Weak IT infrastructure, lack of standards drive real estate fraud attacks

Real estate professionals and buyers are facing a heightened risk of fraud attacks due to lacking IT protections and reporting standards.

A study from security provider Certifid found that real estate companies lost about $500 million to fraud attacks, while 17% of companies fell victim to business email compromise (BEC) attacks in the last calendar year. Certifid polled some 1,500 buyers and sellers, as well as real estate agencies and collected data.

According to the study, those who buy and sell properties are at a heightened risk of cyberattacks and fraud operations.

“Lagging adoption of cybersecurity measures by a sector that handles trillions of dollars annually is harming American consumers, endangering businesses, and enabling global cybercrime enterprises. Inconsistent industry practices are leading to greater vulnerability for certain populations of consumers,” Certifid offered in its report.

Part of the problem is a lack of a strong, full-time IT infrastructure at most real estate agencies, argued Certifid. Organizations often are not only unable to catch potential fraud operations as they happen, but are also unable to properly report them to authorities.

The lack of infrastructure creates a fertile climate for fraudsters to prey on the real estate agencies and buyers for wire fraud attacks in which payments are redirected to an account controlled by the threat actor.

“17 percent of responding title companies sent money to an incorrect account last year due to fraud, and of those who did, half did so more than once,” Certifid noted.

“For such a significant portion of the industry to have experienced an incident in their business further demonstrates how widespread the problem of real estate wire fraud has become.”

Interestingly, it is not the traditional Boomer demographic that is falling victim to fraudsters, but rather the supposedly tech-savvy Millennial and Gen Z groups. The report found that first-time buyers were disproportionately prone to be on the receiving end of payment fraud operations.

On average, the study found that first-time buyers were three times more likely to be duped by scams in which the attacker pretends to be a real estate agent or loan officer and redirects a down payment to an account they control. It is believed that this stems from first-time buyers relying more on their real estate agents for advice on the buying process, thus being more susceptible to impersonation fraud.

The security provider, who just happens to specialize in services for real estate firms, argued that a large part of the problem is a lack of IT and security infrastructure, as well as a lack of any structured system for reporting and remediating fraudulent transactions.

“Victim experiences and approaches to funds recovery vary widely. Unsure of who to turn to, victims contact anyone and everyone around them for help: their bank, title company, attorney, or law enforcement,” Certifid argued.

“Without a standardized process or support, additional stress ensues, and the likelihood of recovery is impaired.”