As cyber attacks on real estate agents and brokers increase, clients are paying the price.
Most of the country is facing high demand for housing with extraordinarily low supply. This creates a highly competitive sellers’ market in which buyers compete to have offers accepted. The urgency and need to move fast makes real estate agents, and their clients, prime targets for cyber crime. As noted in a recent bulletin from CRES Insurance, brokers and agents need to protect themselves and their businesses from cyber attacks.
Imagine being a real estate agent and receiving a call from client excited that their offer was accepted and confirming that they have wired the deposit, only to realize that their offer was not accepted. They share the email with you with the instructions. The email looks like is from you, your assistant, or your firm. The message uses words and phrasing that you and others at your firm regularly use. Without close inspection, the message appears to be legitimate.
Your email domain and/or your identity has been successfully impersonated. Your client has lost thousands of dollars. Your reputation is damaged. You may be facing legal action.
This form of attack, a Business Email Compromise (BEC), is on the rise and real estate agents and brokers are the target. Attackers compile information about you, and how you work, from public sources and social media. In some cases, you may be an unknowing victim of an advanced persistent attack. In these attacks, hackers install software the sits quietly on your computer, tracking your activity, and sending information back to the attacker’s servers. The attackers then use this information to impersonate you and/or your business.
Once an attacker can impersonate you or your business, your clients become the financial victims. You face a loss of clients and reputation, and potential legal action.
Your Action Plan
Like any business, agents and brokers need to ensure their systems are safe and secure. They should also take steps, specifically, to prevent domain and email impersonation. Here are steps you can take.
- Ensure you and your team understand cyber risks and how to minimize your risk of attack.
- Use protective technologies:
- Next-gen endpoint protection to prevent malware and ransomware on your computers
- Email advanced threat protection to prevent phishing and other email-based attacks
- Multi-factor authentication to protect your identity.
- Configure email security solutions that prevent domain and email impersonation
Feel free to contact us to discuss your security profile or for a security assessment.