Member Login | Print Page | Contact Us
News & Information: Orlando REALTOR® magazine - Special Feature

Down To The Wire

Monday, August 24, 2015  
Share |
Orlando REALTOR® | September/October 2015

E-mail monitoring takes wire fraud to a new level of sophistication

In recent months, real estate professionals have reported an upswing in an insidious wire scam:

A hacker will break into a licensee’s e-mail account to obtain information about upcoming real estate transactions. After monitoring the account to determine the likely timing of a close, the hacker will send an e-mail to the buyer, posing either as the title company representative or as the licensee. The fraudulent e-mail will contain new wiring instructions or routing information, and will request that the buyer send transaction-related funds accordingly. Unfortunately, some buyers have fallen for this scheme, and have lost money.

This particular scheme is only one of many forms of online fraud being perpetrated against real estate licensees and their clients. In protecting all parties to a real estate transaction from cybercrime, real estate professionals should consider the following guidance:

Prevention

The best line of defense against fraudsters is to make sure that all parties involved in a real estate transaction implement security measures before a cyberattack occurs. These measures include the following:

-Never send wire transfer information via e-mail. For that matter, never send any sensitive information via e-mail, including banking information, routing numbers, PINS, or any other financial information.

-Inform clients from day one about your email and communication practices, and alert them to the possibility of fraudulent activity. Explain that you will never send, or request that they send, sensitive information via e-mail.

-Prior to wiring any funds, the wirer should contact the intended recipient via a verified telephone number and confirm that the wiring information is accurate. Do not rely on telephone numbers or website addresses provided within an unverified e-mail, as fraudsters often provide their own contact information and set up convincing fake websites in furtherance of their schemes.

-If a situation arises in which you have no choice but to send information about a transaction via email, make sure to use encrypted e-mail.

-Security experts often recommend “going with your gut.” Tell clients that if an e-mail or a telephone call ever seems suspicious or “off,” that they should refrain from taking any action until the communication has been independently verified as legitimate.

-If you receive a suspicious e-mail, do not open it. If you have already opened it, do not click on any links contained in the e-mail. Do not open any attachments. Do not call any numbers listed in the e-mail. Do not reply to the e-mail.

-Clean out your e-mail account on a regular basis. Your e-mails may establish patterns in your business practice over time that hackers can use against you. In addition, a longstanding backlog of e-mails may contain sensitive information from months or years past. You can always save important e-mails in a secure location on your internal system or hard drive.

-Change your usernames and passwords on a regular basis, and make sure your employees and licensees do the same.

-Never use usernames or passwords that are easy to guess. Never, ever use the password “password.”

-Make sure to implement the most up-to-date firewall and anti-virus technologies in your business.

Damage Control

If you believe your e-mail or any other account has been hacked, you should take the following steps:

-Immediately change all usernames and passwords associated with any account that you believe may have been compromised or otherwise made vulnerable by the attack.

-Contact any clients or other parties who may have been exposed during the attack so that they take appropriate action. Remind them not to comply with any requests from an unverified source.

-Report any fraudulent activity to the Federal Bureau of Investigations via their Internet Crime Complaint Center. More information can be found here:

This advice is not all-inclusive, and real estate practitioners should work with IT and cybersecurity professionals to ensure that their e-mail accounts, online systems, and business practices are as secure and up-to-date as possible.


Jessica Edgerton is an associate counsel of the National Association of REALTORS®. Reprinted from Speaking of Real Estate/Managing Your Business, a REALTOR® Magazine blog.


ORRA Partners
ORRA would like to thank our Partners for their continuing support.
View the full list of ORRA Partners.