We hear about cyber-crime almost every day it seems, over the past couple of years. We hear mostly about cyber-criminals hacking into your friend’s Gmail or Yahoo (insert any public service provider name here). Seems innocent enough right? Your friends may send out an email to let you know their account was “hacked” or maybe you are one of those friends that will let them know that they may want to check their account because you received a bunch of annoying emails from them. But how innocent is it really? Did you know the cyber-criminal may have been targeting them specifically? The real estate industry has become a big red target for these cyber-criminals. Why the real estate industry you may ask?
Here is why:
Realtors list a property on the MLS, that property is then “pushed” out to the World Wide Web via Zillow, Realtor.com, and the Realtor posts it on Facebook and thousands of other sites linked to the MLS. The criminal can now see who the listing agent is for the sale and (9 out of 10 times) the email address for the listing agent. The criminals then go to work targeting that agent. Why? If they can get access to the Listing agent they can possibly gain access to the selling agent, Buyer, Seller and Escrow Officer. The cyber-criminals start by “phishing”. Once they get a “bite” from the Listing agent they can now become a part of the transaction.
You may be asking yourself, “Why would a cyber-criminal care about a home being bought or sold.” Real estate transactions not only have potential for the cyber-criminal to gain access to multiple parties bank accounts through further “phishing,” but they also have the potential to divert wire transfers. The cyber-criminal, once they gain access to your email account, can obtain the email addresses and contact information of all of the parties that are in your inbox. Cyber-criminals are able to approximate the time from when the listing goes to “pending” to estimate when it may close. This tells them when wire transfers are likely to occur.
Once the cyber-criminal has access to the email account they can then set up virtually indistinguishable “spoofing” email accounts. This is where they send emails that appear to be from the agent or appear to be from the escrow officer, but are in reality emails from the cyber-criminal. They then have the ability to lure the Buyer (earnest money) and Seller (closing funds) to send a wire to the cyber-criminal’s account instead of the Title and Escrow Company’s account. The end result could mean thousands to hundreds of thousands of dollars being diverted to overseas accounts where the funds disappear. It is almost impossible to retrieve the funds or stop after the first 24 hours. (How many deals do you write that are scheduled to close on a Friday?)
So how do you protect yourself and why could investors be a target?
Protect yourself through education then pass the knowledge on to your Seller about the increase in wire fraud. Let your Seller know to never send wiring instructions via email. When you wire earnest money for your purchase ALWAYS call your escrow officer to verify the wiring instructions before sending the wire. Even if you wire to the same title company on a weekly basis, it is always best to be overly cautious and call to verify information. Always make sure you use an Escrow Officer that is diligent about verifying wiring instructions over the phone with the Seller, prior to sending off their proceeds. Believe me, none of these practices make any of our lives easier, but in the long run, the extra few minutes can save hours and days of trying to retrieve diverted funds.
If you receive an email from your escrow officer containing wiring instructions be sure to carefully look at the email address. The name may be correct, but is the extension correct? If you receive an email from me, the extension will seem plausible. Not many escrow officers work at 2:00 am or send out wiring instructions at 2:00 am. If I’m in my office at 2:00 am sending you wiring instructions, I’m going to follow up with a phone call the next morning to let you know why. (I had insomnia and came into the office so the email is legitimate, or, I was so stressed about not sending out your wiring instructions that I came in at 2:00 am just to send them out). Always call to verify the wiring instructions before sending the wire. Use a trusted known number to call and verify. My direct line has always been and always will be 480-675-4984. If I ever ask you to call me at a different number via an email, it’s NOT ME!
Do you ever use public Wi-Fi? We’ve all be told not to check our bank accounts while on public Wi-Fi. But has anyone ever advised you not to check your email on public Wi-Fi? (That’s just crazy! Right? Or is it?) That new purchase contract that you just received or that new assignment agreement that you just received could be a target for cyber-criminals. There are apps available on the market (I don’t suggest anyone use them) that make it possible to view anyone’s screen that is connected to the same public Wi-Fi. This allows the cyber-criminal to see the email address of the Seller or Assignor that you received the document from. Sellers have the potential to receive wires. Assignors have a smaller potential of receiving a wire for their assignment fee, but the potential is still there. Not only do they have now have the email address, but now they can also see the exact close of escrow date for the transaction. Protect yourself and your deal by using a VPN (Virtual Private Network) when in public places. Turn off automatic Wi-Fi connectivity on your phone. Monitor your Bluetooth connection in public places. Clean out your inbox or move emails to a folder on your desktop.
Do you post your deals on public sites? (Craig’s list, Facebook, etc.) Do you blast out your properties via email to all of your potential investor buyers? If so you could become a target. Consider setting up a two-factor authentication for e-mail accounts (most public service providers have this option available). Use complex passwords and consider using a password manager so all of your passwords are different. Be wary of free Wi-Fi. Be careful what is posted to social media and websites as someone may be watching.
Most of all choose a Title and Escrow company that protects you with more than just Title Insurance. Choose one that has policies and practices in place to ensure your funds are safe. At Chicago Title, we undergo ongoing training and incorporate policies & procedures along with having other resources available to help us provide a safe transaction for our clients.
If your group of investors or Realtors would like a class or more information on how to protect themselves and their clients in the cyber-criminal age, I would be happy to teach them. Not only have I been through training for cyber-crimes, but I have been trained in teaching and presenting cyber-crime classes.
Jill Bright – AVP/Sr. Sales Executive, Chicago Title