Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/20/2018
12:50 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Real Estate Industry Remains Rich Target for Cybercrime

Trojans, file downloaders, stolen credentials, and BEC scams, hitting the real estate sector.

The real estate industry has been a fertile sector for online fraudsters for a decade or more – and recent research says the scams have increased exponentially. 

In a public service announcement released on July 12, the FBI Internet Crime Complaint Center (IC3) reported that the real estate industry has become especially susceptible to business email compromises (BECs) and email account compromises (EACs).

The attacks impact all levels of the industry, including title companies, law firms, real estate agents, and home buyers and sellers. In the past year, the highest victim losses reported in one month came in September 2017 at $18 million.

Meanwhile, new research from Proofpoint underscores the threats to the real estate industry. "The fraudsters prey on people's good nature and desire to get business done," says Sherrod DeGrippo, director, emerging threats at Proofpoint, which published a blog last week that outlines the major security threats facing the real estate industry.

DeGrippo adds that real estate transactions typically include electronic signatures, countless exchanges of documents via email, and a variety of interactions with potentially unfamiliar contacts. And, of course, there's also a lot of money involved.

"When a real estate person holds a 20% down payment, that can be thousands, possibly millions of dollars," DeGrippo points out.

Jessica Edgerton, executive vice president of operations and corporate counsel at Leading Real Estate Companies of the World, says the real estate industry has been fighting these battles for many years.

"Part of the problem is that the modern real-estate deal is a complex transaction involving a large number of number of parties, all of whom are sending sensitive information via electronic means," Edgerton says. "More players and more electronic communications mean more potential holes for the fraudsters to sneak in. And the stakes are high. A home is the biggest purchase of most people’' lives.

"Down payments are significant chunks of money, so real estate-targeted wire fraud is a lucrative business, there's no doubt about it," she says.

Proofpoint's DeGrippo says the five top threats the real estate industry and potential home buyers face are:

  • Banking trojans: Malware that gets in between the user and an online banking session. Once they have the user's credentials they can potentially steal the total amount of the transaction.
  • File downloaders: Threat actors will send an email with an attachment or link and as soon as the user clicks on it the criminal gains access to the user’s machine. From there they can either steal valuable files from a machine or infect the computer with additional malware or ransomware. One of the most common methods: via an attachment that requires the user to enable macros or content within Microsoft Word, which allows the downloader malware to pull other kinds of malware onto the machine.
  • Information stealers: The criminal gains access to the victim’s machine via installed stealer malware. Once that gets installed on a victim's machine, the attacker can steal passwords stored in a browser or sensitive documents stored on the machine, including documents such as W2s or other tax files.
  • Corporate credential phishing: Here the hackers leverage a corporate brand to lure the user into clicking on a phish. In the real estate industry, bad threat actors often use the DocuSign logo fraudulently to get unwitting users to click on what seems to be a legitimate transaction.
  • Consumer credential phishing: Attackers will use common home buying and consumer brands that frequently send notification-style emails, including Amazon and Facebook, to lure homebuyers into making fraudulent transactions.   

Gad Naveh, advanced threat prevention evangelist at CheckPoint Software Technologies, says real estate companies should start by keeping their business employees aware of the fraud problem in the real estate industry.

"Companies also need to have protection at their endpoints," Naveh says. "There are ways today to recognize if people are reusing their passwords. Companies can use tools to set policies for their business users not to reuse the passwords."

Brokerages should consider educating sales agents and office managers about cybersecurity best practices, Edgerton says, and that agents should educate home buyers about the potential for transaction-based fraud. And home buyers should always pick up the phone and call the real estate office before wiring money to verify that the instructions are correct.

"Legitimate businesses are not going to send home buyers a link to verify their credentials," she says.

As for the ongoing DocuSign scam in which home buyers are being lured to click on websites with fake DocuSign logos, she says unless users are absolutely sure of the sender, "don't click on anything in a notification email. Instead, go to the DocuSign website and click on the 'access documents' link in the top right corner. You can enter the code you received there without risk."

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
CourseworkCamp
50%
50%
CourseworkCamp,
User Rank: Apprentice
8/21/2018 | 7:04:30 AM
Anna
Illustrious Bank of Canada machine learning analyst and Terbium Labs boss researcher examine how they utilize insight about the checking business sector to foresee the Coursework Writing Services UK following installment card misrepresentation casualties. Google's most recent cloud security rollouts incorporate early arrivals of its cloud-facilitated security module and a holder security instrument to check marked pictures.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...