News & Media
Lock sitting on a keyboard
piranka / Getty Images

Data Breaches: 5 Ways to Defend Your Real Estate Business

Do you use a tagline at the bottom of emails warning customers about real estate email scams? It’s not enough, says a security expert at NAR’s recent convention.

CHICAGO – Using a tagline at the bottom of email signatures to warn about the dangers of wire fraud scams is simply not a bold enough alert for clients, according to security expert Robert Siciliano at the recent Realtors® Conference & Expo in San Francisco.

The industry is “functioning in a state of denial like a breach will never happen,” Siciliano said. “Many real estate agents don’t fully understand the real threat, and the bad guys are exploiting the flaws and vulnerabilities of the real estate industry’s inaction.”

Here’s how many of these scams work: Hackers gain access to a real estate professional, lender or title company’s email and monitor the communications over time to learn about the parties involved in a transaction. Then, just before closing, the scammers fake an email that appears to come from you to the client with wiring instructions. Once a client wires funds, investigators rarely recover them.

Siciliano, a security trainer at, provides training in “Cyber Social Identity and Personal Protection.” Here are a few of his tips:

1. Stop being naive.

If you think it can’t happen to you or your client, think again. Reports of real estate-related email phishing scams jumped 1,100% between 2015 and 2017, according to the Consumer Financial Protection Bureau (CFPB). The CFPB estimates a loss of nearly $1 billion to date in these types of real estate transaction scams.

Be skeptical of all communications, Siciliano said. “When the phone rings or an email comes in, scrutinize all communications in such a way to expect first that it is fraud, and then gather proof to confirm its legitimacy before providing any sensitive information or wiring of any funds. We have given too much trust to electronic communications.” Go directly to websites or call someone to verify information. “Don’t blindly engage, or you put yourself at risk.”

2. Do more to educate your clients.

Fully understand the threats out there so you can effectively communicate them to your clients. “Copying and pasting a warning in red text in the body of the email is like you’re washing your hands of it and believing you’ve done your job,” Siciliano said. “That is not enough.”

Have face-to-face conversations with clients, clearly explain the risks and warn clients to verify any wiring instructions they receive with you before they take any action.

3. Better protect your passwords.

Weak passwords make it easier for hackers to gain access to accounts. Siciliano showed attendees how easily email passwords can be exposed and how to tighten their security. For one, better password management can be a starting point.

“Most real estate agents are using the same password across multiple accounts,” Siciliano said. “This means that when any given account is compromised, such as an existing social media account where the password is the same as the email password, then the criminal has access to their actual email and simple log-ins. Use a password manager software program that facilitates a secure and different password across all critical accounts.” Also, use two-way authentication for your email.

4. Update software regularly.

Outdated software is another way scammers can gain access to your communications. Older devices don’t have the ability to fend off newer software attacks, Siciliano said. Consider “updating and upgrading hardware to newer mobile phones, laptops, and desktops that can support newer operating systems and security software,” Siciliano said.

“With software updates, make sure that all operating system software has the latest security patches, and that you’re updating each and every software program, such as your browser and even Adobe, with critical updates to prevent intrusions from recognized flaws.”

5. Raise your digital literacy.

Don’t brush off threats because you don’t understand them, Siciliano warned. Read up on the dangers and find training to learn what more you can do.

“It’s amazing that still, to this very day, I hear about real estate agents doing a simple search in their browser, and they don’t know whether what they are clicking is legitimate or fraud,” Siciliano said. “Navigating the web and utilizing digital devices has become fundamental to performing our job duties. And wrapping our heads around these various technologies and understanding what we are clicking is fundamental.”

Source: National Association of Realtors®

© 2019 Florida Realtors®