Cybercriminals have entered the real estate industry: and they’re not going away
As technology advancements continue to transform the way we do business – increasing productivity, expanding reach and in turn, raising revenue – it brings with it a whole new set of risks, in the form of increasingly sophisticated networks of cybercriminals.
Since the world first became aware of the concept of cybercrime, its prevalence and sophistication has grown at an alarmingly rapid rate.
Over the past few years, an increasing number of cybercriminals have shifted their focus to the real estate industry, with reports that attacks against property-related businesses have grown by more than 1100%.
So significant is the problem, the National Association of Realtors issued an alert to the industry earlier this year, advising members to view data security as a serious threat that demands serious attention.
“Once criminals are successful in a scam or attack, other crooks smell ‘the blood in the water’ and can have a crack themselves using their own favourite tools and techniques,” says cybercrime expert and senior security research t Dell Secureworks, Alex Tilley.
“Criminal success begets criminal success to be honest. And with real estate criminals have been successful!”
What is cybercrime?
Put simply, cybercrime refers to any crime committed on or using a computer. Of course, these days, the definition of computer is pretty broad, and includes other devices such as smartphones and tablets.
“When I started in banking almost 20 years ago was around the time when banking focused cybercrime was first emerging, so some of us who are as old as me like to joke that we started at the same time as the crooks we’re chasing!
“But traditional hacking has really been around almost as long as computers have been able to communicate with each other. There’s nothing really new about it.
“It’s just a bit easier now to be more effective and cause more damage.”
It’s also comparatively low risk compared with other types of criminal activities, and as a result, is on the rise.
“Very much so. As criminals realised how much money is to be made from the various types of cybercrime with lower risk than say drugs or physical extortion, it exploded in popularity and that continues today as new types of crime emerge online and criminals get rich.
“They don’t want to stop!”
As technology evolves, so too does the crime that uses it to execute criminal activity. Similarly, as defence strategies against cybercrime improves, the crooks have to get more creative.
“Money is a great motivator for innovation.”
A global problem, with catastrophic consequences – for businesses large and small.
“Financial loss is the biggest impact, of course, to scams and fraud, but ransomware attacks can cripple a business by encrypting all their computers and demanding a ransom payment to unlock their data.
“This is incredibly common these days.”
Tilley says there has also been a resurgence of con-trick based human attacks and scams, where criminals use technology to facilitate a human crime, rather than carrying out activities know strictly as cybercrime.
As defences grow, the evolving nature of the complexity of the attacks means businesses of all sizes need to be on high alert, prioritising the implementation of a defense strategy to protect themselves from cybercrime, just as they protect themselves from physical crime.
“Everyone is vulnerable,” he says.
“They’re after money and in many cases smaller organisations have less protection and defenses – and their money is just as good as a large, well-protected enterprises!
“There is so much to worry about running a small business that until it’s front and centre, the ephemeral “cybercrime” is not high on their list.
“Cybercrime truly is a global problem both from the location of the victims and the criminals alike. It’s everywhere!”
Cybercrime – coming to a real estate agency near you
“Increasingly, crooks are seeing real estate as a great way to steal money,” says Tilley.
“The real estate industry routinely transfers large sums of money as a matter of course and the crooks want that money – so just like other verticals, real estate is in the firing line for scams and theft and folks really need to be aware of that.
The ways in which cybercriminals target real estate business varies.
“Impersonating one party in a transaction to divert the funds being transferred is a key method – of course that impersonation is done through various means.
“Often email boxes are hacked or company internet domains are impersonated.”
Cybercriminals might target deposit transfers, bond repayments, even settlements.
“Any occasions where money is, or can be made to, move from one party to another is prime for attack.
“Every agent and conveyancing firm handles aspects of their security and transactions in their own way.
“This means that criminals can try different approaches to attempt to steal funds from different targets as they succeed or fail.
“The money is there and they want it.
“They’ll keep trying, much like a traditional thief rattling door handles down a street until they find an unlocked one, moving onto a different agency until they’re successful.
“There’s no shortage of criminal techniques or potential victims.”
Following the success of cybercriminals in infiltrating the real estate industries in the USA and New Zealand, Tilley says its likely Australia will become a central target.
“Other countries fall victim as the crooks ‘try their hand’ at new markets.”
Protect yourself, and your business
Knowing your customer is crucial, says Tilley.
“Don’t rely on digital and email communication only, pick up the phone and call to confirm any bank account changes or indeed that the specified bank account in the document, email or invoice is the correct one.
“The crooks can impersonate you and your client and alter documents and emails you send.”
Put simply, don’t trust any detail in an email without verifying it via another means.
“But remember, the phone number listed in an email can also be altered by criminals so have a ‘known as good’ phone number.
“Also just being aware that this crime happens and that you have to be diligent with all aspects of your business will make you a harder target for these experienced and motivated crooks.”
Keeping an eye for suspicious activity is paramount, and might include:
- Requests to alter bank details or contact arrangements (phone numbers, emails);
- Changes in language used in emails;
- Fonts in documents that don’t look quite right;
- Delays in communications that include bank details;
- A sense of urgency to ‘get this done right now and don’t ask questions’ in communications around funds transfers.
“But to be honest, everything could look fine and nothing could be suspicious.
“The crooks are good at what they do and the first time anyone knows something has gone wrong with a transaction can be after it’s already been done and the money is long gone.
“Criminals don’t keep doing crime unless they’re getting money out of it, so diligence in all aspects of financial transactions is key.
“Question everything if something doesn’t smell right, pick up the phone.”
Despite increasing awareness about cybercrime and growing defence strategies, Tilley predicts technology-based theft will get much worse.
“Money is a tremendous motivator and there’s lots of money flying around the world with very little risk to the crooks.
“The understanding of this unfortunate fact is key to protecting yourself and your business.
“You are not too small or big for a crook to worry about, but we still need to do business so use 2factor (rolling codes) on your email and normal rules around not reusing passwords.
“Cybercrime is just like physical world crime, you wouldn’t walk down a dark alley at night alone in a bad neighbourhood.
“Pick a different route to get your business to where you need to get using your knowledge of bad things happening to help you avoid those situations.”