30 July 2025
10 Tech Threats facing property professionals in 2025
Industry News, SHW News
At SHW we see technology as both a powerful ally to our day-to-day work and a potential adversary when it comes to the threat it can pose. As we embrace the digital transformation, we are seeing more and more sophisticated attacks. Unfortunately, it’s not just a problem for our technology team to deal with, we also need to ensure SHW staff are aware and prepared for the attacks that they may be a target of.
Here are 10 threats every property professional should know about.
1. Phishing Emails
The classic email from an attacker which has a dodgy link or attachment! However, attackers are levelling up—sending multiple emails, then calling to “help” with fake malware. Some even clone voices from the IT team.
Mitigate: Run phishing simulations in your business and enrol the staff in training if they fall for them. Awareness is key.
2. Ransomware Attacks
Hackers lock your files and demand payment to unlock them. These attacks can grind operations to a halt.
Mitigate: Backups, MFA, conditional access policies and regular updates are your best defence.
3. Deepfake & AI Generated Fraud
AI-generated voices or videos impersonate managers or IT staff, tricking you into sending money, buying gift cards or providing credentials. We’ve all seen them on social media and they are now creeping into work.
Mitigate: We’ve used regional meetings to speak about the potential example attacks that may cross their desk. Always verify requests – especially urgent ones.
4. QR Code “Quishing”
Fake QR codes in emails or public spaces lead to phishing sites that steal your login details.
Mitigate: Don’t use QR codes for logins. Be cautious before scanning and educate staff.
5. Shadow IT
Using unapproved apps can expose sensitive data and bypass security controls.
Mitigate: We whitelist authorised software, have a clear policy on app usage and educate teams on dangers of Shadow IT.
6. API Security Threats
Poorly secured APIs* can be manipulated to access backend systems and data.
Mitigate: Conduct API security assessments, implement rate limits and access tokens and always ensure they are up to date and patched.
*APIs (or Application Programming Interface) – think of this as – You (the customer) is looking at a menu in a restaurant and you decide what you want. The waiter (API) takes your order to the kitchen (the system or application). The kitchen prepares your food and gives it to the waiter (API) and brings it back to you (the customer). Poorly protected (exposed) APIs can be manipulated to access backend data in your business.
7. AI Tools and Bots
Bots can mimic real messages, scan your online presence, and even write malware that dodges detection.
Mitigate: Limit your public info, use threat detection tools, and train staff to spot red flags.
8. Supply Chain Attacks
Hackers target third-party vendors to infiltrate your systems through the back door.
Mitigate: Conduct regular risk assessments of suppliers, monitor third-party access, and implement continuous security checks—not just at onboarding.
9. Mobile & Browser-Based Exploits
Malware hidden in websites, ads, or browser extensions can infect devices silently.
Mitigate: Use mobile device management and restrict risky extensions.
10. Zero-Day Vulnerabilities
These are software flaws that haven’t been discovered yet—until attackers find and exploit them.
Mitigate: Apply security updates promptly, use threat detection tools, and adopt a zero-trust approach to limit exposure.
Cyber threats are evolving—but so are we. At SHW Property we believe the strongest defence isn’t just tech—it’s having informed colleagues.
