During real estate transactions, hackers attempt to divert closing proceedings from attorneys, banks, title companies, and REALTORS®. These thieves compromise buyers’ and sellers’ email accounts, intervene when a wire transfer is about to happen, and steal thousands of dollars.
However, hacking attacks are foiled when individuals approach transactions with a high degree of skepticism.
Follow the tips below to prevent email wire transfer scams.
Verify Every Wire Request
The more personal the verification, the better. Have the seller sign wiring instructions at the closing ceremony in the presence of an attorney. If the seller cannot attend the ceremony, the wiring instructions should be included in the deed package.
In these situations, the seller should sign the wiring instructions, and the signature should be notarized, if possible. Even then, the seller should verify the closing instructions over a phone call initiated by the law office, using contact information received prior to any discussion of proceeds and wires. Confirming a phone call verification via email is a good practice and a great way to document the file, but an email verification alone is inadequate.
Advise Buyers to Not Accept Wiring Instruction Changes
Hackers target emails with wiring instructions. Then, they use this information to send a modified email with updated directions for wiring money into their personal account. This type of scam is not covered by E&O insurance, so it is extremely important for real estate professionals to protect themselves and their clients in this situation.
Verify the Authenticity of Wiring Instructions Sent from a Free Email Service
If wiring instructions are attached to an email from a free service like Gmail, Yahoo, or aol.com, you should assume they are fraudulent. Sometimes, hackers set up an alias account with a very similar name to send modified instructions. Examining the account name in detail is a good idea. Because the hacker already has access to the original account, he or she may use the same account in all other correspondence.
Don't Use Free Email Accounts
These accounts have major security issues, and they are likely being mined for data by their providers. Plus, they may be in violation of the Rules of Professional Conduct. If you are currently using a free service, find a more secure and professional alternative. In the interim, it is possible to see when and where the free account has been recently accessed.
Here is a link explaining how to do this for Gmail accounts. Other services should have similar abilities. If you see suspicious activity, immediately change account passwords and contact your cyber or crime carrier.
Beware of Unusual Activity
Be wary of wires going to any account that is not in the name of the seller. Also, be suspicious of any account with a geographic location different than the seller. There are possible explanations for different names and odd locations, but these red flags should be explored in detail, not via email.
Don't Send Wires Overseas
Once money leaves the United States, it is likely gone forever.
Regularly Change Your Passwords
Updating your password on a regular basis ensures someone can’t acquire your password and use it to access your private accounts. A great resource for checking the strength of your password is random-ize.com. This website tells you approximately how long it would take a hacker to crack your password.
Follow Through
Some of these policies may seem harsh, and you could receive pushback from your employees. However, hacking crimes can devastate your firm’s finances and reputation. Explaining the policy up front is a good way to limit negative actions.
Also, include language like this at the end of your company emails:
Email Language Example
REMINDER: [Name of company] will never request that you send funds or nonpublic personal information, such as social security numbers, credit card or debit card numbers, or bank account and/or routing numbers by email. If you receive an email message concerning any transaction involving [Name of company] and the email requests that you send funds or provide nonpublic personal information, do not respond to the email and immediately contact [Name of company] by phone. Please reach out to me at the phone number above if you have any questions about the content of this email.
Unfortunately, cybercrime is a reality for far too many real estate professionals, and you should take every necessary precaution to protect your clients, your firm, and your reputation, including obtaining a cyber liability policy. This coverage is essential for any company dealing with the volume of personal information, large sums of money, and potential risk found in real estate transactions.