For the average South African, leaving their front door unlocked and unattended would be unthinkable. So, it’s surprising to see how lax digital security is treated locally. The 2024 Cybersecurity Readiness Index by Cisco reveals that only 5% of South African companies have ranked at the ‘Mature’ level of readiness for modern cybersecurity risks. The real estate industry, which handles sensitive personal data and deals with large transactions, has emerged as a prime target for cybercriminals.
In part one of our cybercrime series, Prop data unpacks the poll ran to assess how concerned property practitioners were about cybercrimes throwing a wrench into their operations. This article also reveals how cybercrime is impacting the real estate industry and the rise of phishing.
Unpacking the poll result
Prop Data’s poll used a five-point Likert scale to measure concern levels about cybercrime, ranging from 1 (not at all concerned) to 5 (extremely concerned). 55.9% of respondents registered the highest level of concern. This figure jumps closer to 80% when those expressing a significant level of worry (rating 4) are included.
“The results speak for themselves and confirm that property practitioners are indeed concerned about cybercrime,” says Jeanne van Jaarsveldt, Jawitz Properties Head Office Franchise Manager. “Above this, it confirms that it is a reality we all face daily and we have to be diligent and have absolute awareness of unsolicited emails, SMSs, or even phone calls received.”
“I was expecting a higher percentage voting ‘extremely concerned’,” says Adam Barnard, Principal Property Practitioner at Harcourts Oudtshoorn. “Going by the Cisco Index and cyber attacks reported internationally, you’d think most South African businesses would be more aware of the potential impact.”
Cybercrimes are causing major headaches
While cybercrime is not limited to the real estate industry, cybercriminals are finding property practitioners to be an easy and highly lucrative target. “International syndicates have their sights set on local financial institutions and real estate businesses,” says Barnard. “It takes a lot of time and resources every day to sort through the emails, social media, and all the online platforms we use to manage and market our businesses. As real estate agents, we are usually the first people that are targeted as all our contact details are easily available online.”
According to Van Jaarsveldt, property practitioners hold vast amounts of personal information and deal with large sums of money, making them attractive to cybercriminals. “Every real estate agent, if not all, would have some form of a file or folder on their laptop or mobile device, where items like property details, for example, Lightstone data is saved, details pertaining to a valid mandate and accompanied by FICA documents, etc.,” he says. “All of these are very sensitive documentation and it is imperative that property practitioners take reasonable care in protecting the information.”
Lesley Saunders, Head of Marketing at Broll Auctions and Sales, says the real estate industry, in this regard, has a huge responsibility to its clients to ensure the safety of this data and information. “The fact that most agencies are operated on small premises that lack the resources for a sophisticated cybersecurity suite to prevent attacks means companies need to be extremely vigilant in protecting cybersecurity,” she urges. “The kinds of sensitive information with which we deal is precisely the kind of data that cybercriminals are after. A breach of this information could have very serious real-time repercussions if not taken seriously and could adversely affect our clients.”
With phishing on the rise, don’t take the bait
According to Saunders, phishing is the most common cybercrime hitting the real estate community at present. This occurs when cyber criminals impersonate a trusted organisation or company and manage to trick an individual into handing over sensitive or personal information.
“Sadly, even the South African Revenue Service (SARS) has not been spared, leading them to embark on a major awareness campaign of the legitimacy of communications, legitimate email addresses, and links to assist with public safety during tax season,” highlights Saunders.
“We’re seeing this commonly as a form of trust fraud,” says Van Jaarsveldt. “Cybercriminals are intercepting communication of documents regarding the payment of a deposit and, on face value, the document received looks legitimate in every way. It’s so important to confirm with your conveyancer if indeed a call for a deposit was in fact from them, before assuming it is and forwarding it to your client.”
Agreeing, Saunders says phishing efforts have taken on a much more sophisticated and seemingly more legitimate appearance partly due to the use of AI. Previously these were quite easy to spot with their spelling mistakes and grammatical errors,” she notes. “Emails can now be created to look almost identical to those a client would normally receive from a real estate agency or transferring attorney but with harmful links embedded into the email.”
“There have even been cases of PDFs being intercepted and banking details changed to dupe clients into paying monies to fake bank accounts,” she adds.
With SARS running awareness campaigns to educate both their employees and clients, Saunders believes real estate businesses should also be following suit. “Human error, unfortunately, accounts for a large portion of cybersecurity breaches where stolen credentials and phishing scams are as a result of employees failing to adhere to established company cybersecurity protocols. Education is a must for all members of your team.”
Close calls with cybercrime to learn from
In part two of the cybercrime series, delve deeper into the realities of cybercrime for local estate agents. They share firsthand accounts of cyberattacks that have impacted their businesses and lessons. In part three, you can learn to protect yourself and avoid becoming a victim.