Technological advances, such as the mainstream availability of Artificial Intelligence (AI), the rise of instant payment options, and social engineering mean that cybercriminals continue to grow in their scope and sophistication. According to the Federal Bureau of Investigation (FBI)’s most recent Internet Crime Report, a “staggering” new record of $16.6 billion in potential losses from cybercrime was reported in 2024, a 33% increase from the $12.5 billion reported in 2023.
Cybercriminals don’t discriminate when choosing their victims, and businesses and organizations especially must remain vigilant with their cybersecurity measures. Without established protocols in place, you may not realize you have a security risk until it’s too late.
Here, we highlight five common cybersecurity threats to the title and real estate industry, and how you can help protect yourself and your organization.
FIVE COMMON CYBERSECURITY THREATS
1. Phishing/Spoofing, a type of cyberattack that combines email and social engineering to entice victims, remains the top cybercrime reported to the FBI in 2024. Phishing emails often appear to come from a familiar organization or individual, tricking the recipient into clicking on a link or opening an attachment that contains malicious code. Once this code runs, the computer may become infected with malware. Phishing schemes have branched out from email and may also arrive in the form of a text message (smishing), voice message (vishing) or QR code (quishing).
2. Business Email Compromise (BEC) is a scam that targets both businesses and individuals performing transfer of funds. Originally a scheme in which a cybercriminal hacks or “spoofs” a legitimate business email to request that wire payments go into a fake bank account, BEC fraud continues to evolve with ever-changing technology.
Although the FBI received fewer BEC complaints compared to previous years, it remained the second-costliest reported crime in 2024, with over $2.7 billion in losses. The Association for Financial Professionals found in their recent report that 63% of organizations fell victim to BEC, making it a continued significant threat to businesses.
3. Ransomware is a type of malicious software that is so destructive it merits its own category. It is a type of malware that takes over your computer and encrypts your data, refusing you access to it until a ransom is paid. Ransomware attacks continue to rise across the world, with notable impacts to the title industry.
The FBI reports that ransomware was the most pervasive threat to critical infrastructure, which includes the financial services sector, with complaints rising 9% from 2023. Reported losses in 2024 reached $12.4 million. Ransomware can be introduced through phishing emails or infected websites, so always avoid clicking on suspicious links in both email and text messages.
4. Wire fraud is a type of fraud involving telecommunications or the internet, including phone calls, faxes, emails, texts or social media messages. Inflation in 2024 led to higher interest rates, lower housing inventory and a slowed pace in home sales. This caused many buyers, sellers and real estate agents to feel more pressure to achieve fast turnarounds, creating the perfect environment for wire fraud to flourish.
CertifID’s most recent State of Wire Fraud reports that one in 20 consumers fell victim to wire fraud in 2024, with first-time buyers and sellers three times more likely to be affected. The report concludes that buyers and sellers will increasingly choose to do business with real estate agents who prioritize security measures to protect their money, with 79% willing to pay more for a secure experience.
5. Title fraud, a form of identity theft, occurs when a fraudster illegally transfers the title to real property without the actual owner’s knowledge or consent. Some examples of title fraud include:
• Vacant land fraud, in which a fraudster searches through public records to find properties that are free of mortgages or liens. They identify the true owner of the property, pretend to be the owner and contact a real estate agent to sell the property. Fraudulent “sellers” often attempt to dupe real estate professionals by claiming to have no social security or TIN number, to be traveling abroad for business, or to live in different country or state from their listed mailing address.
• Seller impersonation fraud occurs when the fraudster searches for property that is free and clear of a mortgage or other liens, mainly targeting vacant land and rental properties owned by foreigners or the elderly. The fraudster then poses as the property owner and attempts to sell it, wiring the proceeds to their bank account before the real owner catches on. Learn more about the scheme here.
• Notary fraud occurs when a fraudster impersonates a Notary Public and forges notary seals to create a fraudulent deed. Most counties have notaries available for certifying documents for public records, but there are no firm regulations for verifying the legitimacy of a notary seal, making it easier for criminals to forge them. The fraudster will likely refuse to meet in person for a closing and all communication will be done via email.
PROTECTING YOUR BUSINESS
To protect yourself and help prevent cybercrime from attacking your business, be sure to take proactive steps like the ones below:
- Train your employees: Train your employees how to do things like spot phishing emails and texts, avoid suspicious downloads, protect sensitive information and create strong passwords.
- Secure your networks: Safeguard your information by using a firewall, encryption and secure wi-fi network.
- Require strong passwords: Improve your cybersecurity with password requirements, such as 10 characters or more and a mix of uppercase and lowercase letters, numbers and special characters.
- Use multifactor authentication: Require additional information to access sensitive information, such as a security code sent to your phone.
- Invest in a cybersecurity team: One of the best ways to protect your business is by employing professional help. Finding and maintaining employees dedicated to keeping your company digitally secure is a huge step toward long-term cybersecurity.
REGULATORY OUTLOOK
Federal and state-level regulators of financial service organizations are urgently updating cyber-related regulations to keep up with evolving cybercrime. In 2023, the U.S. Securities and Exchange Commission (SEC) expanded its cyber-related regulations by requiring certain entities to establish, maintain and enforce transparency with written policies and procedures reasonably designed to assess cybersecurity risks.
Under the SEC rules, covered entities are now required to disclose material cybersecurity incidents, provide annual disclosures and describe the board of director’s oversight of cybersecurity risks and management’s role and expertise in managing these risks. For more information, click here.
To learn more about cybercrime and tips from the FBI for protecting your businesses, click here. Title and real estate professionals can also find valuable tools and resources for preventing wire fraud from the American Land Title Association.