- Agents are ill-equipped to handle sensitive transactions via email without proper protections in place.
- Clients are looking to the agent for guidance from the beginning to the end of the buying or selling process, and if the agents email is hacked, it makes perfect sense the client's money will disappear.
- Until all brokers, owners and agents and really, NAR, step up and revamp the system, criminals will capitalize on the insecurity of the real restate industry’s poor information security technology.
After finding their dream home, a young couple along with their agent, the seller and probably an attorney or two, begin the process of signing and transferring legal documents. Some of this is done in person and some over the web, which is what leads to closing scams.
It works like this: the hacker breaks into the email account of the real estate agent, maybe a lawyer or even the client, and takes the time to figure out who’s about to send over some closing fees or transfer some money electronically. By reading the agent’s email transactions, the thief learns enough details to pose as the agent convincingly.
The hacker (posing as the agent) instructs the buyer to wire the money to a bank account (the hacker’s) but makes the client think it’s the account number that the agent wants to use. The client has no idea he or she just wired money to a thief overseas, and they’ll likely never get a penny of that money back; it’s untrackable.
For example, a Washington Post article points out hackers provided a buyer in Greenfield, Massachusettes, phony bank wiring instructions, after gaining access to the agent’s email and made off with $100,000.
This scam is on the rise, according to Jessica Edgerton with the National Association of Realtors, who cited that this crime has been successful dozens of times — though many times, the theft attempt is discovered before the money disappears into that deep abyss.
So maybe the next time your client, along with the bank, need to transfer funds, you might want to suggest, no matter what, they hand those fees over in person in the form of a check directly to a rep at the bank, the agent or the closing attorney.
Like it’s always been done — until of course the internet came about and all this convenience allowed wire transfers and online banking. But it’s that convenience and faceless transaction that makes serious financial scams possible.
It was just a matter of time until scammers recognized the opportunity to target real estate agents and their clients. Currently, most industries that have experienced large data breaches have put systems in place and have become hardened.
That means the real estate industry and others become the path of least resistance. Unlike the entire financial industry, which has encrypted communications, the real estate industry is a hodgepodge of free email accounts and unprotected communications.
How is it that all of these agent email accounts are getting hacked? What are the passwords, Realtor123 or something?
Until (and even after) the entire real estate industry adopts encrypted, two-factor email communications, it’s essential that agents follow these simple security rules:
- Use hard-to-crack and different passwords for all accounts.
- Consider using a password manager. There are many options. I like RoboForm.
- Beware of phishing emails. Be careful clicking links in emails, and scan any attachments.
- Update your device’s operating system, browsers and antivirus.
- Use two-factor authentication whenever available. Frankly, if the email provider doesn’t offer it, then you should change email services.
Nothing is foolproof, but these tips will help you keep your clients — and their money — safe.
Robert Siciliano is CEO of IDTheftSecurity.com and a personal security and identity theft expert.