Sign Up for Updates

Be Cyber Smart

The real estate industry remains a top target for bad actors hoping to intercept high-value transactions and steal sensitive customer information.

Cybercrime and Real Estate Trends

We predict that current cybercrime and real estate trends will make cybersecurity awareness—and learning how to “Be Cyber Smart”—more important than ever in 2024.

  • The cost of a cyberattack will continue to increase, globally.

    Cybercrime costs are predicted to grow 15% over the next two years, reaching $10.5 trillion USD annually by 2025. If cybercrime were a country, it would be the world’s third largest economy.1

  • Bad actors will continue targeting the real estate industry.

    A data breach is a threat to any business, but the real estate industry is especially attractive as real estate transactions require sensitive customer information like bank account numbers, Social Security numbers, and contact details. This makes real estate companies a lucrative target for bad actors, as the average cost of a data breach reached an all-time high in 2023.2

  • Attackers will continue to leverage phishing attacks and social engineering.

    Mortgage rates have come down from their peak highs, but home prices are holding steady and available home inventory remains low. In this environment, the National Association of Realtors predicts that many homeowners will choose not to sell in 2024, leaving frustrated buyers searching for a home.3 Attackers will try to trick these frustrated buyers with deals that seem too good to be true.

  • Attackers will also favor ransomware when targeting companies.

    The FBI identified ransomware as a top cyber threat in 2022.4 Ransomware attacks then increased in 2023, up 200% over 2022, and security researchers predict ransomware will remain a top threat into 2024.5 Ransomware attacks can impact individuals or businesses regardless of size, but are predicted to heavily target critical infrastructure, including the financial services industry, this year.6

  • Modern real estate trends—such as demand for luxury homes and competitive apartment amenities, along with a focus on sustainability—will drive an increased adoption of internet of things (IoT) connected devices.

    Demand for luxury homes with smart features is on the rise, and even apartment buyers are looking for smart features in smaller buildings. It is not just convenience; smart homes give you greater control over your energy usage, and energy-efficient homes can help residents save up to 35% on their electric bills.3 These smart devices are not always secure by default and can be susceptible to malware attacks.

  • Generative artificial intelligence (gen AI) will continue to be adopted by real estate professionals and bad actors alike.

    Gen AI is a promising new technology for the real estate industry, with potential applications like enhancing property searches, improving client experience, and analyzing investment opportunities. In 2024, analysts predict that real estate leaders will investigate the technology’s capabilities and functionalities to drive efficiencies.7 Unfortunately, gen AI will simultaneously be used by attackers to automate and enhance their attacks.

Amid these trends, there are some simple, but important, ways you can help protect yourself online from fraud and identity theft.

Strong Passwords

Your passwords are the keys to your own personal kingdom, including your sensitive data, finances, assets, and identity. To help protect yourself, create passwords that are easy for you to remember, but difficult for bad actors to crack.

Here are a few suggestions for creating strong passwords:

  • Make your passwords long and strong.

    Basic passwords, like “123456”, can be cracked instantly by computers or easily guessed by bad actors. When creating a password, rather than using a single word or series of numbers, consider choosing a longer password that includes a mix of upper and lowercase letters, numbers, and special characters.8

  • Avoid using personal information (like a name, birthdate, pet’s name, etc.).

    The UK National Cyber Security Centre found that 1 in 6 people use their pet’s name to protect their accounts.9 Refrain from creating passwords that can be easily guessed based on your personal information, especially if this information is known by friends, shared on your social media, or available online.

  • Consider using a passphrase.

    A passphrase is a short sentence or random combination of unrelated words, such as “Let’s-buy-a-house”. Passphrases are easy to remember, but their lengths make them stronger passwords.10

  • Create a unique password for each of your accounts.

    Just like you use different keys for your house and office, you should also create different passwords for each of your online accounts. If someone steals your office key, they can’t also break into your home. The same should be true online. If you reuse credentials and they are compromised, bad actors could access your accounts on other platforms.

Strong Passwords
  • Consider using a password manager.

    Creating long, strong, and unique passwords for each of your online accounts can lead to confusion. It can be tempting to write them down, but think of the risk if someone got hold of that list—they would have complete, unabated access to each of your accounts. Instead, consider a password manager: a computer program that securely generates, stores, and retrieves passwords for you.10

  • Enable multi-factor authentication (MFA).

    When possible, enable multi-factor authentication, which requires a second “factor” of information to log in to an account, such as a one-time numeric code sent to you via text.11 This extra step of security can help minimize risk even if a bad actor discovers your password; however, bad actors have developed methods to bypass MFA. Visit our Tips for Your Technical Team page for more information on MFA attacks.

Strong Passwords

Your first and most critical line of defense for cyber security is your password.

Online Safety

A strong password can help protect your online accounts, but it is important to stay vigilant online, even when you are not logged into an account. The websites you visit and information you share can often be accessed by others and used to gain access to your personal and financial information.

Whenever you spend time online, consider the following online safety suggestions:

  • Browse safely.

    Your web browser is your gateway to the Internet. Because we spend so much time online, exploiting vulnerabilities in web browsers has become a popular way for bad actors to compromise computer systems. Regularly update your browser, or enable automatic updates, to ensure that you are protecting yourself and your computer from known security issues. Additionally, review your browser’s privacy settings, where you can block pop-ups, advertisements, and limit the information your browser shares with the websites you visit.6

  • Connect securely.

    Before entering any personal or financial information online, confirm that your connection to a website is secure. You can validate this by checking that the website begins with “https” or shows a lock icon in your browser’s address field. These signs indicate that your data is encrypted when shared between your browser and the website.

    What is encryption? Encryption takes the information you enter and scrambles it into an unreadable code. Only the intended recipient will have the encryption key to decipher your information.13

  • Verify legitimacy.

    When online, ensure that you are interacting with reputable, established websites. Bad actors can impersonate legitimate websites by making subtle changes to the website domain name, like adding an “l” and “r” to transform “” to “”. Always double check the address bar to confirm you have not found yourself on a fraudulent website. If you have never heard of the website before, do some research on the site or organization before handing over your information.14

  • Shop smart.

    Think twice if a website asks for payment via an obscure payment method, such as cryptocurrency or gift cards. These payment methods are difficult to track, which makes them attractive to bad actors looking to steal your money. The SANS Institute suggests using an electronic payment service or e-wallet, such as PayPal, as a safer option for online purchases, since they do not require you to disclose a credit card number to the website directly.14

Web-Surfing On The Go

According to the Pew Research Center, 85% of American adults go online at least daily, and more than a quarter of those adults are online “almost constantly,” thanks to the widespread availability of smartphones and other Internet-connected devices.15

In today’s digital age where you can work, stream, and connect from almost anywhere, you may find yourself needing Internet access when you are away from home. In these cases, before you connect to a public Wi-Fi network, keep in mind that you often have no idea how that network is managed or who else is connected to it. An unsecure public Wi-Fi connection could expose your private information and browsing habits.16

Instead of accessing the Internet through public Wi-Fi, consider using the personal hotspot feature of your smartphone or a Virtual Private Network (VPN).

How does a VPN work?

A VPN works by creating a private, encrypted tunnel between your local network and the VPN provider that you use. This enables you to connect to the Internet securely and privately, even when using public Wi-Fi. A VPN can help protect your browsing history, location, devices, and web activity from anyone else on your same Wi-Fi network, preventing them from spying on your activity.

Whenever you are on the go, consider the following:

  • Disable Wi-Fi and Bluetooth any time you are not actively using them.
  • Do not log into websites that contain sensitive information, like your banking profiles, from public Wi-Fi or a shared PC.

Remember that unless you configured a network yourself, you do not know how secure it is. Anytime you use a Wi-Fi that is not your own, even at a trusted friend or acquaintance’s house:

  • Ask about the network’s security.
  • Only join networks that are password protected.
  • Log out of accounts after you are done using them.

Signs Your Account is Compromised

Unfortunately, you can never be fully immune from a cyberattack. Monitor your online accounts regularly and watch for these common indicators that one of your accounts may have been hacked.17

  • You are unable to log in to your account, even though you know the password you are using is correct.
  • You receive MFA codes or access pins when you are not actively logging into your account.
  • Your account activity records show suspicious login times from unknown locations.
  • Your family and friends receive unusual messages from your account that you did not send.
  • You see suspicious activity—such as unknown charges on your credit card or posts on your social media that you did not create.

If you see any of these red flags or have other reason to believe one of your accounts has been compromised, remain calm and consider the following steps immediately to regain control of the account:

  • If you use this account for work, contact your company’s IT department and report the suspicious activity.
  • If you still have access to the account, change your password.
  • When you change your password, some websites will ask you if you would like to sign out of all other sessions. When possible, use this option to ensure you are the only one logged into your account.
  • Review the configuration settings to confirm that the account is set up as you intended. For example, on your email accounts, ensure automatic forwarding has not been enabled without your knowledge. A quick Internet search will show how to configure forwarding for most major email providers.
  • If you don’t have access to the account, contact the website or organization and inform them that you suspect your account has been compromised.

Additionally, a compromised account could indicate that your computer itself has been hacked and is recording all activity. Consider running a virus scan and changing your computer login password for further protection.

Once you regain control of your account, visit our Protecting Your Identity page and learn about what to do if your data falls into the wrong hands.

No matter how Cyber Smart you are, you can never be fully protected against cybercrime. The above tips can help reduce your risk of cyberattack, but this is not an exhaustive list of all cybersecurity best practices. Please remain vigilant and, for more information, review the references below.

Get CyberSmart

Sign up for Security and Privacy Insights.

Report Suspicious Activity

If you are a current First American customer, please report any suspicious activity directly to your First American representative through an independently verified telephone number.

If you are not a current customer, be cautious of:

  • Phishing emails or websites spoofing First American.
  • Unexpected phone calls from someone claiming to be a First American employee.
  • Questionable text messages about your First American account or activity.

If you encounter any of the above, please send us an email at so we can help you verify the message or website.

Nothing is too trivial to report. If you have any doubt about the legitimacy of a message from us, please report it.