Many real estate professionals have become keenly aware of targeted wire fraud scams that include email impersonation tactics. A growing avenue cyber criminals are using to get highly sensitive financial data is known as spear phishing, according to Asaf Cidon, vice president of content security for Barracuda Networks, a data protection company.
Spear phishing is a highly targeted and researched personal attack that is difficult to detect. Hackers might not use a malicious link or attachment, but will instead use nonalarming messages—sometimes impersonating another individual—in order to trick users into thinking the sender is safe so they offer up confidential information. This could be in the form of wire transfer instructions or other financial data.
With the FBI estimating that $5 billion has been lost from fraudulent wire transfers and other spear phishing attacks, the threat is becoming more sophisticated against the real estate industry. “It’s extremely easy to fall for this type of attack, especially under the pressure of closing a purchase of a property,” Cidon says.
Here are three ways to fight these threats against your real estate company.
Training and education. Helping your agents understand the threat of spear phishing is a great first step to ensure security, Cidon says. “The best training tools allow IT to simulate real attacks, impersonating executives in the company to test the security awareness of employees,” he says. Ensure that your staff and agents know that any financial transactions must be verified with a phone call or in-person conversation, not just email. Plus, when the people in your office are aware and know how to identify signs of a possible attack, everyone is safer.
Email security. Hackers target real estate pros and their clients by “spoofing” someone’s email address so the recipient thinks it’s legitimate because it looks the same. Domain-based Message Authentication Reporting and Conformance is an email authentication, policy, and reporting protocol, Cidon says, that can help protect a domain from fraudulent email. Talk to an IT professional about setup so you can ensure no one else can send emails from your domain.
AI Technology. “New AI-based technologies can automatically learn your organization’s unique communication,” Cidon says. These artificial intelligence systems monitor your email and will alert you to signs of abnormal attributes in the metadata and content of incoming messages.
Barracuda Networks also suggests free tools that can scan Office 365 accounts for advanced threats to determine your risk level. “Unfortunately, spear phishing carries a very significant risk, so it is well worth taking necessary steps to make sure you’re doing everything you can to keep your clients and organization safe,” Cidon says.
Source: Asaf Cidon, Barracuda Networks