Artificial intelligence-driven deepfakes are often discussed in the context of politics or celebrity impersonation. But a quieter and increasingly costly version of the threat is unfolding inside commercial real estate operations.
The FBI reported more than $2.9 billion in losses tied to business email compromise (BEC) in its most recent Internet Crime Complaint Center report, making it one of the costliest categories of cybercrime. Now, AI-generated voice cloning and increasingly sophisticated impersonation tactics are supercharging those schemes.
For building owners and facility managers, this is not simply a cybersecurity issue. It is an operational risk. Fraud attempts are targeting the day-to-day mechanics of property management: vendor invoices, wire transfers, escrow payments, and even transitions between tenants. The losses don’t occur in a data center. They occur in back-office accounting departments and at on-site property offices, and facilities teams that manage multiple buildings and dozens of contractors.
Where Deepfake Risk Shows Up in Real Estate Operations
Vendor Payment Fraud
Facility teams oversee a web of vendors: HVAC contractors, carpet installers, plumbers, security providers, and cleaning crews. Fraudsters know this.
A common scenario begins with what appears to be a legitimate invoice. For example, a property manager receives a bill for carpet installation in Unit 5. It looks routine. Payment is issued. Weeks later, the carpet installer requests payment—only for the property manager to discover the invoice was already paid to a fraudulent vendor.
At that point, difficult questions follow: Was this an outside vendor impersonating a contractor? Was it a fake account created to mirror a legitimate one? Or was there internal collusion?
Criminals often start small. An initial invoice might be $35—low enough to avoid scrutiny. The next might be $3,500. Then $35,000. The amounts escalate until someone notices.
Escrow and Wire Transfer Interception
Another high-risk moment is during acquisitions, refinancings, or property closings. Criminals infiltrate email systems—sometimes through phishing, sometimes through compromised vendor accounts—and quietly monitor communications.
They wait, and then when the legitimate wire transfer instructions are expected, the fraudster sends updated instructions that appear authentic. Funds are wired and may never be recovered.
In these cases, determining responsibility becomes complex. Did the breach occur within the building owner’s system? Or was the escrow company’s email compromised? That distinction can determine which insurance policy responds, or whether coverage applies at all.
Vacancy and Property Transition Risks
Deepfake and impersonation schemes intersect with a different operational challenge: vacancy.
When properties sit vacant during tenant transitions, oversight weakens. Fraudsters may exploit that gap through fake maintenance emergencies, impersonated vendor communications, or unauthorized occupancy.
At the same time, insurance policies often treat “occupied,” “unoccupied,” and “vacant” properties differently. If a building is vacant beyond a defined period (often 30 days), coverage terms may change automatically. Replacement cost coverage can be reduced, loss-of-rents provisions may be limited, and valuation may be depreciated.
Best Practices for Facility and Property Teams
1. Strengthen vendor payment controls. Two operational controls can significantly reduce exposure:
- Invoice and account matching. Every invoice should include a vendor account number that matches what is on file in the accounting system. If it cannot be matched, it should not be paid.
- Pre-approval thresholds. Establish dollar limits by vendor. If an invoice exceeds the predefined threshold, it should require secondary or verbal approval before payment is released.
2. Verify third-party insurance before engaging escrow providers. Before working with escrow companies or third-party financial intermediaries, obtain certificates of insurance and confirm adequate errors and omissions (E&O) or professional liability coverage. If a wire fraud originates from their compromised system, their policy—not yours—may need to respond.
3. Carry both crime and cyber coverage. Many building owners assume fraud losses fall solely under a crime policy. But deepfake-driven schemes typically involve cyber intrusion as well. Maintaining both crime and cyber insurance helps address the dual nature of these incidents.
4. Provide ongoing fraud and cyber training. Fraud prevention cannot be confined to accounting teams. Anyone with system access can become the weak link.
Training should extend to property managers, facilities staff, executives, and administrative teams. Even cleaning crews and maintenance personnel who access internal systems should understand phishing risks and impersonation tactics.
For smaller teams, periodic webinars may suffice. Larger organizations may require quarterly or mandatory annual programs. The key is repetition. Fraud awareness must remain top of mind.
Shifting How Building Leaders View Risk
AI-enabled impersonation is blurring the line between cyber events and operational failures. The threat is no longer confined to IT departments. It sits in the workflows that keep buildings running, such as vendor management, tenant transitions, escrow processes, and facilities oversight.
The response requires more than stronger passwords. It demands tighter financial controls, clearer approval protocols, continuous staff training, and insurance programs that reflect how fraud actually unfolds in commercial real estate operations.
