The real estate industry has been the second largest target of cyberattacks since mid-2017, according to a new report from a digital security firm — highlighting the need for agents, brokers, and other professionals to be aware and use security measures when corresponding online and sending information via email.

The report, from Proofpoint and out today, found that real estate companies have suffered an average of 277 cyber attacks since the third quarter of 2017. Only the biotech industry saw more attacks per company during that period, the report notes, and real estate was more targeted than consulting, construction, engineering and numerous other industries.

During the third quarter of 2018 alone, real estate companies saw an average of 54 attacks per company, which was the third highest among the industries identified in the report. Proofpoint did not specify which companies were impacted, or even if they were real estate brokerages, title companies, mortgage lenders, tech vendors, or some other category of real estate businesses.

Credit: Proofpoint

Proofpoint offers cybersecurity services and compiled the report by examining data related to its clients’ email, social media, and other online tools.

Why real estate is being targeted

Ryan Terry, a senior product marketing manager at Proofpoint, told Inman in an email that the real estate industry makes a tempting target for attackers because its “high-value transactions occur frequently and mainly take place digitally.” He also pointed out that there are multiple people involved in real estate transactions, giving “fraudsters multiple opportunities to insert themselves.”

Ryan Terry

“There is also a great deal of publicly available information about real estate that enables the fraudsters to easily identify targets and insert themselves into these digital transactions,” Terry added.

Be on the lookout for phishing, urgent emails, and transfer requests

Cyber attacks come in a variety of forms including credential phishing (sending faked emails or forms to trick recipients into handing over credentials like passwords), URL-based attacks, and email fraud. The Proofpoint report describes instances in which attackers try to “convey a greater sense of urgency” via subject lines that include words such as “request” and “payment.” Such attacks were up 48 precent during the third quarter of 2018.

Spoofing a user’s display name is also an exceedingly common tactic and accounted for more than 99 percent of all fraudulent emails last quarter, up from 90 percent during the previous quarter, according to the report.

Terry said that most real estate-focused email attacks are customized and use “believable, and often expected, requests for personal information and payments.”

“For example, a first-time home buyer is awaiting a down payment request from a lender and is therefore in a vulnerable situation if they receive a fraudulent email asking for a wire transfer for the expected amount,” he explained.

In addition to email, social media profiles remain “key vectors for fraud and theft,” according to the report, though protections from companies such as Twitter and Facebook have “cut phishing links by 90% vs. a year ago.”

Who is at risk?

Terry said that last quarter 14 percent of attackers targeting the real estate industry went after a CFO, 9 percent went after procurement personnel, and 9 percent went after a human resources department. He added that the prevalence of independent contractors in the real estate industry can increase risk because with multiple “points of entry” it becomes more “difficult for people to identify suspicious anomalies in their communications.”

How to bolster your defenses

The report recommends a number of precautions companies can take to protect themselves including training employees to spot malicious email, investing in custom email quarantine and blocking tools, and making sure the attacks never even reach their targets in the first place.

“Attackers will always find new ways to exploit human nature,” the report states. “Find a solution that spots and blocks inbound email threats targeting employees before they reach the inbox.”

Show Comments Hide Comments
Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Thank you for subscribing to Morning Headlines.
Back to top
Only 3 days left to register for Inman Connect Las Vegas before prices go up! Don't miss the premier event for real estate pros.Register Now ×
Limited Time Offer: Get 1 year of Inman Select for $199SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription