Estate agents sit at the centre of every property chain, connected to buyers, sellers, solicitors and mortgage brokers, with large sums moving at completion. Criminals target that position because one compromised inbox, or one spoofable domain, gives them a way into the whole transaction.
A criminal watches email between your agency, the solicitor and the buyer, then just before completion sends a fake message redirecting the client funds. Even if the fraudulent email did not come from you, if your inbox was the entry point your firm can be implicated.
Criminals register a lookalike domain, or spoof your real one, and email clients or solicitors pretending to be your agency. Clients lose money, and trust in your brand.
Fake login pages for Rightmove, Zoopla or your CRM are used to steal staff credentials. Once in, criminals reach client data, valuations and transaction details.
You process personal data for every buyer and seller. A breach must be reported to the ICO within 72 hours, and cyber insurers are tightening email-security questions at renewal.
A buyer near completion got an email that looked like it came from the agency, passing on "the solicitor updated account details." It was a spoof, sent because the agency domain had no DMARC enforcement. The deposit went to a criminal, and the buyer first call was to the agent.
Because you are the most-emailed party in the chain. If your domain can be spoofed, criminals impersonate you to buyers, sellers and solicitors alike. You are often where the fraud starts, even when the money leaves elsewhere.
They secure their own platforms. Your email domain is separate, and its authentication is usually where the gap is. The free check looks at your domain, not the portals.
The check looks at the domain you enter, so run it for each domain your branches send email from. Multi-branch agencies often have one spoofable domain protecting, or exposing, the whole network.
Run the free check above to see whether your agency domain can be impersonated, and get a plain-English fix list for your IT team.