Robert Siciliano, Co-Founder, Protect Now.
Illustration by Lanette Behiry/Adobe Stock

3 emerging AI scams that need to be on your radar 

Criminals are using more sophisticated tactics and tools to defraud real estate professionals including brokerages and lenders.

March 24, 2024
5 mins

Artificial intelligence has led to impressive advancements across industries — and in the world of cybercrime. AI has added not just a new "twist" to cybercrime, it has increased the speed, efficiency and effectiveness of all forms of fraud.

By using AI to manipulate voice recordings or create convincing emails, fraudsters can trick victims into transferring funds to unauthorized accounts or providing sensitive information, ultimately facilitating fraudulent mortgage closings.

This is the new reality for cybercrime. These sophisticated attacks are becoming more common as cybercriminals refine their strategies and find new tools on the Dark Web.

Here are three emerging attacks you need to be aware of, along with strategies to prevent them.

Business Email Compromise (BEC)

These phishing scams use AI-generated messages and voices that appear authentic, leading to fraudulent activities like wire fraud and payment diversion. There are two forms of these attacks:

  • Unsophisticated BEC: In these attacks, the scammer will create a fake email that looks like the real thing. For example, joesmith@gmail.com could be faked as j0esmith@gmail.com or joesm1th@gmail.com.

  • Hacked BEC: In these attacks, the scammers gain access to one or more email accounts. In mortgage closing scams, AI-generated messages can be used to deceive individuals into believing they are receiving legitimate instructions from clients or professionals involved in the transaction.

Criminals may ask for checks to be mailed to a new address, or for electronic funds transfers to unfamiliar bank accounts. Criminals often send these emails late in the afternoon, when their victims may be tired or wrapping up for the day, making them less vigilant.

How to respond: Always have a voice conversation with a client before agreeing to transfer funds, and only call the phone number on file for the client; criminals may give you a fake number in a BEC attack or insist that you communicate only by text.

When in doubt, ask someone else in your organization to review the request. A second set of eyes will often catch red flags that you might miss.

AI scams

AI and deepfake technology pose significant risks in real estate sales and mortgage closing scams. Here are the three ways they can be used:

  • Creation of fake listings: AI can generate fraudulent rental ads or property listings to deceive consumers.

  • Fabrication of reviews and testimonials: AI can create fake reviews or video testimonials for real estate professionals, potentially leading consumers to engage in fraudulent transactions.

  • Wire fraud: Using deepfakes, cybercriminals can impersonate clients and extract sensitive information about properties and financial details.

How to respond:

  • Keep abreast of the latest developments in deepfake technology and cybersecurity to understand potential threats.

  • Always verify the authenticity of information related to real estate before acting on it, especially when it comes from sources like lenders, colleagues or clients.

  • Use secure communication channels with clients, such as domain-based and encrypted email and messaging apps.

  • Raise awareness among fellow real estate professionals and consumers about the dangers of deepfakes and the importance of vigilance in transactions.

Vacant land scam

In this attack, the scammer pretends to be the owner of a vacant piece of land or an empty property and may use tactics like deepfake videos to trick agents into taking listings for non-existent properties or writing virtual sales contracts.

Signs of a scam: The scammer may ask you to list the property at a below-market price (to facilitate a quick sale), refuse to meet in person, demand a cash payment and wire transfer, insist on using their own notary (who will forge documents) and request no showings or for-sale signs at the property.

The individual will then pocket the cash and leave your buyer with a phony deed. This scam has been on the rise in California during 2023, prompting an alert from the California Department of Real Estate. Expect this scam to become more common across the United States in the coming months.

How to respond: Any individual aspect of this scam should be a red flag, and if you see more than one, it is reasonable to assume fraud.

  • Require an in-person meeting with all sellers — do not skip this step out of desire to close a deal.

  • Require the use of your own notary.

  • Tell the seller that payment will be held until the deed is successfully recorded with local officials.

Any step you take that blocks a swift, anonymous transaction will scare off a scammer.

Deepfake phone calls

The newest and potentially most concerning scam targets high-net-worth individuals with a high public profile.

  • Using AI tools, scammers can impersonate these individuals using just a few seconds of audio of them speaking.

  • The scammer will call you directly. The voice on the phone will sound like your client.

  • The scammer will ask you to transfer funds to an unfamiliar bank account, or to initiate a transaction, possibly using a version of the Vacant Land Scam.

How to respond: Strange phrases, repeated requests or the sound of typing may be giveaways of a deepfake phone call, but the latest software operates in real time, allowing scammers to speak into a microphone and have someone else's voice come out of a computer.

There are two ways to prevent this scam:

  • Set a password with your clients that only you and they know.

  • End the call, and then phone the number on file for your client directly. Do not hit redial, as scammers can spoof a client's phone number.

The same vigilance you use to spot obvious scams can be useful in stopping these new scams. If something seems off, it probably is.


Robert Siciliano is the head of training and co-founder of Protect Now, a cybersecurity employee training company that provides CE-eligible training tailored to the real estate industry. The views expressed in this column are solely those of the author.

Get the latest real estate news delivered to your inbox.