Cybercrime in Commerical Real Estate: Mitigation Tips and Statistics

Naturally, as technology advances so do the strategies that cybercriminals use to access sensitive information. Industries such as the retail, travel, hospitality, and financial service industries are the latest target for cyberattacks. 

As technology has advanced in the commercial real estate industry in ways such as free commercial real estate listings and smart buildings, the industry is becoming more susceptible to cyberattacks.

According to a survey done by KPMG in 2018, 30% of organizations claimed that they had experienced a cyberattack in the last two years. Only 50% of these organizations said they were properly prepared for a cyberattack. 

So what can those in the commercial real estate industry do to protect themselves from cybercrime? Let’s take a look at what cybercrime looks like in the industry, how to identify it, and how to prevent it.

Cybercrime in the CRE Industry

There’s a huge technological boom in the commercial real estate industry happening right now in various ways. 

Between storing information and documentation in the cloud, to smart buildings with all the features connected through an automation system, there can be a lot at risk in the CRE industry.

This is especially the case since the COVID-19 pandemic shifted everyone to remote work. Commercial real estate agencies are utilizing different applications and websites to stay connected to both their clients and employees online. 

Since the CRE industry is considered to be a little behind technologically compared to other industries, it is easier to overlook cyber protection and knowing how to secure data. 

AI-Powered Building Security

In many technologically advanced buildings, artificial intelligence is an essential part of automated security. 

On top of the simplification that AI brings to building security, it’s also because many view AI as an answer to impending cyberattacks.

However, skilled hackers and cybercriminals will also use AI for their schemes. For example, AI can be used with malware to bypass any of the security measures that are in place. 

Plus, cybercriminals can use their own AI or tamper with existing AI security to give them access to sensitive information.

Of course, creators of AI security systems are trying their best to stay ahead of cybercriminals and creating AI systems that are more adaptive. This can prevent the programs from being fooled by an attacking AI that was created by a hacker.

Knowing What Cybercriminals Are After

In most cases, cybercriminals are looking for important information and money. They could be looking for names, birthdays, social security numbers, credit card information, and more.

This makes the CRE industry a pretty big target for hackers, especially since large sums of money are typically involved in purchasing or renting a commercial property.


Phishing for data is the most common way that cybercriminals receive the money or information that they are looking for. 

Three common types of phishing that occur in the commercial real estate industry:

  • Financial phishing: Criminals will trick victims into providing them with the log-in information for services like banks or other lending companies.
  • Business email compromise phishing: This is also known as “cyber-enabled financial fraud” and targets those who are doing a wire transfer. The criminals will make it look like an escrow agent or contractor is asking for a wire transfer.
  • Account takeover phishing: This scam is done in two stages. The first stage requires the criminal to steal an agent’s email log-in information. Then that information is used to scam buyers, sellers, and banks that the agent is connected to.

According to the information obtained from the FBI’s Internet Crime Complaint Center, the business email compromise scam is the most common type of scam that occurs in the real estate industry. 

The whole point of a phishing scam is to look at real as possible, so sometimes it is possible to misread a situation and send sensitive information to a criminal. 

Sometimes protecting yourself against a cybercrime goes beyond training them to identify suspicious emails.

Preventing a Cyber Attack

One issue that many companies face is believing that cybercrime could never happen to them. In reality, that’s not true. 

It doesn’t matter how secure your company is; there could be a hacker who is advanced enough to overcome your security measures. 

Regardless, commercial real estate agents should learn the various strategies to protect themselves from cyberattacks.

It’s important to bring awareness to cyberattack prevention across your whole team. 

Don’t work to just protect yourself or your information; educate all your employees on how to recognize cyberattacks. 

It’s also important to teach them what they should do in the case of a security threat (who at IT to notify and how to disconnect from the network).

Tips On Keeping Your Accounts Secure

One of the best things that you can do for yourself and your accounts is to regularly change your passwords to something different and secure. Random password generators are great for this.

You should also be wary of any sudden changes or urgent information requests. In most cases, there won’t be any sudden name or instruction changes during a transaction. 

If something does change, you should also inquire about it before going forward.

Be careful of what you said in emails. You should avoid sending any banking or social security information. Use encrypted email if you have no other option besides emailing such information.

This may seem obvious, but avoid clicking on any suspicious links or links sent from someone you don’t know. This also counts for images or downloadable files.

Lastly, be wary of public WiFi connections. You should never send any sensitive information when you are connected to a public IP address. 

Protecting Your Agency’s Cybersecurity

Every employee or agent involved in your real estate transactions should be knowledgeable in preventing cyberattacks. 

Here are some ways you can keep your agency’s information secure:

  • Using email and web security gateways to filter out any potential threats;
  • Prevent malware attacks with endpoint security;
  • Enforce regular password changes and two-factor authentification;
  • Train your employees on cybersecurity regularly.

The best thing you can do for your company is to continually maintain these practices to prevent any information from being leaked or stolen.

Leave a comment