Case Studies

Mini Case Study: Real Estate/Mortgage attack scenario

Financial services, especially real estate related, have been particularly susceptible to “3rd party” based attacks. It often goes like this:

  1. The real estate agent, loan officer, processor, transaction coordinator, attorney, or title/escrow rep receives a phishing email.
  2. The victim falls for the phishing email.
  3. The account and credentials are compromised, unknowingly.
  4. The hacker then monitors the accounts and waits – observing the email dialog with his clients. 
  5. When it is time to close, the hacker impersonates the agent and requests a wire transfer of funds for the home purchase/closing costs/escrow/mortgage payoff from the client (3rd party) who unknowingly sends the funds to the hacker. 

The result of this hack is the apparent financial loss and the irreparable reputation damage to the agent or loan officer and the broker. 

Gone Phishing Consultants leverage industry expertise to expose these types of attack scenarios through customized awareness training. Yes, it is scary, but by creating a safe, open dialog, agents and brokers will know what is personally at stake and be motivated to embrace the training.

 

Fraudulent real estate transactions as a result of cybercrime increased from $19 million in 2016 to almost $1 billion in 2017

– FBI via the Chicago Tribune

 

Are you still wondering if this can happen at your brokerage to your agents? YES!

Why is the industry a target for hackers?

  • Agent’s email addresses are VERY publicly available, making it simple to acquire a target list.
  • Real estate presents a high dollar potential payout, which motivates hackers to invest time and compose sophisticated attacks that circumvent security.
  • Real estate and mortgage companies and associations represent troves of valuable customer data.
  • The industry is highly mobile, and independent contractors are less reliant on corporate security systems.
    • The mini case study could happen from an agent’s personal email, yet the broker’s reputation and financial resources will take the hit.