By Carl Mazzanti, eMazzanti Technologies

Milford Entities/Management Companies — a New York City organization that owns and manages luxury properties like Liberty View and Liberty Luxe in Battery Park City — believed it was wiring a $19 million payment for PILOT (Payment in Lieu of Taxes) and other expenses to the Battery Park City Authority (BPCA). But according to published reports, the July 2025 transfer instead went into the account of a cybercriminal who had impersonated a BPCA employee and instructed Milford to wire the funds to a new bank account.

This kind of attack, commonly known as Business Email Compromise (BEC), is one of the most prevalent threats facing Commercial Real Estate organizations, according to eMazzanti Technologies’ CRE cybersecurity report. Artificial intelligence has given bad actors unprecedented capabilities to launch deepfake attacks, clone identities, and execute large-scale data breaches — but a layered defense, deployed through an experienced Managed Services Provider (MSP), can protect your organization against wire fraud, BEC, and other crippling threats, which the FBI estimates drove $21 billion in losses in the U.S. alone.

Why AI Has Made BEC Worse — and How Email Protection Fights Back

AI-powered attack tools now clone writing styles from archived emails, mine calendars to time fraudulent messages around closing dates and payment cycles and generate highly personalized wire fraud requests at scale. Traditional skepticism is no longer a reliable defense; but advanced email protection platforms counter this threat through domain spoofing detection [that flag forged emails or fake websites that impersonate legitimate brands], AI-driven behavioral analysis, and attachment sandboxing [where email attachments are initially opened and inspected in a secure, isolated, and virtualized environment], closing the gaps attackers exploit before a fraudulent message ever reaches an inbox. Multi-factor authentication (MFA) is equally essential, though hardware-independent MFA platforms provide far stronger protection than SMS-based text codes alone.

SIEM and SOC: 24/7 Threat Detection for CRE Organizations

Additional layered defenses include Security Information and Event Management (SIEM), which aggregates log data from across a CRE organization’s entire environment and applies behavioral analytics to surface anomalies — unusual account access, unexpected data transfers, unrecognized login locations — before they escalate into a breach. A Security Operations Center (SOC), staffed by certified analysts around the clock, investigates SIEM alerts and contains threats in real time. For CRE firms that cannot maintain an internal security team, a managed SOC delivered through an MSP provides enterprise-grade response capability at a fraction of the in-house cost.

Employee Awareness Training: Closing the Human Gap

Technology defends at the network level, but employees authorize wire transfers. Trained staff who can spot suspicious requests before acting on them are a critical last line of defense. Training must be ongoing and scenario-based — attackers refine their tactics continuously, and awareness programs must keep pace.

CRE organizations must work closely with a qualified MSP to assess current vulnerabilities, deploy the right technologies, and build a security posture that protects clients, transactions, and reputation. The cost of wire fraud and other prevention is a fraction of the cost of a breach — and CRE organizations that engage with an MSP today will gain a significant advantage over cybercriminals.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken, NJ, providing IT Consulting and Cybersecurity Services for businesses ranging from home offices to multinational corporations.