Real Estate Fraud Is Booming: How Are You Protecting Your Clients?

Data from the Federal Bureau of Investigation (FBI) point to boom times for real estate fraud. In 2022, real estate fraud cost victims $396.9 million, a 13.30% rise from 2021 and an 86.18% rise from 2020. More than $132 million more was lost to real estate fraud in 2022 than to check and credit card fraud, which get the majority of the headlines.

Real Estate Fraud Is Booming: How Are You Protecting Your Clients?As the FBI notes, these crimes can be devastating for individuals, who could lose their life savings or the opportunity to use money from a home sale to purchase another property. Loss of a commission or fee is the least of the worries here. Imagine how you would feel if your actions caused someone to lose everything they had. Imagine what that client will say about you, and the damage this could cause to your business and professional reputation.

Why Is Real Estate Fraud Rising?

Real estate is a preferred target for criminals for one reason: wire fraud. Few other industries move money from individual clients at the level of real estate professionals. A single transaction can be worth $250,000, $500,000 or over $1,000,000. All a criminal has to do is grab one of those transactions for a massive payday.

Sophisticated criminals know that real estate wire transfers are low-risk, high-yield opportunities. Why settle for a few hundred dollars from a stolen credit card when a single wire transfer could be worth hundreds of thousands?

How Real Estate Wire Fraud Works

The majority of real estate wire fraud cases stem from business email compromise (BEC) attacks. You may currently be in the crosshairs of a fraudster and not know it.

These attacks follow a predictable pattern:

  1. A criminal gains access to email accounts for individuals involved in a real estate transaction. This could be an agent, a broker, a banker or an individual buyer or seller.
  2. The criminal waits until the wire transfer is about to take place. They then send an email, either spoofing a real email account or directly from a compromised email, directing the wire transfer to a bank account that they control.
  3. The unwitting real estate professional sends the transfer to the bogus account.
  4. The criminal empties the account as soon as the transfer is complete. They may withdraw cash, transfer the funds to new accounts, convert the money to cryptocurrency or make deposits via large checks.

Around half of the money stolen in wire fraud scams remains in the United States, while the other half routes to offshore banks, with China and Hong Kong as top destinations. Once the money has been moved, there is little that law enforcement can do to recover it, though the recovery rate is higher for money that stays in the United States.

Steps to Take to Prevent Wire Fraud

To protect your clients and your business, you must first acknowledge that you are a target. You transfer life-changing amounts of money using methods that criminals understand and know how to exploit. In the 1800s, criminals went after stagecoaches loaded with cash and valuables, as well as trains. In the 1900s, criminals infiltrated airports and robbed couriers and armored vehicles. In the current era, a single criminal can get a larger payday by intercepting a single wire transfer.

Today’s criminal may have an edge, because the people who moved cash and valuables in the past knew that they were targets and took steps to defend themselves, while the targets of wire fraud may be completely unaware of their vulnerability. Know that criminals are watching you, that they want to steal from you and that it is a matter of when, not if, they will attack.

Understanding this threat will help you recognize risks. Vigilance is the most important tool in cyber security. With that in mind, here are some techniques you can use to prevent wire fraud.

Preventing Real Estate Fraud in Your Business

Be aware that criminals will attempt to gain access to your email, business emails, client emails and the systems you use to transfer funds, such as online banking apps. You may not know that an account has been compromised, and criminals may wait to launch an attack until they see a high-dollar transaction.

1. Enable two-factor authentication. Anyone who has the authority to issue a wire transfer must use some form of two-factor authentication to protect their email and banking logins. This is required for all users of GMail, and should be an option for any software you use. The best form of two-factor authentication sends a code via text message to your phone. Never share these codes with anyone under any circumstances.

2. Monitor network activity. Your in-house or third-party IT support professionals, or a Virtual CISO, should monitor online requests to and from the services you use. In some cases, service providers may do this automatically. Requests that come from unusual locations or at unusual hours, as well as any first-time request from a new location, should be flagged for review. Criminals need to communicate with your servers to send fake emails. Monitoring logins and access requests is one of the best ways to detect criminal intrusions. Monitor for unusual data exchanges as well, as these could signal a cyber attack.

3. Change passwords often, or use a password manager. Criminals like soft targets who do not appear to be aware of cyber security. Changing passwords sends a signal that you take security seriously. Using a password manager sends the same message. Do not expect to deter all criminals engaged in wire fraud with this method, as the lure of a big payout tends to make criminals more persistent and willing to take bigger risks, but do know that these methods will make it much harder for them.

4. Require additional authorization before sending a wire transfer. Set a company-wide protocol that requires a second person within your business to review wire transfers before they are sent. This person should receive a copy of any emails authorizing transfers, including the sender and reply-to lines. A second set of eyes may catch an irregularity that you miss.

Protecting Clients from Wire Fraud

1. Educate clients on wire fraud risks. You may worry that clients will choose someone else if you start talking about wire fraud. In reality, some clients will approach you fully aware of the risks, while others will find your focus on security valuable. As part of your initial meeting with a new client, ask them what they know about wire fraud. Position yourself as knowledgeable and committed to protection.

2. Collect two contact emails and phone numbers, if possible. Make a note of these in the client’s record. Inform the client that no transaction can be authorized without verification via a phone call. When criminals send phony transfer requests, they often include a phone number to call. Ignore this and use the number you have on file. If you cannot reach someone at the primary number, use the secondary number.

3. Establish a password with your clients. This should be communicated only by voice, never by email. It should be something difficult to guess, and potentially meaningful to the client, such as a favorite teacher’s or pet’s name. Tell the client that you will call to verify any transfer request and that you will ask for the password. If the client forgets the password, ask them to come to the office to verify a request in person, or offer to visit them to confirm.

4. Refuse to accept wire transfer instructions via email. If your company policy forbids emailed instructions, and you communicate this clearly to clients, you can ignore every criminal attempt to email transfer instructions. If you receive such an email, you will then know that someone involved in the transaction has had their cyber security compromised.

5. Have the client personally verify transfer receipt. If possible, this step ensures that funds go to the right place. Time is of the essence in stopping wire fraud, as criminals will begin moving the money the moment they have access to it.

Remember that criminals may target your client. Everyone involved in a high-dollar transaction should be on alert for unusual online activity. Warn clients that someone claiming to be you may try to contact them. Setting up client-specific passwords and requiring voice or in-person verification of transfers are two of the best ways to stop criminals from hijacking funds.

Be aware that criminals have access to a growing arsenal of sophisticated tools, including AI-powered deepfake technology that allows them to impersonate someone’s voice in real time from just a few seconds of online audio. While this may seem too sophisticated to affect you, remember that a single transfer worth hundreds of thousands of dollars is strong motivation for criminals.

Real estate fraud seldom makes headlines, but it happens every single day, and it can wipe out your clients finances. To serve your clients professionally, you must make cyber security awareness and training part of your practice. If you need help with training, or with securing your systems against criminals, please call us at 1-8oo-658-8311 or contact us online.

Lessons Every Worker Can Take from Realtor Safety Month

September 2023 marks the 20th anniversary of the National Association of Realtors’ (NAR) REALTOR® Safety Month. With more than 1,5 million members, the NAR is the largest trade association in the United States, and it has extensive experience working with real estate professionals, law enforcement and government officials to improve on-the-job safety.

Lessons Every Worker Can Take from Realtor Safety MonthIt should surprise no one that real estate brokers, appraisers, salespeople and property managers are victims of violent crime, with 23% reporting that they feared for their safety, or the safety of their personal information, in the 2022 NAR Member Safety Residential Report. That is nearly 1 in 4 individuals who felt threatened on the job,

Safety Month exists to raise awareness of the common dangers faced by these professionals, who often meet with people alone, in remote locations and in empty buildings. Those situations are not unique to the real estate industry. Safety Month guidelines from the NAR are valuable for any worker who interacts with the public, particularly those who visit clients at home or in remote locations, including delivery drivers, rideshare drivers, plumbers, electricians and salespeople.

Understanding and Assessing Risk at Work

Safety Month was created to encourage workers to think about the risks they face on the job and the best ways to manage them. In assessing risk, it can be helpful to think about what motivates criminals and how they choose their victims.

Most criminals seek financial gain and use manipulation, harassment, threats or, if all else fails, violence to get what they want from you. There are some cases where an individual seeks to inflict some kind of personal harm on someone else, but these cases are far rarer than robberies or muggings. You are most likely to be a victim of monetary or property theft on the job.

Criminals prefer easy targets in situations that they can control, away from others. How you present yourself, both in person and online, and how you protect yourself on the job contribute to a criminal’s assessment of your vulnerability. Making yourself a difficult target and limiting the chances for a dangerous encounter will protect you from the majority of criminals.

Here are some practical steps you can take to make criminals think twice about targeting you.

  1. Be mindful of what you share online. Your online profile does more than advertise you to potential clients. It also lets criminals know how vulnerable you are. It is increasingly common for criminals to research their targets online and plan a robbery ahead of time. If you follow good practices for cyber security, which include limiting what you share, regularly changing passwords and enabling two-factor authentication, criminals may move on from you to someone who appears to be an easier target. Personal phone numbers, personal emails and daily schedules should never be shared online.
  2. Always meet new clients in your office or a public place. This will not work for service professionals, such as plumbers and electricians, but it is recommended for all other workers. If you are conducting an assessment or inspection in a remote area, ask to meet in public place nearby and travel to the location from there. This will give you a chance to assess any possible risk.
  3. Travel in pairs. Many service professionals do this with new clients. Bringing someone else reduces risk but does not eliminate it. If you feel that you will be outnumbered by a group of criminals, leave the area.
  4. Ask for a preliminary video conference. Service professionals can ask a potential customer to show them the problem. Real estate professionals and appraisers can ask for a quick video tour of the property. Criminals will not agree to this, either because there is no real problem or because they do not have access to the property.
  5. Keep a second phone exclusively for business use. Carry it along with a personal phone wherever you go. Be sure to check coverage maps when selecting a second phone, so that you can maintain signal wherever you go. In the worst-case scenario, you can throw your business phone at an attacker and run while keeping your personal phone to call for help.
  6. Be mindful of urgency. Criminals often use the pretext of immediate need, or the threat of a lost opportunity, to lure victims into situations they would otherwise avoid. They may contact you late in the day, over the weekend or on a holiday and tell you that you must immediately come to a location to win their business. If you attempt to slow the process down, either by scheduling an appointment the next day or asking for a video tour, criminals will either give up on you or demand that you come anyway. Never let the promise of business overcome your personal safety rules.
  7. Be aware of individuals who lurk. Keep a close eye on people who arrive late to an open house, insist on a showing very late in the day or who shadow you while you do your job. Some curiosity on the part of customers is normal; someone who follows you closely is a potential danger. In this situation, ask for some space so you can do your work or inform the customer that you need to check something outside.
  8. Take a self-defense class. The NAR reports that 40% of Realtors® have completed a self-defense class. Good classes teach the ability to spot dangerous situations as well as how to react to them. It is always better to avoid the confrontation entirely than to know how to handle it.
  9. Carry a self-defense tool. Service professionals will have a truck or van full of things that can be useful in an attack, but salespeople, appraisers and real estate professionals may have little more than a pen and a computer. The best self-defense measures are nonlethal and have an area of effect, such as pepper spray. You will be more likely to use them in a dangerous situation, and they can incapacitate several attackers at once. Be sure to check your state’s rules for licensing and training, as you could face criminal charges if you discharge pepper spray or bear spray, even in self defense.
  10. Report any threatening messages you receive. The 2022 NAR Member Safety Residential Report revealed that 30% of Realtors® who were targeted by criminals received a threatening voice mail, email or text message before the attack. Threatening messages should be taken very seriously by all professionals, and you should take extra precautions after receiving them. The individual who threatens ahead of time is more likely to be motivated by anger or revenge and is simply looking for a chance to attack. This individual wants to harm you, unlike the opportunist criminal who simply wants to steal your phone or money.

Safety Month Exists to Challenge Your Routine

All workers fall into rhythms and routines on the job. Even those who practice good personal and cyber security may get comfortable over time and relax their safety practices in pursuit of efficiency or out of a sense of confidence.

People like to think that they are aware of the risks they face. Some believe they have an instinct that lets them anticipate danger. These mental gaps can put you in threatening situations. Remember that criminals have one job: To find victims and steal from them. They spend all of their time looking for new tactics and honing strategies that succeed.

Safety Month provides an opportunity to think about the risks you face and to retrain yourself in practices that limit risk. This is a good time to review personal protocols, company protocols and cyber security practices. Should you need help with cyber security, or guidance on establishing safe working practices for your business, please contact us online or call us at 1-800-658-8311.

 

FTC Safeguards Rule: Real Estate Businesses Must Check Their Status

The new FTC Safeguards Rule goes into effect on June 9. Everyone in the real estate industry needs to take note of this and evaluate their need for compliance. Failure to comply can result in fines up to $43,972 per day. There is an above-average chance that your real estate business will be subject to these regulations.

The new FTC Safeguards Rule goes into effect on June 9. Everyone in the real estate industry needs to take note of this and evaluate their need for compliance.Who Is Subject to the FTC Safeguards Rule in Real Estate?

The National Association of Realtors® (NAR) issued a Washington Report update on the Safeguards Rule, outlining who is subject to the new regulations.

You are considered a “financial institution” under the FTC Safeguards rule if–

You maintain customer information for more than 5,000 customers

and you provide the following:

    • Real estate settlement services
    • Appraisal services (unless you are appraising on a one-time basis and destroying records)
    • Mortgage services
    • “Finder” services that match buyers and sellers who negotiate their own transactions

The size of your agency, including number of employees, transactions or annual revenue, has no bearing on Safeguards Rule compliance. If you store records for more than 5,000 customers, you are subject to these regulations.

Two Options for Real Estate Safeguards Rule Compliance

The simplest way for any real estate professional to comply with the Safeguards Rule is to delete old data. If you maintain fewer than 5,000 records, you are not subject to the rule. Note that the regulations apply equally to paper records and digital records and they do not specify the type of customer information that is considered. In other words, if you have a storage unit full of old customer files or a huge email list, that could put you over the limit of 5,000 records, even if you do not have in-depth, digital financial records for all of those customers. Specifically,

Customer information means any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.

This can create confusion, because some may interpret the rule to mean financial information, while the Safeguards Rule itself has no such limitations. In thinking about whether a particular record contains personal information, ask yourself this question: Could this information, by itself or in combination with information gathered elsewhere, be used to harm a customer? Considered in that context, information as mundane as an email address or phone number qualifies for protection under the Safeguards Rule.

Can you delete or destroy your old records? For most appraisers, agents and brokers in small agencies, this should be possible. Think about the number of transactions you process in a year and the average time you need to hold on to information to complete a transaction. Even if you want to hold on to information for your most valuable clients, you should be able to get under the 5,000-record limit. Be aware that you will need to put a program in place to delete or destroy records on a regular basis to stay under the limit, and that it is prudent to allow some breathing room: You do not want to have 4,998 records if the FTC launches a compliance investigation. It is better to set a cap around 4,000 or fewer, if your business allows.

If you must maintain more than 5,000 records, you must comply with the FTC Safeguards Rule. In general you cannot do this on your own. The regulations require a qualified individual, someone with a professional background in cyber security, to evaluate current security measures, enforce security protocols and verify compliance among all third-party vendors and service providers. The Qualified Individual will also create a written security plan that includes information on how data are stored and retrieved, as well as data destruction protocols and steps to take in case of a cyber attack.

For most real estate businesses, a Virtual CISO can handle the majority of compliance needs. This is an experienced cyber security professional who offers their support as a service at a much lower rate than a full-time cyber security specialist. Larger real estate businesses that process a significant amount of transactions each year, those who build and operate apps or online systems, or those with extensive archives of paper and electronic records, may want to consider a full-time Chief Information Security Officer who can manage the risks of custom software.

Protect Now can help you find a Virtual CISO versed in FTC Safeguards Rule compliance, and provide CE-eligible cyber security training for real esate professionals. If you have questions or concerns about the Safeguards Rule, please contact us online or call us at 1-800-658-8311.

Use Caution When Closing on Your New Home

It’s Realtor Safety Month. Real estate agents and their clients are targeted by violent criminals and cyber thieves. Statistically, tens of thousands of real estate agents are subjected to violence annually. Wire fraud, where a homebuyer’s email or real estate agent’s email is hacked, lose millions in various mortgage fraud closing scams. Studies show on average, Americans buy 3 to 5 homes in their lifetime. Chances are, you’re going to be engaged in some form of a real estate transaction in the next 5-10 years. There are a few things to know.

Think about this for a minute: You have been working hard and stocking money away, and you have finally found your dream home. The loan goes through, you wire the money to the bank or title company, and you think all is well. You go to sign the final paperwork and your heart falls out of your chest…they tell you that they never received the money, but you sent it. What happened? You were the victim of a real estate scam.

Real estate scams are more common than you probably think, and they often involve phishing. The scammers can take over the email address of the Realtor, the buyer, the title company, etc, and it is happening much more than ever before. In fact, it’s so common that buyers are losing millions of dollars each year.

When a hacker takes control of the email address of a real estate agent or a title company, they can then send very official-looking emails to people asking them to wire money for their new home to a specific bank account. However, what these buyers don’t realize is that the money goes to a different bank account…one that belongs to the hacker. By the time the scam is discovered, the money is long gone.

Sadly, this scam is getting more and more common, and it has happened to thousands of people trying to buy homes. One of the issues is that the real estate industry, as a whole, doesn’t really pay as much attention to security as it should. Though there are things like encryption, the real estate industry, including real estate agents, use a lot of free accounts and unprotected methods of communication. On top of this, Realtors and title agents are always on the move, so they use a lot of public Wi-Fi to access their accounts. This is essentially like inviting the hackers in.

Stopping Scams During Real Estate Closings

If you are looking to buy a house, you definitely should make sure that you are taking the right steps to prevent scams like these. Here are some things that you should do:

  • Don’t use email as the only way to set up your financial transactions. Use the phone, make a call, and confirm all of the transactions that are occurring.
  • You should have everything in writing, and then double-check all of this. Make sure you are using some type of system such as meeting the Realtor or title company in person or via video chat.
  • If you get directions to wire money, contact the company first to make sure that it’s legitimate. Don’t email them and ask them to call, however. Why? Because you could simply be emailing the hacker.
  • Also, make sure you confirm via phone with the title company, bank, and real estate agent about any money transfer.
  • Verify all transfers as soon as you can. If you believe you have sent money to a scammer, immediately call the bank. They may be able to freeze the money.
  • Ask the people you are working with about their email. Is it secure? How do they know? Do they use encryption and two-factor authentication? Are they using strong passwords?
  • You can also ask if they have a “forwarding email” set in their settings. Even if they say no, make sure they check. Many people who are victims of this don’t even realize that their emails are being forwarded to hackers.
  • Do they know if people are logging into their email from other locations?
  • Ask them to enter their email address at the Protect Now FREE Email Checker to see if their email has been compromised in a data breach You can also check their email address right on the site. Then, if you find the email address in vulnerable, you can tell them, and they can take the appropriate steps.

Remember, you should never assume that anyone, including yourself, is totally secure during any type of real estate transaction. You should not take for granted that the Realtor has someone in their home, such as their child, who could be using the same computer for gaming, and it is filled with spyware.

Buying a home is typically the biggest financial transaction that people ever do, and if you fall victim to a scam like this, you can easily be ruined, financially. Be aware, cover your bases, and be annoying if you must; you should always insist on a secure transaction when buying a home.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Wire Fraud: How Criminal Prey on the Real Estate, Construction, Manufacturing and Art Industries

In any industry where money is transferred or large bills are paid,the door is open for hacks. In manufacturing they pay large vendors for all materials and sometimes overseas. In construction developers pay contractors huge sums of money for labor and materials. You might be buying a home or an expensive piece of art, and either way, these transactions are typically not done in cash. You might think that in well-established industries such as the real estate industry, construction and manufacturing, there are checks and balances, but this isn’t totally the case. The same goes for the art industry.

Most of us won’t be buying multi-million-dollar pieces of art imported from Italy, but many people reading this will buy a home.

As we look at the home buying process and scams, the information is pretty frightening. The Internet Crime Complaint Center, which is part of the FBI, released a report that showed email fraud in the real estate industry rose more than 1,110% from 2015 to 2017. The amount of money lost in real estate fraud rose approximately 2,200%. What does this mean? It means scammers are more efficient than ever before. In 2020 that number jumped another 13%. Recently in a real estate transaction a psychology professor at UC Berkeley, wired $921,235.10 to scammers.

In 2017, almost 10,000 people reported that they were a victim of fraud and identity theft during real estate transactions, and in total, the money lost topped $56 million. Only recently has the real estate community been paying attention to this, but it’s just not enough. Again, the same thing can be said about the art world. Both of these industries are having big issues with fraud.

The Story You Have to Hear

 Every once in a while, I meet someone in my travels who seem to have the perfect life…or at least I would consider it to be pretty great. These people are smart, they have made the right choices, they have worked hard, and they have reaped some amazing awards. A couple of years ago I met a married couple who had this perfect life. The guy was literally into money. His job was to not just handle investments for companies, but for actual countries. He brought in huge commissions for this work, and the pair could literally buy anything that they wanted. However, this also made them a target for scammer.

With all of the money they had, the couple soon got into a new hobby: collecting fine art. Though I don’t know a ton about art, I can tell you that their collection was pretty amazing. They primarily collected at type of art called hyperrealism. Essentially, artists who work in hyperrealism create paintings that look like photographs. Look it up…it’s very cool.

Long story short, the guy decided that he wanted to buy a new painting. It had a price tag of $200,000, and he did this via email. Now typically, this is where alarm bells might go off, but the guy didn’t think this was weird, as he had done it like this several times before. This time, though, things were different.

You see, as he was emailing with the gallery he purchased the paintings from, a hacker was able to intercept the emails because the gallery got hacked. Instead of wiring the $200,000 to the gallery, he wired it directly to the hacker.

Keep in mind, this guy was in finance, and people in this industry are specifically conditioned to know about risk. After talking about it later, he said that there were a couple of things in the emails that could be a sign that something was wrong, but again, doing transactions via email is pretty standard in the art industry as it is in real estate.

Thankfully, his bank noticed the transaction because the account that he wired to was brand new, and the system his bank used was set up to flag any transactions that go to a new account, especially with that amount of money.

Once his bank got in contact with him, he immediately contacted the gallery and they confirmed that they had not gotten the money, and instead, it was probably a fraud. Of course he panicked, and thought his $200,000 was about to vanish. He called anyone and everyone he could think of to stop the transaction.

Finally, he realized that his company had a connection to someone higher up at the bank. He was able to get a personal call in, and they were able to stop the wire from completing. He was very lucky, but not everyone is.

Understanding How the Hack Works

 Though scammers have options at their fingertips, they do tend to like this hack, and they use it to target collectors, art galleries, manufacturers, construction companies, developers, and of course real estate companies, and more. So, if you work in these industries, or you interact with people in these industries, make sure you keep your eyes open.

Essentially, these hackers get information from data breaches, which give them email addresses and passwords from millions of people. So, when the art gallery sends an invoice to the art collector via email, the hacker realizes it, and they will step in.

The hacker takes on the persona of the dealer, the real estate agent, the developers bookkeeper, or the construction companies accountant, and comes up with a story that the client might believe, such as they need to issue a new invoice because there was a typo on it, or they need to change the instructions that the client must follow. They do this so that they can justify a change in the wiring and might even say that they can offer a small discount for the inconvenience. Usually, the buyer or the admin is happy to do this, and once the money is sent, the hacker collects it and disappears.

Victims of These Scams

 When we look at these scams, both the buyer and the seller, and all the companies involved are victims here. They are all left in the dark, and the hacker hijacks the communication. In other words, they control the emails, and they play both of the parts. In the art industry, for instance, when the gallery sends an email to its customer, the hacker intercepts the email and pretends to be the customer. The same thing happens when the customer sends an email to the gallery.

Since the hacker does this, there is plenty of time to cover their tracks and disappear. In the meantime, time and money is lost, and in some cases, the art gallery has even had to shut down for good.

Tips to Keep You Safe

If you work in any of these industries, keep these tips in mind:

  • Email account passwords should be very strong and unique. Don’t ever use the same password for more than one account. When creating a password, use uppercase and lowercase letters, and mix them with characters and numbers…and change them frequently.
  • Use password manager software and have a different password for every account.
  • Set up two-step authentication for your email account. When you log in, you will get a one-time password to your mobile phone, which means someone would need your password and your phone to get into your account.
  • Use an escrow service if you are sending large sums of cash.
  • Pick up the phone and call to confirm every step of the transaction.
  • Keep your anti-virus software updated.
  • When you send an invoice through email, text or call the recipient to check that they got it and that the account number is correct.
  • Talk to your staff about the importance of security, and make sure they understand what phishing scams are. Also, teach them not to click on any attachments or links in an email unless they have confirmed and verified the link or attachment by phone.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Are you at risk of wire fraud in Real Estate?

Closing on a new house is very exciting, but it’s also busy and expensive. It also could make you very vulnerable to hackers who know there is a lot of money on the line.

Real EstateAny industry involving wiring transfers of large sums of money is vulnerable to this new type of hack. Purchasing a car, home or piece of art are large transactions and are not usually done in cash. In well-established industries like real estate, there are some checks and balances, but while one would think it would be very tough to pull off this scam in real estate, it is just as easy.

When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent. That means scammers are getting more efficient.

Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back. However, the real estate industry’s security is not even close to the levels of security in the art world. Yet, both industries are susceptible to this new hack.

How the Hack Works

Although it’s not entirely a new concept, this is the freshest approach hackers are targeting real estate agents, and your clients. You need to put this on your radar! This is a pretty simple hack. Basically, criminals are breaking into the email accounts and then they monitor the email correspondence. Breaking in, in other words means “logging in” because millions of email addresses and their associated passwords are in the hands of criminals due to massive data breaches. So when the agent sends an email to client maybe with wiring instructions, the hacker is triggered and will step in. The bad guy will now impersonate the agent and warn that the instructions had a mistake on it or change up the instructions. The criminal does this to justify a wire transfer, maybe offering a slight discount, and then asks the buyer to send the money to a different account. Once the hackers have the money, the hacker just disappears.

The Victims of This Scam

Both buyers and sellers are victims here, and in many cases, both are left in the dark because the hacker hijacks the conversation. In other words, they take control of the emails and play both parts. This gives the hacker plenty of time to cover their tracks and get away, and in the meantime, money and time is lost for all parties involved. A wire fraud happening in the finance industry used to be a “thing,” but there are so many security protocols in place within finance making it difficult to pull off a transfer scam within the financial space.

Tips to Keep Email Fraud at Bay

These tips are for buyers, brokers, and real estate agents.

  • All email account passwords should include uppercase, lowercase, numbers and characters. Never use the same password twice—NEVER.
  • All email should have two-step authentication. This means after logging in, a one-time password is texted to the user’s mobile for account access.
  • Make sure to change all passwords for online accounts, including Wi-Fi, regularly and especially after a data breach.
  • Escrow services are your friend. There’s a ton of them. The gallery or broker will, or should, have a relationship with a trusted source.
  • Pick up the phone, and confirm every aspect of a transaction until you are blue in the face and annoying everyone involved to the point you are satisfied that the money is safe.
  • Update all of your anti-virus software.
  • When you send an invoice via email, call or text a trusted number of the recipient to double check that they got it and that they have the correct account number.
  • Urge all of your staff to remain vigilant when opening emails, and make sure that they do not click on any links or download attachments unless the correspondence has been verified by phone. If you have doubt, contact the sender by phone.

There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate.

Become CSI Protect Certified

If any or all of the above has left you empowered, meaning you feel you have a grip on it all, good for you. If the above was a bit overwhelming, confusing and made you feel like you have a LOT of work to do, then you need to become CSI Protect Certified. That means as a small business owner you become fully versed in Cyber Social and Identity Protection. CSI Protection Certified Agents recognize risk and know how to protect their information, their business data and their clients security.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Louisiana Woman Tries to Buy a Million Dollar Home with False Documents

Have you ever seen a house and thought…I wish I could afford that? Some people actually try it, but let this story be a lesson learned: if you can’t afford the cost of a house, you probably shouldn’t try to buy it.

Robert Siciliano Marriott Breach

Pamela Chandler was arrested and now faces forgery charges after she tried to purchase a home with a million-dollar price tag. How did she do it? She used false documents. Chandler, who also goes as Pamela Goldwyn, was arrested by a special Financial Crimes Task Force in Bossier City, LA. She also has several warrants out for her in Texas with crimes including fraud and the exploitation of certain groups of people including children, the elderly or the disabled. She was booked in jail and was not given a bond, as she is a flight risk.

According to court records, Chandler, who lists her age as 47, has a permanent address in Athens, Texas, but also has addresses in Maryland and Louisiana. A local Bossier City realtor reported her to local law officials after she tried to use illegitimate paperwork to buy the home. She claimed to have a trust fund, but the paperwork just didn’t add up. As the task force began to investigate the situation, it was found that she had also altered a letter from a layer to try to convince the realtor that she had enough in this fake trust fund to buy the home. It was also discovered that she had used a number of aliases over the years. It is believed that she uses an alias in a specific area until law enforcement catches on to her scams, and then changes her name and moves to a new area.

Much of the problem here can be blamed on easily obtained fake IDs. The fact is, our existing identification systems are insufficiently secure, and our identifying documents are easily copied. Anyone with a computer, scanner and printer can recreate an ID. Outdated systems exasperate the problem by making it too easy to obtain a real ID at the DMV, with either legitimate or falsified information.

Some of the department of multivehicle new requirements of improving facial recognition include not smiling for your picture or smile as long as you keep your lips together. Other requirements meant to aid the facial recognition software include keeping your head upright (not tilted), not wearing eyeglasses in the photo, not wearing head coverings, and keeping your hair from obscuring your forehead, eyebrows, eyes, or ears.

The fact is, identity theft is a big problem due to a systematic lack of effective identification and is going to continue to be a problem until further notice. In the meantime it is up to you to protect yourself. The best defense from new account fraud is identity theft protection.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Fake Real Estate Agent Caught Stealing $30K in Jewelry

Recently, a man was accused of pretending to be a real estate agent just to steal some jewelry from an open house. According to Toronto police, he has been arrested.

The victims are a couple (their identity isn’t being listed for their safety). They had an open house in a small city called Oakville. It’s in Ontario, which is about an hour west of Toronto (also in Canada). According to the investigators, a 29-year-old man saw an online ad for the open house. He decided to pretend that he was a real estate agent, went inside the home, and stole over $30,000 worth of jewelry from one of the upstairs bedrooms.

A native of Willow Beach, Ontario, a nearby town, the man was charged with a single count of being in a dwelling unlawfully and a single count of a theft over $5,000. Local law enforcement believes that this theft wasn’t an isolated incident. They’re currently encouraging people with information to provide details on this case or others in which they believe the man might be to blame.

Throughout the years, many criminals have tried posing as real estate agents to get access to people’s homes and buyer’s homes. Just last month in California, a woman was arrested for posing to be a realtor to steal tens of thousands of dollars from homebuyers.

Along with such, another man was arrested in January on the suspicion that he had posed as a real estate professional to steal rare art, expensive jewelry, and fine wine from a variety of celebrities, including Adam Lambert and Usher. His name was Benjamin Eitan Ackerman. It is important that homebuyers ensure that they are talking with their real estate agent each time that they speak with them on the phone or email them. You should see company letterhead on emails and may want to call the agent back on the number you have for them to ensure your safety.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.