WASHINGTON – Aug. 26, 2015 – In an insidious wire scam, hackers break into a real estate licensee's email account and obtain information about upcoming real estate transactions. After monitoring the account for a while to determine the likely timing of a close, the hacker sends an email to the buyer, posing either as the title company representative or the licensee. The fraudulent email contains new wiring instructions or routing information, and will request that the buyer send transaction-related funds accordingly.
Some buyers have fallen for this scheme, and have lost money.
A possible red flag is any reference to a "SWIFT wire" transaction, a term that indicates an overseas destination for the funds.
Unlike many email-based "phishing" schemes, this particular scams appears more sophisticated and less recognizable. The communications do not contain grammatical or stylistic oddities often present in scam emails. In addition, because the perpetrator has been monitoring the licensee's email account, the fraudulent communication may include detailed and accurate information pertaining to the real estate transaction, including existing wire and banking information, file numbers and key dates, names and addresses.
Finally, the emails may come from what appears to be a legitimate email address, either because the thief has successfully created a sham account containing a legitimate business's name, or because he or she is sending the email from a truly legitimate – albeit hacked – account. Many times, it could appear that the Realtor has given clients the false instructions.
National Association of Realtors® scam prevention advice for members
The best line of defense against fraudsters is to make sure that all parties involved in a real estate transaction implement security measures before a cyberattack occurs. These measures include:
- Never send wire transfer information via email. For that matter, never send any sensitive information via email, including banking information, routing numbers, PINS or any other financial information.
- Inform clients from day one about your email and communication practices, and alert them to the possibility of fraudulent activity. Explain that you will never send, or request that they send, sensitive information via email.
- Prior to wiring any funds, the wirer should contact the intended recipient via a verified telephone number and confirm that the wiring information is accurate. Do not rely on telephone numbers or website addresses provided within an unverified email. Fraudsters often provide their own contact information and set up convincing fake websites.
- If a situation arises when you must send information about a transaction via email, use encrypted email.
- Security experts often recommend "going with your gut." Tell clients that if an email or telephone call seems suspicious or "off," they should refrain from taking any action until the communication has been independently verified as legitimate.
- If you receive a suspicious email, do not open it. If you have already opened it, do not click on any links in the email. Do not open any attachments. Do not call any numbers listed in the email. Do not reply to the email.
- Clean out your email account on a regular basis. Your emails may establish patterns in your business practice over time that hackers can use against you. In addition, a longstanding backlog of emails may contain sensitive information from months or years past. You can always save important emails in a secure location on your internal system or hard drive.
- Change usernames and passwords on a regular basis, and make sure employees and licensees do the same.
- Never use usernames or passwords that are easy to guess. Never, ever use the password "password."
- Make sure to implement the most up-to-date firewall and anti-virus technologies in your business.
2. Damage control
If you believe email or any other account has been hacked, you should take the following steps:
- Immediately change all usernames and passwords associated with any account that you believe may have been compromised or otherwise made vulnerable by the attack.
- Contact any clients or other parties who may have been exposed during the attack so that they take appropriate action. Remind them not to comply with any requests from an unverified source.
- Report any fraudulent activity to the Federal Bureau of Investigations via their Internet Crime Complaint Center.
- Brokers should report any fraudulent activity to their state or local Realtor association so that the associations can send out alerts or take other appropriate action, including contacting NAR.
© 2015 Florida Realtors®
Reprinted with permission Florida Realtors. All rights reserved.