Posts

Real Estate Fraud Is Booming: How Are You Protecting Your Clients?

Data from the Federal Bureau of Investigation (FBI) point to boom times for real estate fraud. In 2022, real estate fraud cost victims $396.9 million, a 13.30% rise from 2021 and an 86.18% rise from 2020. More than $132 million more was lost to real estate fraud in 2022 than to check and credit card fraud, which get the majority of the headlines.

Real Estate Fraud Is Booming: How Are You Protecting Your Clients?As the FBI notes, these crimes can be devastating for individuals, who could lose their life savings or the opportunity to use money from a home sale to purchase another property. Loss of a commission or fee is the least of the worries here. Imagine how you would feel if your actions caused someone to lose everything they had. Imagine what that client will say about you, and the damage this could cause to your business and professional reputation.

Why Is Real Estate Fraud Rising?

Real estate is a preferred target for criminals for one reason: wire fraud. Few other industries move money from individual clients at the level of real estate professionals. A single transaction can be worth $250,000, $500,000 or over $1,000,000. All a criminal has to do is grab one of those transactions for a massive payday.

Sophisticated criminals know that real estate wire transfers are low-risk, high-yield opportunities. Why settle for a few hundred dollars from a stolen credit card when a single wire transfer could be worth hundreds of thousands?

How Real Estate Wire Fraud Works

The majority of real estate wire fraud cases stem from business email compromise (BEC) attacks. You may currently be in the crosshairs of a fraudster and not know it.

These attacks follow a predictable pattern:

  1. A criminal gains access to email accounts for individuals involved in a real estate transaction. This could be an agent, a broker, a banker or an individual buyer or seller.
  2. The criminal waits until the wire transfer is about to take place. They then send an email, either spoofing a real email account or directly from a compromised email, directing the wire transfer to a bank account that they control.
  3. The unwitting real estate professional sends the transfer to the bogus account.
  4. The criminal empties the account as soon as the transfer is complete. They may withdraw cash, transfer the funds to new accounts, convert the money to cryptocurrency or make deposits via large checks.

Around half of the money stolen in wire fraud scams remains in the United States, while the other half routes to offshore banks, with China and Hong Kong as top destinations. Once the money has been moved, there is little that law enforcement can do to recover it, though the recovery rate is higher for money that stays in the United States.

Steps to Take to Prevent Wire Fraud

To protect your clients and your business, you must first acknowledge that you are a target. You transfer life-changing amounts of money using methods that criminals understand and know how to exploit. In the 1800s, criminals went after stagecoaches loaded with cash and valuables, as well as trains. In the 1900s, criminals infiltrated airports and robbed couriers and armored vehicles. In the current era, a single criminal can get a larger payday by intercepting a single wire transfer.

Today’s criminal may have an edge, because the people who moved cash and valuables in the past knew that they were targets and took steps to defend themselves, while the targets of wire fraud may be completely unaware of their vulnerability. Know that criminals are watching you, that they want to steal from you and that it is a matter of when, not if, they will attack.

Understanding this threat will help you recognize risks. Vigilance is the most important tool in cyber security. With that in mind, here are some techniques you can use to prevent wire fraud.

Preventing Real Estate Fraud in Your Business

Be aware that criminals will attempt to gain access to your email, business emails, client emails and the systems you use to transfer funds, such as online banking apps. You may not know that an account has been compromised, and criminals may wait to launch an attack until they see a high-dollar transaction.

1. Enable two-factor authentication. Anyone who has the authority to issue a wire transfer must use some form of two-factor authentication to protect their email and banking logins. This is required for all users of GMail, and should be an option for any software you use. The best form of two-factor authentication sends a code via text message to your phone. Never share these codes with anyone under any circumstances.

2. Monitor network activity. Your in-house or third-party IT support professionals, or a Virtual CISO, should monitor online requests to and from the services you use. In some cases, service providers may do this automatically. Requests that come from unusual locations or at unusual hours, as well as any first-time request from a new location, should be flagged for review. Criminals need to communicate with your servers to send fake emails. Monitoring logins and access requests is one of the best ways to detect criminal intrusions. Monitor for unusual data exchanges as well, as these could signal a cyber attack.

3. Change passwords often, or use a password manager. Criminals like soft targets who do not appear to be aware of cyber security. Changing passwords sends a signal that you take security seriously. Using a password manager sends the same message. Do not expect to deter all criminals engaged in wire fraud with this method, as the lure of a big payout tends to make criminals more persistent and willing to take bigger risks, but do know that these methods will make it much harder for them.

4. Require additional authorization before sending a wire transfer. Set a company-wide protocol that requires a second person within your business to review wire transfers before they are sent. This person should receive a copy of any emails authorizing transfers, including the sender and reply-to lines. A second set of eyes may catch an irregularity that you miss.

Protecting Clients from Wire Fraud

1. Educate clients on wire fraud risks. You may worry that clients will choose someone else if you start talking about wire fraud. In reality, some clients will approach you fully aware of the risks, while others will find your focus on security valuable. As part of your initial meeting with a new client, ask them what they know about wire fraud. Position yourself as knowledgeable and committed to protection.

2. Collect two contact emails and phone numbers, if possible. Make a note of these in the client’s record. Inform the client that no transaction can be authorized without verification via a phone call. When criminals send phony transfer requests, they often include a phone number to call. Ignore this and use the number you have on file. If you cannot reach someone at the primary number, use the secondary number.

3. Establish a password with your clients. This should be communicated only by voice, never by email. It should be something difficult to guess, and potentially meaningful to the client, such as a favorite teacher’s or pet’s name. Tell the client that you will call to verify any transfer request and that you will ask for the password. If the client forgets the password, ask them to come to the office to verify a request in person, or offer to visit them to confirm.

4. Refuse to accept wire transfer instructions via email. If your company policy forbids emailed instructions, and you communicate this clearly to clients, you can ignore every criminal attempt to email transfer instructions. If you receive such an email, you will then know that someone involved in the transaction has had their cyber security compromised.

5. Have the client personally verify transfer receipt. If possible, this step ensures that funds go to the right place. Time is of the essence in stopping wire fraud, as criminals will begin moving the money the moment they have access to it.

Remember that criminals may target your client. Everyone involved in a high-dollar transaction should be on alert for unusual online activity. Warn clients that someone claiming to be you may try to contact them. Setting up client-specific passwords and requiring voice or in-person verification of transfers are two of the best ways to stop criminals from hijacking funds.

Be aware that criminals have access to a growing arsenal of sophisticated tools, including AI-powered deepfake technology that allows them to impersonate someone’s voice in real time from just a few seconds of online audio. While this may seem too sophisticated to affect you, remember that a single transfer worth hundreds of thousands of dollars is strong motivation for criminals.

Real estate fraud seldom makes headlines, but it happens every single day, and it can wipe out your clients finances. To serve your clients professionally, you must make cyber security awareness and training part of your practice. If you need help with training, or with securing your systems against criminals, please call us at 1-8oo-658-8311 or contact us online.

Are you at risk of wire fraud in Real Estate?

Closing on a new house is very exciting, but it’s also busy and expensive. It also could make you very vulnerable to hackers who know there is a lot of money on the line.

Real EstateAny industry involving wiring transfers of large sums of money is vulnerable to this new type of hack. Purchasing a car, home or piece of art are large transactions and are not usually done in cash. In well-established industries like real estate, there are some checks and balances, but while one would think it would be very tough to pull off this scam in real estate, it is just as easy.

When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent. That means scammers are getting more efficient.

Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back. However, the real estate industry’s security is not even close to the levels of security in the art world. Yet, both industries are susceptible to this new hack.

How the Hack Works

Although it’s not entirely a new concept, this is the freshest approach hackers are targeting real estate agents, and your clients. You need to put this on your radar! This is a pretty simple hack. Basically, criminals are breaking into the email accounts and then they monitor the email correspondence. Breaking in, in other words means “logging in” because millions of email addresses and their associated passwords are in the hands of criminals due to massive data breaches. So when the agent sends an email to client maybe with wiring instructions, the hacker is triggered and will step in. The bad guy will now impersonate the agent and warn that the instructions had a mistake on it or change up the instructions. The criminal does this to justify a wire transfer, maybe offering a slight discount, and then asks the buyer to send the money to a different account. Once the hackers have the money, the hacker just disappears.

The Victims of This Scam

Both buyers and sellers are victims here, and in many cases, both are left in the dark because the hacker hijacks the conversation. In other words, they take control of the emails and play both parts. This gives the hacker plenty of time to cover their tracks and get away, and in the meantime, money and time is lost for all parties involved. A wire fraud happening in the finance industry used to be a “thing,” but there are so many security protocols in place within finance making it difficult to pull off a transfer scam within the financial space.

Tips to Keep Email Fraud at Bay

These tips are for buyers, brokers, and real estate agents.

  • All email account passwords should include uppercase, lowercase, numbers and characters. Never use the same password twice—NEVER.
  • All email should have two-step authentication. This means after logging in, a one-time password is texted to the user’s mobile for account access.
  • Make sure to change all passwords for online accounts, including Wi-Fi, regularly and especially after a data breach.
  • Escrow services are your friend. There’s a ton of them. The gallery or broker will, or should, have a relationship with a trusted source.
  • Pick up the phone, and confirm every aspect of a transaction until you are blue in the face and annoying everyone involved to the point you are satisfied that the money is safe.
  • Update all of your anti-virus software.
  • When you send an invoice via email, call or text a trusted number of the recipient to double check that they got it and that they have the correct account number.
  • Urge all of your staff to remain vigilant when opening emails, and make sure that they do not click on any links or download attachments unless the correspondence has been verified by phone. If you have doubt, contact the sender by phone.

There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate.

Become CSI Protect Certified

If any or all of the above has left you empowered, meaning you feel you have a grip on it all, good for you. If the above was a bit overwhelming, confusing and made you feel like you have a LOT of work to do, then you need to become CSI Protect Certified. That means as a small business owner you become fully versed in Cyber Social and Identity Protection. CSI Protection Certified Agents recognize risk and know how to protect their information, their business data and their clients security.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Louisiana Woman Tries to Buy a Million Dollar Home with False Documents

Have you ever seen a house and thought…I wish I could afford that? Some people actually try it, but let this story be a lesson learned: if you can’t afford the cost of a house, you probably shouldn’t try to buy it.

Robert Siciliano Marriott Breach

Pamela Chandler was arrested and now faces forgery charges after she tried to purchase a home with a million-dollar price tag. How did she do it? She used false documents. Chandler, who also goes as Pamela Goldwyn, was arrested by a special Financial Crimes Task Force in Bossier City, LA. She also has several warrants out for her in Texas with crimes including fraud and the exploitation of certain groups of people including children, the elderly or the disabled. She was booked in jail and was not given a bond, as she is a flight risk.

According to court records, Chandler, who lists her age as 47, has a permanent address in Athens, Texas, but also has addresses in Maryland and Louisiana. A local Bossier City realtor reported her to local law officials after she tried to use illegitimate paperwork to buy the home. She claimed to have a trust fund, but the paperwork just didn’t add up. As the task force began to investigate the situation, it was found that she had also altered a letter from a layer to try to convince the realtor that she had enough in this fake trust fund to buy the home. It was also discovered that she had used a number of aliases over the years. It is believed that she uses an alias in a specific area until law enforcement catches on to her scams, and then changes her name and moves to a new area.

Much of the problem here can be blamed on easily obtained fake IDs. The fact is, our existing identification systems are insufficiently secure, and our identifying documents are easily copied. Anyone with a computer, scanner and printer can recreate an ID. Outdated systems exasperate the problem by making it too easy to obtain a real ID at the DMV, with either legitimate or falsified information.

Some of the department of multivehicle new requirements of improving facial recognition include not smiling for your picture or smile as long as you keep your lips together. Other requirements meant to aid the facial recognition software include keeping your head upright (not tilted), not wearing eyeglasses in the photo, not wearing head coverings, and keeping your hair from obscuring your forehead, eyebrows, eyes, or ears.

The fact is, identity theft is a big problem due to a systematic lack of effective identification and is going to continue to be a problem until further notice. In the meantime it is up to you to protect yourself. The best defense from new account fraud is identity theft protection.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Fake Real Estate Agent Caught Stealing $30K in Jewelry

Recently, a man was accused of pretending to be a real estate agent just to steal some jewelry from an open house. According to Toronto police, he has been arrested.

The victims are a couple (their identity isn’t being listed for their safety). They had an open house in a small city called Oakville. It’s in Ontario, which is about an hour west of Toronto (also in Canada). According to the investigators, a 29-year-old man saw an online ad for the open house. He decided to pretend that he was a real estate agent, went inside the home, and stole over $30,000 worth of jewelry from one of the upstairs bedrooms.

A native of Willow Beach, Ontario, a nearby town, the man was charged with a single count of being in a dwelling unlawfully and a single count of a theft over $5,000. Local law enforcement believes that this theft wasn’t an isolated incident. They’re currently encouraging people with information to provide details on this case or others in which they believe the man might be to blame.

Throughout the years, many criminals have tried posing as real estate agents to get access to people’s homes and buyer’s homes. Just last month in California, a woman was arrested for posing to be a realtor to steal tens of thousands of dollars from homebuyers.

Along with such, another man was arrested in January on the suspicion that he had posed as a real estate professional to steal rare art, expensive jewelry, and fine wine from a variety of celebrities, including Adam Lambert and Usher. His name was Benjamin Eitan Ackerman. It is important that homebuyers ensure that they are talking with their real estate agent each time that they speak with them on the phone or email them. You should see company letterhead on emails and may want to call the agent back on the number you have for them to ensure your safety.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Surveillance Seller: The Latest Concern for Real Estate Buyers and Agents

Imagine that you are looking for a new home with your spouse and children, and while at a showing, the agent gets a strange call. It’s her listing agent who informs her that the sellers are watching all of you on a camera, and they want to make sure your children are careful around the china cabinet…

What? This happens? It most certainly does, and it’s definitely freaky. Plus, it raises some legal and ethical questions, too. This has become more of an issue than ever before with real estate, and agents are really dealing with something they have never had to worry about before.

In general, there are laws out there about recording people without their knowledge, but these laws vary by state, and what is covered in one place might not be covered in another. On top of that, most real estate agents aren’t aware of what is legal and what is not. Some states, for example, only require that one person knows that the surveillance is happening, but in other states, both parties must be aware. Other states require that a notice is posted if recording is happening.

The majority of agents believe that they have an obligation to tell their clients if they know that there is recording equipment in a home, but at the same time, they might not know either. This can also, of course, cause some legal issues during a negotiation, as potential buyers might be discussing strategy during the showing, while a seller could be listening in, giving them the upper hand. Some agents have even told their clients that they shouldn’t talk about what they are thinking about a house until they are outside and away from any potential recording equipment.

On the other hand, some sellers believe that they have an absolute right to record in their own homes, and they very well may have that right. Again, in general, things are quite cloudy here, and they are only set to get cloudier as time goes on.

At this point, it’s not even just traditional surveillance cameras that homeowners are using. They also are using smart-home technology to keep an eye on their homes including video game consoles, smart door bells, and even devices like Amazon’s Alexa-enabled devices. Of course, there are also a number of privacy concern associated with these things, too. As these devices get cheaper than ever before, more and more homeowners are jumping on the surveillance bandwagon. So, if you are a in the market to buy or sell a home, make sure you talk to your realtor about this, especially if you are a seller who has these devices in the home.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.