companies, and others collect personal data that could be highly profitable for criminals, from Social Security numbers, bank account information, and personal checks, to credit card information, drivers’ license numbers, and more.
Tips for Safer Real Estate Transactions
Here are our tips to help buyers stay safe when conducting real estate transactions:
- Protect your email account. Make sure you are following best practices for creating strong passwords and enable multifactor authentication whenever possible.
- Carefully examine any email that contains attachments and embedded links. Take extra steps to verify that the communication is legitimate before taking action on it.
- Don’t use free WiFi networks while conducting financial business.
- Be wary of any closing or wiring instructions sent via email, especially if they request last-minute changes to the process.
- Verify instructions with settlement personnel either in person or by phone to make sure they are correct. Remember to independently verify the phone number — the number in an email you receive could simply connect you to a fraudster.
- If you are the victim of wire fraud, contact the authorities immediately, such as a local FBI office.
Real estate professionals can find cybersecurity resources on the National Association of Realtors website, including advice about protecting their clients from cybercrime and controlling the damage caused by any successful scams, as well as a Data Security and Privacy Toolkit.