Closing on a new house is very exciting, but it’s also busy and expensive. It also could make you very vulnerable to hackers who know there is a lot of money on the line.
Any industry involving wiring transfers of large sums of money is vulnerable to this new type of hack. Purchasing a car, home or piece of art are large transactions and are not usually done in cash. In well-established industries like real estate, there are some checks and balances, but while one would think it would be very tough to pull off this scam in real estate, it is just as easy.
When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent. That means scammers are getting more efficient.
Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back. However, the real estate industry’s security is not even close to the levels of security in the art world. Yet, both industries are susceptible to this new hack.
How the Hack Works
Although it’s not entirely a new concept, this is the freshest approach hackers are targeting real estate agents, and your clients. You need to put this on your radar! This is a pretty simple hack. Basically, criminals are breaking into the email accounts and then they monitor the email correspondence. Breaking in, in other words means “logging in” because millions of email addresses and their associated passwords are in the hands of criminals due to massive data breaches. So when the agent sends an email to client maybe with wiring instructions, the hacker is triggered and will step in. The bad guy will now impersonate the agent and warn that the instructions had a mistake on it or change up the instructions. The criminal does this to justify a wire transfer, maybe offering a slight discount, and then asks the buyer to send the money to a different account. Once the hackers have the money, the hacker just disappears.
The Victims of This Scam
Both buyers and sellers are victims here, and in many cases, both are left in the dark because the hacker hijacks the conversation. In other words, they take control of the emails and play both parts. This gives the hacker plenty of time to cover their tracks and get away, and in the meantime, money and time is lost for all parties involved. A wire fraud happening in the finance industry used to be a “thing,” but there are so many security protocols in place within finance making it difficult to pull off a transfer scam within the financial space.
Tips to Keep Email Fraud at Bay
These tips are for buyers, brokers, and real estate agents.
- All email account passwords should include uppercase, lowercase, numbers and characters. Never use the same password twice—NEVER.
- All email should have two-step authentication. This means after logging in, a one-time password is texted to the user’s mobile for account access.
- Make sure to change all passwords for online accounts, including Wi-Fi, regularly and especially after a data breach.
- Escrow services are your friend. There’s a ton of them. The gallery or broker will, or should, have a relationship with a trusted source.
- Pick up the phone, and confirm every aspect of a transaction until you are blue in the face and annoying everyone involved to the point you are satisfied that the money is safe.
- Update all of your anti-virus software.
- When you send an invoice via email, call or text a trusted number of the recipient to double check that they got it and that they have the correct account number.
- Urge all of your staff to remain vigilant when opening emails, and make sure that they do not click on any links or download attachments unless the correspondence has been verified by phone. If you have doubt, contact the sender by phone.
There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate.
Become CSI Protect Certified
If any or all of the above has left you empowered, meaning you feel you have a grip on it all, good for you. If the above was a bit overwhelming, confusing and made you feel like you have a LOT of work to do, then you need to become CSI Protect Certified. That means as a small business owner you become fully versed in Cyber Social and Identity Protection. CSI Protection Certified Agents recognize risk and know how to protect their information, their business data and their clients security.
ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.