Hackers have discovered a soft spot for committing financial fraud, and agents and our transactions are the bull’s-eye. As professionals, we need to do everything in our power to stop and prevent a single loss of our client’s purchase or sale proceeds.
As a reminder, the scam involves the following process:
- Hackers gain access to your email and begin to track your transactions.
- When the time is right, they send a message to your client that looks like you sent it.
- Generally, this message contains fraudulent wire transfer instructions that ultimately result in your client losing his or her transferred money.
It only takes the simplest of steps to save our clients’ money. Although adding these security steps requires some extra work and diligence, the effort pales in comparison to the pain of telling a client his or her money has been lost to fraud.
Every real estate practitioner should implement the following steps:
- Added warnings to clients: Warn your clients about this scam, and instruct them to call you immediately after receiving any wire instructions. In addition, make sure you can talk intelligently about these frauds. You will set yourself apart from other agents as better-positioned to protect clients and their money.
- Prepare for the danger zone: As the closing date nears, there is typically an increased flurry of communication between all parties. The hackers will take advantage of the frantic pace to try and catch a client with their guard down. A few weeks out from closing is the perfect time to reach out to your clients and remind them again to stay on the lookout for fraudsters seeking to steal their funds.
- Avoid wire transfers whenever possible: A good percentage of transactions involve local buyers and sellers, and cashier’s checks/certified checks from banks are a far more secure method to deliver and transfer funds, and they avoid any risk that a hacker with access to your email will send your clients fraudulent wire instructions.
- Call and verify: Get old fashioned and call the closer or sender to verify the wire instructions that were received, and train your client to do the same. Don’t trust the number on the potentially fraudulent instructions — call the number on the company’s website.
- Protect your email: These scams all start with a single phishing email sent to an agent with a link or attachment that, when opened, grants the hacker access to your email. The hackers are getting more creative and sophisticated. If you were not expecting an attachment or link, don’t open it or click on it.
- Do the two-step: If you currently host your email on an outside platform like Gmail or Yahoo, turn on two-step authentication immediately. It’s an easy interim way to better protect your email on platforms that are regularly subjected to massive hacks. When two-step authentication is activated, a second security measure (like a code sent to your cell phone) is triggered whenever an unknown computer or IP address attempts to access your email. This simple step alone can save you and your client.
- You are the smartest person in the room: You must believe that you are the most educated and powerful person to protect your clients — but our clients face risk from the other agents in a transaction. So, communicating these warnings must also reinforce that emails from other agents or third parties seeking sensitive financial information or providing wire transfer instructions should not be trusted.
These methods combine technology and good, old-fashioned common sense. Even as the hackers evolve their techniques, refusing to accept wire transfer wire transfer instructions via email without calling to verify them will usually save the day — and your client!