Email-based scams are getting harder to spot — and a new report from cybersecurity firm Abnormal AI highlights five attack methods that are increasing in frequency and sophistication in 2026. As an industry that runs on relationships, referrals, and fast-moving transactions, real estate professionals are a natural target.
Here’s what you need to know.
1. Fake Meeting Links (QR Code Phishing)
Scammers are sending emails that appear to come from legitimate contacts, asking recipients to scan a QR code to join a meeting or review a document. The QR code leads through multiple steps designed to build trust before ultimately stealing your login credentials. If you didn’t initiate the meeting request, don’t scan the code.
2. Fake Vendor Invoices with Fabricated Email Threads
Attackers are creating fake email chains that appear to show internal approval from a manager or executive, then using those fake threads as “evidence” to request payment on fraudulent invoices. The emails often include doctored invoices and W-9 forms. If you receive an unexpected invoice with an embedded email chain showing approval, verify directly with the person named before taking any action.
3. Fake App Permission Requests (OAuth Phishing)
These attacks disguise themselves as routine meeting invites or app notifications. When you click the link, you’re prompted to grant a third-party app access to your email account. Once granted, the attacker can read your emails, send messages as you, and maintain access even after you change your password. Be skeptical of any permission request from an app you didn’t intentionally install.
4. Emails from Compromised Accounts (Lateral Phishing)
When a scammer gains access to a legitimate email account — a colleague, a vendor, or a business contact — they use it to target others. Because the message comes from a real, trusted address, it bypasses most security filters and looks completely legitimate. Be cautious of unexpected requests or urgent asks, even from people you know.
5. AI-Generated Payroll and Direct Deposit Fraud
Scammers are now using AI to impersonate employees and send highly convincing emails to HR or office managers requesting changes to direct deposit information. The emails have no links, no attachments, and no obvious red flags — just a polished request that looks like it came from a colleague. Any request to change payment information should be verified by phone before acting on it.
What You Can Do
These attacks are designed to look routine. Slow down on any email that involves a financial request, a login prompt, or an unusual link — even if it appears to come from someone you trust. When in doubt, verify through a separate channel before acting.
Source: Abnormal AI, 2026 Threat Outlook Report. Read the full report here.
brought to you by our Platinum Sponsors
