Cybercriminals are getting smarter—and they’re zeroing in on real estate pros because we handle valuable client data and time-sensitive transactions. A recent example hitting member inboxes asks for a “Pending Real Estate Transactions Report” and requests buyers’ names, emails, agent contacts, attorney info, prices, deposits, and loan amounts. That’s a goldmine for identity theft and wire fraud.

Below is a real-world style example. If anything like this lands in your inbox, do not respond or click—follow the steps in this post.

Subject: Pending Real Estate Transactions Report Required
From: Joe Broker

“Please prepare a comprehensive list of all recently contracted real estate transactions that are still pending closing… include: contract date, property address, buyer’s name & email, buyer’s agent and attorney contacts, purchase price, closing date, deposit amount, and loan amount… Treat this as urgent.”

Why This Is Dangerous

• Requests for bulk sensitive data. Lists of buyers, contacts, deposits, and loan details can be used to impersonate parties, redirect funds, or launch targeted scams.
• Urgency + authority tone. Scammers rely on “ASAP” pressure so you skip verification.
• Unfamiliar sender domains. Free or odd domains (e.g., online.ms) are common red flags.
• Vague affiliation. No brokerage name, MLS ID, or verifiable role.

Red Flags to Spot in Seconds

• Sender email doesn’t match the person’s known, company, or MLS domain.
• Generic greeting (“Aaron,” but no relationship context) and copy/paste formatting (extra spacing, inconsistent capitalization).
• Unclear authority—no reason why they’re entitled to your clients’ data.
• Overbroad scope—asks for info you’d never share without signed authorization.
• Links/attachments you weren’t expecting (often hidden trackers or malware).

What To Do Immediately

1. Do not reply, click, or download.
2. Verify out-of-band. If it seems like it could be legit, call a confirmed number from your brokerage/MLS directory—not the email’s contact info.
3. Report it:
   Forward the message (as an attachment if possible) to your broker/office manager and IT/security contact.
   Notify SWMLS Compliance only if you believe a listing or MLS account is implicated.
   Report phishing to your email provider’s “Report phishing” tool and (optionally) to reportfraud.ftc.gov and IC3.gov (for wire-fraud–type scams).
4. Block the sender and create a mail filter for repeat attempts.
5. Alert your team. A quick officewide heads-up can prevent someone else from clicking.

If You Already Clicked or Responded

• Change your email and MLS passwords immediately (use unique, 12+ character passphrases with a manager).
• Enable multi-factor authentication (MFA) on email, MLS, DocuSign/transaction platforms, cloud storage, and banking portals.
• Run an antivirus/malware scan on your device and update your OS and browser.
• Notify your broker and title partners if any transaction data may be exposed. Consider placing a wire-fraud advisory in active files and confirming all payoff/wiring instructions verbally with known numbers.
• Monitor accounts (email rules/forwarders, sent items, and login activity). Remove any suspicious forwarding rules immediately.

What Legitimate Requests Usually Include

• Specific file or transaction with a known file number or MLS ID.
• Formal basis/authorization (e.g., signed client consent, subpoena, or brokerage policy).
• Company domain and consistent contact info you can verify on a public website or in your directory.
• Reasonable scope—only the minimum data required.

If any of those are missing, treat it as suspicious until verified.

Copy-Paste Safe Reply (If You Need a Polite Decline)

Hi ,
For security and privacy, I can’t share client or transaction data by email without verified authorization and a confirmed business need. Please have your request sent on company letterhead from an official domain and include the specific file/MLS ID and applicable authorization. I’ll verify via our office directory and follow up through secure channels.
Thanks for understanding.

Office & Personal Best Practices (Worth 10 Minutes Today)

• Use MFA everywhere. Start with email and MLS—these are the keys to your kingdom.
• Adopt a password manager and unique passwords per system.
• Create a “Verification Checklist.” Before sharing any client data: verify identity, confirm authorization, and use secure transfer (encrypted portal or brokerage-approved platform).
• Train your team quarterly. Share examples like the one above; run a 5-minute table-top drill on a wire-fraud scenario.
• Standardize wire-fraud warnings in all client communications (email signatures, first-appointment handouts, and transaction timelines).
• Lock down email rules. Regularly check for rogue forwarding/auto-reply rules.
• Keep software updated—OS, browser, PDF reader, and antivirus.

Quick Reference: Share This With Your Clients

• We will never email new wiring instructions. Always verify by calling your title/escrow officer at a known number.
• Pause if the message is urgent or secret. Scammers use pressure to make you move fast.
• Confirm identities before sending documents with SSNs, bank info, or IDs.

Bottom Line

If an email asks you for lists of pending transactions or client PII, assume it’s a phish until proven otherwise. Slow down, verify out-of-band, and use your office’s secure process. A two-minute check can save a six-figure wire.