Real Estate Fraud Is Booming: How Are You Protecting Your Clients?
Data from the Federal Bureau of Investigation (FBI) point to boom times for real estate fraud. In 2022, real estate fraud cost victims $396.9 million, a 13.30% rise from 2021 and an 86.18% rise from 2020. More than $132 million more was lost to real estate fraud in 2022 than to check and credit card fraud, which get the majority of the headlines.
As the FBI notes, these crimes can be devastating for individuals, who could lose their life savings or the opportunity to use money from a home sale to purchase another property. Loss of a commission or fee is the least of the worries here. Imagine how you would feel if your actions caused someone to lose everything they had. Imagine what that client will say about you, and the damage this could cause to your business and professional reputation.
Why Is Real Estate Fraud Rising?
Real estate is a preferred target for criminals for one reason: wire fraud. Few other industries move money from individual clients at the level of real estate professionals. A single transaction can be worth $250,000, $500,000 or over $1,000,000. All a criminal has to do is grab one of those transactions for a massive payday.
Sophisticated criminals know that real estate wire transfers are low-risk, high-yield opportunities. Why settle for a few hundred dollars from a stolen credit card when a single wire transfer could be worth hundreds of thousands?
How Real Estate Wire Fraud Works
The majority of real estate wire fraud cases stem from business email compromise (BEC) attacks. You may currently be in the crosshairs of a fraudster and not know it.
These attacks follow a predictable pattern:
- A criminal gains access to email accounts for individuals involved in a real estate transaction. This could be an agent, a broker, a banker or an individual buyer or seller.
- The criminal waits until the wire transfer is about to take place. They then send an email, either spoofing a real email account or directly from a compromised email, directing the wire transfer to a bank account that they control.
- The unwitting real estate professional sends the transfer to the bogus account.
- The criminal empties the account as soon as the transfer is complete. They may withdraw cash, transfer the funds to new accounts, convert the money to cryptocurrency or make deposits via large checks.
Around half of the money stolen in wire fraud scams remains in the United States, while the other half routes to offshore banks, with China and Hong Kong as top destinations. Once the money has been moved, there is little that law enforcement can do to recover it, though the recovery rate is higher for money that stays in the United States.
Steps to Take to Prevent Wire Fraud
To protect your clients and your business, you must first acknowledge that you are a target. You transfer life-changing amounts of money using methods that criminals understand and know how to exploit. In the 1800s, criminals went after stagecoaches loaded with cash and valuables, as well as trains. In the 1900s, criminals infiltrated airports and robbed couriers and armored vehicles. In the current era, a single criminal can get a larger payday by intercepting a single wire transfer.
Today’s criminal may have an edge, because the people who moved cash and valuables in the past knew that they were targets and took steps to defend themselves, while the targets of wire fraud may be completely unaware of their vulnerability. Know that criminals are watching you, that they want to steal from you and that it is a matter of when, not if, they will attack.
Understanding this threat will help you recognize risks. Vigilance is the most important tool in cyber security. With that in mind, here are some techniques you can use to prevent wire fraud.
Preventing Real Estate Fraud in Your Business
Be aware that criminals will attempt to gain access to your email, business emails, client emails and the systems you use to transfer funds, such as online banking apps. You may not know that an account has been compromised, and criminals may wait to launch an attack until they see a high-dollar transaction.
1. Enable two-factor authentication. Anyone who has the authority to issue a wire transfer must use some form of two-factor authentication to protect their email and banking logins. This is required for all users of GMail, and should be an option for any software you use. The best form of two-factor authentication sends a code via text message to your phone. Never share these codes with anyone under any circumstances.
2. Monitor network activity. Your in-house or third-party IT support professionals, or a Virtual CISO, should monitor online requests to and from the services you use. In some cases, service providers may do this automatically. Requests that come from unusual locations or at unusual hours, as well as any first-time request from a new location, should be flagged for review. Criminals need to communicate with your servers to send fake emails. Monitoring logins and access requests is one of the best ways to detect criminal intrusions. Monitor for unusual data exchanges as well, as these could signal a cyber attack.
3. Change passwords often, or use a password manager. Criminals like soft targets who do not appear to be aware of cyber security. Changing passwords sends a signal that you take security seriously. Using a password manager sends the same message. Do not expect to deter all criminals engaged in wire fraud with this method, as the lure of a big payout tends to make criminals more persistent and willing to take bigger risks, but do know that these methods will make it much harder for them.
4. Require additional authorization before sending a wire transfer. Set a company-wide protocol that requires a second person within your business to review wire transfers before they are sent. This person should receive a copy of any emails authorizing transfers, including the sender and reply-to lines. A second set of eyes may catch an irregularity that you miss.
Protecting Clients from Wire Fraud
1. Educate clients on wire fraud risks. You may worry that clients will choose someone else if you start talking about wire fraud. In reality, some clients will approach you fully aware of the risks, while others will find your focus on security valuable. As part of your initial meeting with a new client, ask them what they know about wire fraud. Position yourself as knowledgeable and committed to protection.
2. Collect two contact emails and phone numbers, if possible. Make a note of these in the client’s record. Inform the client that no transaction can be authorized without verification via a phone call. When criminals send phony transfer requests, they often include a phone number to call. Ignore this and use the number you have on file. If you cannot reach someone at the primary number, use the secondary number.
3. Establish a password with your clients. This should be communicated only by voice, never by email. It should be something difficult to guess, and potentially meaningful to the client, such as a favorite teacher’s or pet’s name. Tell the client that you will call to verify any transfer request and that you will ask for the password. If the client forgets the password, ask them to come to the office to verify a request in person, or offer to visit them to confirm.
4. Refuse to accept wire transfer instructions via email. If your company policy forbids emailed instructions, and you communicate this clearly to clients, you can ignore every criminal attempt to email transfer instructions. If you receive such an email, you will then know that someone involved in the transaction has had their cyber security compromised.
5. Have the client personally verify transfer receipt. If possible, this step ensures that funds go to the right place. Time is of the essence in stopping wire fraud, as criminals will begin moving the money the moment they have access to it.
Remember that criminals may target your client. Everyone involved in a high-dollar transaction should be on alert for unusual online activity. Warn clients that someone claiming to be you may try to contact them. Setting up client-specific passwords and requiring voice or in-person verification of transfers are two of the best ways to stop criminals from hijacking funds.
Be aware that criminals have access to a growing arsenal of sophisticated tools, including AI-powered deepfake technology that allows them to impersonate someone’s voice in real time from just a few seconds of online audio. While this may seem too sophisticated to affect you, remember that a single transfer worth hundreds of thousands of dollars is strong motivation for criminals.
Real estate fraud seldom makes headlines, but it happens every single day, and it can wipe out your clients finances. To serve your clients professionally, you must make cyber security awareness and training part of your practice. If you need help with training, or with securing your systems against criminals, please call us at 1-8oo-658-8311 or contact us online.