These are the cybercrimes keeping property practitioners on edge

These are the cybercrimes keeping property practitioners on edge
8:42
Worried couple stare at their laptop and a graph of popular cybercrimes
Written by Rasvanth Chunylall , 24 Sep 2025 Categories: Real Estate Insights
Worried couple stare at their laptop and a graph of popular cybercrimes
Back to blog
Written by Rasvanth Chunylall , 24 Sep 2025 Categories: Real Estate Insights

These are the cybercrimes keeping property practitioners on edge

You put up burglar guards, install high-tech alarm systems, and trust your electric fencing to keep threats out. In the real estate industry, security is second nature — it’s a big part of how you protect yourself and advise clients in search of their next home or business premises. But while you’re watching the gates, some of the biggest dangers are slipping in quietly through another entry point: your computer or mobile device.

All it takes is one phishing email, a weak password, or a compromised device to expose sensitive client data, disrupt deals, or reroute funds. That’s why digital security is just as critical as physical security. For Cybersecurity Month, we polled property practitioners to find out which cybercrimes worry them the most. Here are the top five:

1. Identity theft (49.6%)

Topping the list of concerns was identity theft, also known as identity fraud — when a criminal steals your personal details to impersonate you, open accounts, or trick others into handing over money. 

According to the Southern African Fraud Prevention Service (SAFPS), identity theft surged by 400% between April 2023 and April 2024. Fueling this rise is the misuse of artificial intelligence. The same AI tools that power innovation in the property market are also giving cybercriminals new weapons: sophisticated deepfake scams, cloned voices, and stolen digital identities. Criminals can now fabricate videos or manipulate biometric systems with shocking ease, making it harder than ever to tell fact from fraud.

The human cost is clear. Just ask Leanne Manas, the veteran SABC anchor whose face and voice were cloned in deepfake adverts luring victims into bogus weight-loss and investment schemes. Some people even arrived at the SABC demanding their money back, convinced she had personally endorsed the platforms. Her experience highlights how AI-driven scams don’t just harm individuals financially but also destroy trust, damage reputations, and leave victims feeling violated.

Here are ways to prevent identity theft incidents:

  • Secure client data: Use strong passwords, multi-factor authentication, and encrypted systems for all personal and financial client information.

  • Verify before you act: Always confirm payment instructions or account changes directly with clients using a trusted contact method.

  • Stay vigilant online: Be cautious of suspicious emails, links, or calls, and educate staff on spotting phishing attempts and AI-driven scams.

2. Malware (13%)

Coming in second on the poll is malware, a type of malicious software designed to infiltrate systems, disrupt operations, or steal data without the user’s knowledge. Malware can take many forms, like viruses, trojans, or spyware, and often spreads through infected files, emails, or compromised websites. Once inside a system, it can silently harvest sensitive information or give attackers control over your network.

A recent example comes from the South African National Treasury, which discovered malware on its Infrastructure Reporting Model website. The attack exploited vulnerabilities in Microsoft SharePoint, allowing hackers to impersonate users or services and gain deep access to confidential data across the network, highlighting how even government systems remain at risk.

Here are ways to prevent malware incidents:

  • Keep systems updated: Regularly patch software, operating systems, and apps to close security gaps that malware can exploit

  • Think before you click: Avoid downloading unknown files or opening suspicious email attachments, even from familiar contacts.

  • Use trusted security tools: Install reputable antivirus and anti-malware programmes, and ensure firewalls are active on all devices.

3. Social engineering (11.3%)

Taking bronze on the poll is social engineering, a tactic where cybercriminals manipulate, influence, or deceive victims to gain access to computers, systems, or sensitive information. By exploiting psychological, personality, or behavioural weaknesses, attackers can trick people into revealing passwords, financial details, or confidential data. These attacks can happen through emails, phone calls, SMS, social media, chat apps, gaming platforms, and even video conferencing.

Social engineering made headlines around Valentine’s Day, when the Southern African Fraud Prevention Service (SAFPS) warned South Africans about romance scams. Scammers create fake profiles to befriend victims, gaining their trust before exploiting personal, financial, and professional information. These high-profile cases illustrate just how persuasive and damaging social-engineering attacks can be.

Here are ways to prevent social engineering incidents:

  • Validate before trusting: Always confirm requests for sensitive client or payment information through known channels before acting.

  • Be cautious online: Avoid sharing personal or company details on social media, chat apps, or dating platforms where attackers might exploit them.

  • Train your team: Educate staff on common social-engineering tactics like phishing, pretexting, and impersonation to reduce the risk of manipulation.

4. Ransomware (9.6%)

Voted fourth by property practitioners, ransomware is a type of malicious software that locks or encrypts your files and systems, rendering them inaccessible until a ransom is paid. Attackers often infiltrate networks through phishing emails, infected downloads, or unsecured systems, holding critical data hostage and disrupting operations.

A recent case involved Cell C, which fell victim to a RansomHouse attack. The group accessed parts of Cell C’s IT environment and stole approximately 2TB of customer data. The group’s modus operandi is to get into victims’ networks by exploiting vulnerabilities to steal data and coercing victims to pay up or have their data sold to the highest bidder.

Here are ways to prevent ransomware incidents:

  • Back up your data regularly: Keep offline or cloud backups of all critical files and client information so you can restore systems if attacked.

  • Keep software and systems updated: Regularly patch operating systems, apps, and security tools to close vulnerabilities ransomware can exploit.

  • Scrutinise emails and downloads for risks: Avoid clicking unknown links or opening attachments from unverified sources, and educate your team to do the same.

5. Man-in-the-Middle (6.1%)

Rounding off the top five is Man-in-the-Middle (MitM), a type of cyberattack where a hacker intercepts communications between two parties, often without their knowledge. The attacker can alter messages, redirect funds, or steal sensitive information, making it appear as though the communication is legitimate. MitM attacks often occur via email, unsecured networks, or compromised accounts, and they exploit trust to gain access to confidential data or financial transactions.

In a notable 2019 occurrence, Judith Mary Hawarden’s email was hacked, allowing a third party to alter bank details sent by her conveyancer, Edward Nathan Sonnenbergs (ENS). By the time the fraud was discovered, the funds had been transferred and could not be recovered. The Supreme Court of Appeal ultimately sided with ENS because Hawarden had sufficient means to protect herself. She was not ENS’s client, there was no contractual relationship, her email was compromised prior to the transfer, she had been warned about business email compromise, and could have verified the bank details directly with ENS or her bank.

Here are ways to prevent MitM incidents:

  • Use secure communication channels: Always share sensitive client or payment information via encrypted email or verified platforms.

  • Double-check payment details: Confirm bank account numbers and instructions directly with clients or counterparties using a separate communication method.

  • Avoid public Wi-Fi for transactions: Conduct all financial and confidential communications on secure, private networks to prevent interception.

Where to report cybercrime in South Africa

Even with the best precautions, you may be caught off guard by a sophisticated attack. To report cybercrime in South Africa, contact SAPS Crime Stop at 08600 10111 or visit your local police station to file a formal report and get a case number (CAS number). You can access resources and information or report suspected cybercriminal activities at cybercrime.org.za.