Let Us Help: 1 (855) CREW-123
Find a Pro
KeyCrew Journal Logo
  • Home
  • Real Estate Industry Sitting on a Cybersecurity ‘Time Bomb,’ Says Security Expert

Real Estate Industry Sitting on a Cybersecurity 'Time Bomb,' Says Security Expert

protectnow

The real estate industry has dodged a major cybersecurity crisis so far – but that might be more curse than blessing, according to industry security expert Robert Siciliano. Despite handling billions in transactions and sensitive personal data, the industry remains strikingly vulnerable to modern cyber threats.

“The real estate industry is one of those significantly impacted by this issue, and it’s one that still really hasn’t suffered a major breach of data,” warns Siciliano, a cybersecurity expert who has spent over three decades focusing on realtor safety and security. But rather than being a sign of robust security, this lack of major incidents may actually be masking a more dangerous reality.

The industry’s fragmented nature – with thousands of small brokerages and independent contractors – has created a false sense of security, Siciliano explains. “Due to the fact that real estate agents are generally small, independent contractors, and the brokers themselves might not have more than 10 to 30 agents… they have not suffered significant losses of data. You can’t look at the history of it and say, ‘Oh, this particular franchise suffered so many millions of data record breaches.'”

Dangerous Knowledge Gaps

The statistics Siciliano encounters in his speaking engagements paint an alarming picture of industry preparedness. When he asks about basic security measures, the responses are consistently troubling:

“If I’m speaking to 100 people, if I get 10 people to raise their hand [who have undergone phishing simulation training], that’s a lot,” Siciliano notes. “And then I’ll ask those 10 people, ‘So besides real estate, or prior to real estate, what did you do for living?’ And all of them have either worked in some type of technology field, or government or something besides real estate. None of them were phished on purpose through fishing simulation training, through their broker, through their franchise ever.”

The Password Problem

The vulnerabilities start with the basics. “If I get 15% of the room to raise their hand [saying they use different passwords for critical accounts], that would be unique,” Siciliano reveals. This suggests the vast majority of real estate professionals are reusing passwords across multiple accounts – a practice that puts them at severe risk when any of those accounts are compromised.

Even more troubling: “If I get 25% of the room to raise their hand [using two-factor authentication], that would be a lot.” This leaves a substantial majority of professionals without this critical security measure protecting their accounts.

The Wire Fraud Threat

These security gaps create perfect conditions for sophisticated wire fraud schemes. Bad actors can compromise email accounts and lurk silently, monitoring transactions and waiting for the perfect moment to strike. “The bad guy can log into their email and monitor all of their transactions, and watch and wait and lurk in the background and see that there’s a closing coming up in a couple of weeks,” Siciliano warns.

When the time is right, the fraudster poses as the real estate agent from the compromised email account, sending seemingly legitimate wire transfer instructions to buyers. “The buyer might be a little bit confused with that request, and the bad guy – still posing as the real estate agent – will respond to diffuse or alleviate those concerns and eventually convince that buyer to wire that money to that bank account that is controlled by the bad guy.”

The aftermath of such fraud can be devastating for everyone involved. “You know that house isn’t getting sold, or at least not to that buyer. The real estate agent is going to lose out on the commission. The broker is screwed because someone’s going to get sued,” Siciliano explains. And of course, the buyer faces the catastrophic loss of their down payment – often their life savings.

AI: Making Bad Actors More Sophisticated

The threat landscape is becoming even more treacherous with the rise of artificial intelligence. Siciliano explains that AI is making these scams more sophisticated and scalable: “What AI does is… it automates the communications in such a way where… the bad guy will create a communication that is well written. It’s written by AI. It’s convincing enough due to the fact that it’s perfect. There’s no scammer grammar. There’s no punctuation errors.”

This sophistication extends to handling any suspicion or resistance from potential victims. “There might be resistance, in some cases, from the buyer… And AI will then be responsible for creating that response which would be a perfect response.”

Industry Support Waning

Despite these mounting threats, institutional support for cybersecurity training appears to be declining. “NAR stopped investing in realtor safety by not providing a grant for Real Estate Board of Realtors to pay for this type of training,” Siciliano notes. This comes at a particularly challenging time for the industry, with high interest rates and market uncertainties already straining resources.

“Security requires an upfront investment to be proactive, to mitigate and reduce risk,” Siciliano emphasizes. “Reducing risk directly affects your bottom line but the salesperson never thinks in those terms. It’s only when something bad happens, like ransomware, which is too late, and they wonder why.”

Taking Action

For real estate professionals looking to protect themselves and their clients, Siciliano recommends starting with basic security measures like unique passwords and two-factor authentication for all critical accounts. His company offers the CSI Protection certification program, which provides comprehensive training on cyber, social identity, and personal protection.

The stakes couldn’t be higher – potentially including lost sales, damaged reputations, and legal liability. As Siciliano puts it, “I have to keep screaming why this is so important and why you need this when I shouldn’t have to keep doing that.”

For more information about cybersecurity training and certification, visit ProtectNow LLC.