top of page
  • Writer's pictureMAREJ

Phishing Scam Wipes Out a Whole Quarter of Earnings for REIT

By Michael Mullin , IBSRE, Inc.

A Dallas-based Real Estate Investment Trust (REIT), NETSTREIT, recently became the latest victim in a growing wave of cybercrimes targeting the commercial real estate sector. The company, which specializes in single-tenant, net-leased retail properties, suffered a significant financial blow when a phishing scam resulted in a loss that wiped out an entire quarter’s earnings. This incident underscores the increasing vulnerability of the real estate industry to sophisticated cyber threats.

The scam unfolded when an employee of NETSTREIT was tricked into wiring $3.3 million to a fraudster impersonating one of the company’s development partners. This type of scam, known as a social engineering attack, manipulates individuals into divulging confidential information or transferring funds under false pretenses. In NETSTREIT’s case, the company was able to recover some of the money through insurance, but it still reported a net loss of $2.8 million for the second quarter. The impact was so severe that it led to a reported net loss of three cents per share.

NETSTREIT’s experience is a stark reminder of the financial and reputational risks posed by cybercrime, particularly in an industry that is increasingly reliant on digital transactions and communications. As more real estate firms digitize their operations, they become more attractive targets for cybercriminals, who often exploit human error to carry out their schemes. Research indicates that the majority of cybersecurity breaches stem from such errors, whether it’s clicking on a malicious link or, as in NETSTREIT’s case, falling victim to a fraudulent email.

This incident is not just a costly lesson for NETSTREIT but also a warning for the entire real estate sector. The company, which went public in 2020, has built its business on investing in retail properties leased to tenants with strong financials and a focus on e-commerce-resistant businesses. Despite this sound strategy, the phishing scam has demonstrated that even well-run companies are not immune to the risks of cybercrime.

NETSTREIT reported that, aside from the cyberattack, its second-quarter performance was relatively strong. Adjusted funds from operations (AFFO) reached 32 cents per share, marking a slight improvement from the same period last year. However, the financial loss from the scam overshadowed these gains, highlighting how a single cybersecurity lapse can significantly impact a company’s bottom line.

In response to the incident, NETSTREIT engaged third-party experts to assess the situation and ensure that the breach was an isolated event with no ongoing threat to the company or its partners.

The firm’s swift action is commendable, but the event has undoubtedly served as a wake-up call for the entire industry.

As cyber threats continue to evolve, real estate companies must invest in robust cybersecurity measures, including staff training, to protect themselves from similar attacks. Phishing scams are often just the first step in a broader cyberattack strategy that can include malware deployment or ransomware attacks. The growing frequency of such incidents makes it clear that no company can afford to be complacent.

NETSTREIT’s ordeal serves as a crucial reminder that in today’s digital age, cybersecurity is not just a technical issue but a critical business risk that must be managed with the same diligence as any other financial or operational challenge.

Michael Mullin is president/CEO of IBSRE, Inc., an expert cybersecurity and IT support firm in Northern New Jersey and New York City.

Comments


bottom of page