Last December, a leasing assistant at a midsize property firm in downtown Salt Lake City got a text from her "Regional Manager": "Grab $2,000 in Amazon gift cards for owner gifts—scratch the backs and send me the codes." It was mid-move-out season chaos, and she didn’t think twice. By the time she confirmed with her actual manager, the scammers were long gone.
That was small potatoes compared to what happened to a real estate investment group in Texas. A junior accountant processed multiple wire transfers to what looked like updated vendor accounts. The result? $60 million gone—wiped out by an attack that mirrored the tone, timing, and urgency of routine operations.
Think Your Property Firm Is Too Small? Think Again.
Gift card scams alone cost U.S. businesses over $217 million in 2023. And Business Email Compromise (BEC) attacks made up 73% of all cyber incidents in 2024.
For Salt Lake City property managers, the danger spikes during the holidays. Your team is short-staffed, juggling final rent rolls, vendor payments, and maintenance tickets. That’s when cybercriminals strike—because they know you're vulnerable.
5 Holiday Scams Every Salt Lake City Property Manager Needs To Watch For
- "Your Owner Wants Gift Cards" (The $2,000 Trap)
The scam: Someone impersonates an owner or executive and asks for gift cards to be sent "ASAP."
Real estate spin: Happens often around tenant move-outs or owner appreciation gifts.
Prevention: Create a policy that requires two-person verification for any gift card or wire transaction. Make it clear: leadership never requests financial actions over text or personal email.
- Vendor Wire Switch-Ups (The Budget-Buster)
The scam: Hackers monitor vendor communication threads and send a "new banking details" email just before invoice payments go out.
Real estate spin: This often hits when paying for snow removal, HVAC upgrades, or security installs at the end of Q4.
Prevention: Always call the vendor using their known phone number before updating any bank details in your system. Implement a "Call Rule" for anything over $5,000.
- Fake Package Delivery Alerts
The scam: E-mails or texts mimic USPS, UPS, or FedEx and urge the user to "reschedule a failed delivery."
Real estate spin: Maintenance teams often receive packages during this time—scammers exploit that.
Prevention: Bookmark tracking links to official carrier sites. Train staff to never click links from delivery notifications.
- Malware-Infected "Holiday Schedule" Attachments
The scam: Looks like a party invite or year-end schedule PDF—but it installs malware when opened.
Real estate spin: Commonly targets operations managers and HR teams coordinating holiday hours.
Prevention: Disable macros on all endpoints. Use email scanning tools. Make it company policy to verify any unplanned file attachments.
- Charity Donation Scams
The scam: Fake campaigns mimic local charities or promote "company match" drives that capture credit card info.
Real estate spin: Often pitched as "supporting local housing or tenant aid funds."
Prevention: Share an internal list of vetted nonprofits. Require all donations go through a centralized platform.
Why These Attacks Work (And Why They Target Property Managers)
The very tools that keep your operations running—email, cloud-based rent rolls, digital payments—are the same ones cybercriminals manipulate. These aren’t clunky old spam attacks. These are precise, timed, socially engineered schemes that mirror your workflows.
And yet, most Salt Lake City property teams don’t have:
- Simulated phishing training
- Company-wide MFA
- Clear policies for financial approvals
- An IT provider that actually understands real estate software
Firms that implement phishing training reduce cyber risk by over 60%. Yet the average PM firm in Salt Lake City still treats IT like a utility instead of a critical layer of operational infrastructure.
Your Salt Lake City Holiday Cybersecurity Checklist
Before December hits full swing, here’s how to reduce your exposure:
- The Two-Person Rule
Require all financial changes or transactions over a set threshold (we recommend $5,000) be confirmed by two people—and through a separate communication channel.
- Gift Card Protocol
Make it crystal clear: No one in leadership will ever request gift cards via text or email. Put it in your employee handbook, and review it with your team.
- Vendor Payment Verifications
When banking info changes, confirm by phone—never by replying to an email.
- Enforce MFA
Enable multifactor authentication on all logins—especially for AppFolio, Yardi, Microsoft 365, and banking portals.
- Do a Holiday Cyber Drill
Take 20 minutes to run through these five scenarios with your staff. Bonus points if your IT partner runs a phishing simulation.
What’s at Stake? More Than Just Money
Sure, Orion S.A. lost $60 million. But the damage goes deeper than dollars:
- Leasing delays during your busiest season
- Trust issues from building owners and tenants
- Skyrocketing insurance premiums after a breach
- Exhausted staff trying to untangle digital messes during holiday PTO
The average BEC attack costs $129,000—enough to derail year-end bonuses or major upgrades. Most Salt Lake property firms can’t absorb that and keep things running smoothly.
Make This the Year You Don’t Get Burned
You’re juggling tenant expectations, holiday maintenance, and year-end reports. The last thing you need is a preventable tech disaster.
If you're not 100% sure your team is protected, let’s change that.
Click here to schedule your Free Network Assessment with Qual IT. We’ll walk you through quick-win protections specific to Salt Lake City property firms—and point out any cracks before they turn into breaches.
Because the best gift you can give your ops team this season... is peace of mind.
