According to the National Association of REALTORS®, by 2019, cybercrime will cost businesses over $2 trillion a year. Criminals today target real estate transactions by hacking into the email accounts of agents and others involved in a real estate transaction to trick people into fraudulent wire transfers. The hacker pretends to be one of the parties involved in the transaction and sends an email that usually contains instructions to wire funds directly into the hacker’s account. Once that money is gone, it’s rarely seen again. Employ the following best practices to protect you, your business, and your clients from online criminals.
Prevent a cyber-attack: Whenever possible, avoid sending sensitive information via email. Never trust information sent from an unverified email address. Don’t conduct business using a free email service or a public, unsecured internet connection. Learn to recognize phishing email messages, links, or phone calls. The best way to keep your account safe is to never open emails from any address you don’t recognize or emails that appear to be spam. Clean out your email accounts regularly; your email backlog may contain sensitive information from prior months or years that hackers could use to scam you or your clients.
Communicate and educate: All parties involved in a real estate transaction should be aware of red flags that could indicate fraud. Red flags can include emails filled with typos, phone calls from unlisted numbers, demands for verification codes, or wire transfer requests to Western Union or MoneyGram. Before wiring funds to anyone, call the recipient of the funds using a secure line to verify wiring instructions and accurate account information.
Secure your email account: Make your email harder to hack into with a password that is at least 14 characters long. Change your password at least once a month. Don’t use the same password for multiple accounts. If your email provider supports it, opt into two-factor authentication (sometimes called two-step verification), an extra layer of security that requires a code in addition to your password to sign in.
Trust your instincts: If an email or phone call seems suspicious, refrain from taking any action until an independent party has verified the communication as legitimate. If something seems “off” in an email, do not open it. If you’ve already opened it, don’t click on any links or attachments, don’t call any numbers listed, and don’t reply to the email. If you cannot verify the legitimacy of the email, delete it. Be alert and remain suspicious; in 2009 FBI Director Robert Mueller was almost taken in by a phishing scam, so it really can happen to anyone.
Control the damage: If you suspect you or a client is a victim of fraud, notify all parties involved immediately. If a wire transfer has been made, call the bank as soon as possible to try and stop it. Change all of your passwords. Report the incident to your REALTOR® Associations, your attorney, the police, and the FBI Internet Crime Complaint Center.