Today at our team meeting a colleague of mine shared with us a devastating turn of events that happened to her as she was getting ready to close on her new home. She and her husband were just a few days away from closing and it was time to wire their down payment funds to the title company. They wired a total of $41,000 but the title company never received it! Scammers had hacked her email and sent fake instructions to the bank, rerouting the money to their own account. The FBI is involved, but there is little to be done. Once money is wired, it’s gone and it’s hard to trace. Not only is my friend out $41,000 but they were unable to complete the purchase of the home and now need to find a new place to live. I was devastated by this news. In the real estate industry, money is wired all the time and we need to protect ourselves from wire fraud. The National association of realtors (NAR) has written an article on wire fraud and unfortunately, it’s a growing trend. I am educating my clients on how to avoid this but, the threat is real.
Katie Johnson, National Association of Realtors General Counsel says, “Hackers are gaining access to e-mail accounts through captured passwords, and they’ll search inboxes for messages related to real estate transactions. Once they find a victim who’s in the process of buying a home, they’ll send a spoof e-mail that looks like it’s from their agent, title representative, or attorney, and it will say there are “new” wiring instructions, which includes a fraudulent account. The home buyer will then unwittingly wire funds directly into the hacker’s account.”
Here are some tips on avoiding the wire fraud scam:
- Don’t use freemium email accounts – the so-called freemium accounts (Gmail, Yahoo, etc.) often do not require additional forms of authentication, making it easier for hackers to get access to emails. Using your own domain enables you to have much better control over security features of your account, decreasing the chances of an easy hack for cybercriminals.
- Enable dual authentication – the only thing protecting your data from hackers with a regular email setup is your password. Today, passwords are very easy to crack. Two-way authentication provides an additional layer of security, safeguarding content by requiring recipients to enter information only known to them to unlock each message. The required pin can be anything from a secret password to the last digits of the recipient’s phone number, or their zip code. The best way to protect sensitive content is to use a different pass code every time.
- Change password frequently – although this is a basic requirement, a lot of users simply ignore it. It’s an important step, especially if you use the same password on multiple sites. Not all organizations always fully report that they have been breached, so there is no true way of knowing if your password is still secure. Frequently changing your password is a simple and free way to bolster the security of your email system.
- Ignore/Delete Spam – while it’s wise to scan your spam folder from time to time for possible false positives, there is no need to open messages from unknown senders. By opening and downloading content of unknown messages, you can get infected with malware. The effectiveness of modern spam filters is very high. For example, Google claims that it catches 99.9% of all spam messages, with the false positive rate of only 0.05% (Wired, July 2015).
- Keep all Apps up to Date – popular software apps are frequently updated to protect users from the latest discovered vulnerabilities. It’s another simple, but important step to protect your content from potential breaches.
- Use a Firewall – firewalls are designed to block suspicious activity caused by viruses or worms. For example, your firewall can alert you if your computer gets infected, and the malicious app tries to send your information to the hacker over the Internet (such as your passwords, financial data, etc.) Firewalls are the second line of defense after your anti-virus filter.
You can view a video NAR has released giving you additional info on wire fraud here. It’s called wire fraud alert. You can also read what they have written about it here.
