Wire fraud has become a significant concern in the real estate world, causing consumers to lose millions of dollars every year.
Hackers can easily gain access to email accounts through captured passwords. They then search inboxes for messages that deal with real estate transactions, and just like that you’re a victim of wire fraud.
How do they do it? Malware is one of the main ways hackers can infiltrate your personal information. Other ways include social engineering (criminals get information from prospective victims and trick innocent customer service representatives into helping them complete a fraudulent wire) and phishing (victim gets an email from the bank asking for personal or financial information, then clicks on a link that goes to a fake site that collects personal/financial information, or the link installs malware on the computer).
Vishing (voicemal phishing) and SMishing (SMS phishing) are also favorite techniques of hackers. In vishing, the felon calls claiming to be a credit card company, bank, etc. and asks the consumer to confirm personal information on the phone. SMishing, attacks against mobile devices and tablets, is also popular with hackers. They sent an urgent text message with a malicious link or with a call back number. When the victim calls, they’re connected to an Automated Voice Response system that wants personal/financial information.
So, how do you protect yourself from wire fraud? Following are some precautions you should take:
- Build a warning about wire scams into your e-mail signature, or include a disclaimer at the bottom of your emails
- If a wire transfer is taking place with the client or agent, before funds are transferred call them so they know the money is being sent to a legitimate source
- Use strong passwords and change them often (every few months)
- Clients should be made aware of communications practices
- If there is no firewall with the free Wi-Fi, you should never use it
Below are three real life scenarios that illustrate how you can become a victim of wire fraud.
- The closing takes place at 9 a.m. and by 9:45 everything is complete. At 10 a.m. we get an email from what appears to be the seller, using a Yahoo email address (i.e., seller first name, last name, and numerical characters, followed by @yahoo.com). The email requests that we wire the funds, instead of writing a check at closing. We call the seller and verify they did not send the email. Later that afternoon, we get a call from a California area code with someone pretending to be the seller from the 9 a.m. closing. When asked for the property address, he gives the name of the seller and street name, but cannot provide the street number – and suddenly the phone call is disconnected. The next day the perpetrator calls back, says he is sorry that his phone cut us off, and that I need to wire the funds. We ask him to verify the amount of the check, to which he responds that the check got damaged in the washing machine and he did not have that information. We told him we could not release any additional information without verifying that he was the seller. If you just sold a property, how are you not going to know the street number, the amount you got a closing, etc.? At this point it is evident that this is someone pretending to be the seller for the sole purpose of obtaining funds fraudulently. Our underwriter recommended that we contact the FBI. The perpetrator’s phone number and email address did not provide enough information for the FBI to trace, as both could be redirected. They recommended that we try to obtain bank account information, which could be tied to an account holder. In the meantime, the perpetrator has been emailing back every day, and now when he calls the phone number shows up as private. We respond to his email apologizing for not responding sooner, and requesting his bank account information. Within 30 minutes the perpetrator responds with the requested information, and asks that we send him a copy of the wire transfer. We provided the account information to the FBI, who flagged the account for fraud. The FBI felt that the perpetrator had gained access to the account with the intent of transferring the money out of the country.
- The buyer is at the closing and receives an email from what appears to be someone with the lender. The email says that instead of bringing a cashier’s check to the closing, they prefer that the funds be wired. They also attach a copy of the wire instructions. The loan officer is at the closing and he quickly figures out that the email is not from the lender and that it is, in fact, someone impersonating the lender in order to access wired funds.
- In some states where there are split closings, a title company will represent the buyer and another title company will represent the seller. The title company for the buyer receives an email that looks like it is coming from the other title company. The email says they’re sorry that they sent the wrong wire instructions and asks that once it’s closed to used the attached wire instructions to send the seller the funds. The email is fashioned in such a way that it looks identical to emails that they had already received from the other title company.
Have we gotten your attention yet? We sure hope so. For more informative reading, check out this link for Top 10 Tips to Avoid Cybercrime Losses: