Hackers target small real estate businesses


SMALL real estate businesses are increasingly becoming targets of sophisticated cyber scammers, the Silicon Valley Association of Realtors (Silvar) quoted panelists as saying at a risk management forum at the 2015 National Association of Realtors Conference and Expo in the United States.

A US-based trade organization, Silvar acts as an ambassador association of the US’ National Association of Realtors (NAR) to the Philippines.

Silvar’s Information Officer Rose Meily said the panelists at the real estate conference discussed potential threats and offered tips for real estate businesses from cyber attacks.

Jessica Edgerton, NAR’s associate counsel, said in recent months, real estate professionals have reported an upswing in spear phishing, a particular wire scam where a hacker breaks into an agent’s email account and obtains information about an upcoming real estate transaction. After monitoring the account, the hacker will send a mock email to the buyer as they near closing, posing as the agent or someone from the title company and requesting that the buyer wire transaction-related funds.

Edgerton mentioned a case, where a buyer from the Philippines almost lost $800,000 to a hacker.

She added a first-time buyer from another country actually lost $13,000 when they wired funds to what they thought was the title company.

Edgerton recommended agents to inform their clients at the beginning of any transaction about this scam.

“If buyers receive an email about wiring funds, they should immediately call their agent on the phone and confirm,” Edgerton said. “It’s a fail-safe measure to call first before you send the money.”

NAR technology policy expert Melanie Wyne said the news often focuses on large companies falling victim to hackers, but small businesses, which often lack the vast technology and legal teams of larger businesses, actually experience majority of attacks.

“Small businesses need to pay just as much attention as large companies to possible cyber threats,” said Wyne.

Wyne recommended researching the level of security these companies are employing before using their services and storing information or documents into them.

She also recommended agents to ask these services to be indemnified in case the service is hacked.

Anyone using a free email service for business should encrypt emails with client data, she said.

Wyne said businesses can suffer financial harm from expenses resulting from a data breach, legal risks from lawsuits from clients or others impacted by the hack, and reputational risks from having to publicly disclose the hack.

While cloud and free public wifi services are convenient for business, they are never completely secure, Wyne warned.

Darity Wesley, founder of the Lotus Law Center, said hackers are seeking personal identifiable information, such as credit card or bank account information, log-in credentials, employment details or a physical address, email address, and phone or social security number.

“Identity thieves can do a lot of damage with this information; your credit and whole life could be ruined,” warned Wesley.

Wesley added, “It is good basic practice and most important to always communicate with your buyer.”

The panelists recommended strong passwords, developing a data security program, and implementing safeguards to protect private data.

A privacy policy disclosing some or all of the ways the business collects, shares, protects and destroys personal client information is also good business practice, they said.

The panelists emphasized that in today’s internet world, one is never completely secure.

“With cyber criminals becoming more sophisticated, businesses constantly need to keep abreast of new data security enhancements,” they said.


Please follow our commenting guidelines.

Comments are closed.