As cybercrime evolves, the real estate industry faces smarter, faster, and more deceptive threats. From AI-generated scams to seasonal fraud spikes, bad actors are finding new ways to target REALTORS® and their clients.

In this Spring 2025 edition of CISO Corner, we break down what’s new, what to watch for, and how Greater Vancouver REALTORS® (GVR) is staying prepared - including a behind-the-scenes look at a recent cybersecurity drill in inside GVR.

Artificial intelligence has revolutionized how scams are carried out - making fraudulent content more convincing and harder to detect:

• Deepfake voice and video impersonation: Generative AI is now being used to spoof client and broker voices in phone calls or fake Zoom sessions to authorize transfers or alter deals.
  Read more - WIRED: How to Protect Yourself from AI Scam Calls
• AI-supported social engineering: AI tools are also being used to draft personalized phishing messages and simulate conversations that trick users into disclosing sensitive info or wiring funds.
  Read more - REM: AI is driving a new wave of real estate fraud, report says

Mitigation tips:

• Always verify instructions for wire transfers or legal changes via a known contact method.
• Use multi-factor authentication for access to any file sharing, CRM, or e-signature platform.
• Train staff to question urgent, unusual, or emotional communications - even if they appear to be from someone known.

Key highlights:

• Greater accountability for businesses that handle personal or financial data
• Potential mandatory breach reporting for certain organizations
• More funding and enforcement around critical infrastructure and digital resilience
  • Overview - Public Safety Canada
  • Analysis - McMillan LLP

Heading into a high-volume sales season, scammers are preparing new waves of fraud timed to urgency and transaction complexity:

• Fraudulent rental listings: Fake listings that ask for deposits before viewings, often targeting newcomers and renters during peak months.
  ​Read more - Zillow
• Fake compliance or payment notices: Spoofed emails claiming you must urgently act on insurance, CRA, or licensing requirements.
• Phishing-like payment portals: Clone websites that mimic legitimate platforms and capture login or payment details.
  • Overview - Norton
  • CIRA Phishing Trends - 2024 Report

Best practices:

• Outline your contact and communication process with clients early,
• Use secure, clearly branded platforms for sharing files, payments, and
• Urge clients to call you before acting on any financial or sensitive document requests.

In February 2025, Greater Vancouver REALTORS® conducted a full-scale cybersecurity tabletop exercise simulating a ransomware attack - and the results were strong. The session, led by an external facilitator, tested how GVR staff would respond to a multi-step cyber incident affecting critical systems like payment processing.

Key outcomes:

• Team readiness was high, with clearly understood roles and coordinated decision-making.
• Business continuity plans worked - including backup reliability and disaster recovery infrastructure.
• Public communication readiness and incident response protocols were effectively demonstrated.
• Cybersecurity training is making a difference: our team showed depth of knowledge and confidence in our response tools.

This exercise reflects our continued investment in safeguarding member data, platforms, and services. Your cybersecurity team is engaged, prepared, and working behind the scenes to keep GVR secure.

• AI Fraud and Deepfakes in Real Estate - REM
• How to Protect Yourself from AI Scam Calls - WIRED
• National Cyber Strategy 2025 - Public Safety Canada
• CIRA 2024 Canadian Cybersecurity Survey
• Cybersecurity Guide for SMBs - Get Cyber Safe
• NAR Data Security Toolkit

- Ken Allison, Chief Information Security Officer, Greater Vancouver REALTORS®