COVID-19 brought about a set of new obstacles to industry professionals, including an increased risk of cybercrime. So what can real estate agents do to avoid falling victim to internet scammers?

Internet hackers and scammers have found a great business opportunity in 2020. Fears over the COVID-19 pandemic have caused some to drop their guard and open emails that offer aid and information. And that, the Federal Bureau of Investigation fears, is going to increase what the FBI calls business email compromise (BEC).

There are many types of BEC schemes, all out to gain access to a company’s accounts by capturing their login information through disguised emails or through wire fraud. In 2019 alone, this activity caused a loss of approximately $1.8 billion.

Real estate agents are favorite targets because their computers can be a gateway to their clients, with the real prize being access to closing transactions. Wire fraud schemes are often initiated from the compromised inbox of an agent who innocently clicked on a scammer email disguised as useful tips or a valuable promotion. 

With heightened fears over coronavirus, guards may be lowered even further when the news concerns the pandemic.

The scammers are patient. Once access to a client’s communication is achieved, they will lurk in the cyber-shadows for days, weeks, months or longer, reading the email exchanges until the title company or lender signals that a closing will take place. They then engineer bogus wire instructions for the client using stolen information. 

How to protect yourself

Despite the complexity of the threat, there are some fairly simple practices agents can adopt to protect themselves and their clients, and in doing so, add another layer of expertise to the quality of the service they offer. In fact, how an agent will safeguard a client’s personal and financial information should be presented along with proposed marketing plans during initial meetings.

Knowing the risks will help agents understand that cautious scrolling through their inboxes is imperative. Here are a few things to watch for that indicate possible cybercrime:

1. Wiring instructions

Note any changes to wiring instructions or recipient account information, and have the client verify any received wire instructions — by phone, using a number verified on their title company’s website — with that company.

2. Verify URLs

Be sure that any URL included in an email is associated with the represented business by hovering the cursor over the URL address. This will show the destination.

3. Writing errors

One of the easiest giveaways is misspelled words in either the email copy or provided hyperlinks. Take the time to read carefully.

4. Check the address

What may appear to be a familiar email address could actually be off by just a character or two, signaling that it has been socially engineered for a redirect to the scammer.

The FBI’s email crime hit list

Earlier this year, the FBI released a list of the most egregious and commonly used forms of this activity. Here is a summary of the top seven: 

1. Business email compromise (BEC)

This is a highly sophisticated scam that targets businesses that work with foreign companies and regularly perform wire transfer payments. The goal is access through email or computer intrusion techniques to conduct unauthorized transfers of funds.

2. Email account compromise (EAC)

Similar to the above, this activity uses compromised emails to request payments to fraudulent locations.

3. Data breach

These leaks of data from a secure location at the personal and corporate levels will spill sensitive, confidential information into an untrusted environment where an unauthorized individual can initiate a criminal transfer.

4. Denial of service

A hacker can cause an authorized user to be denied access to his or her own system or network.

5. Malware/scareware

Malicious software invades a computer to damage or disable it, and then through it, potentially impact an entire office or network. There’s also the lesser-known “scareware,” which uses scare tactics to solicit funds from victims.

6. Phishing/spoofing

To forge or fake electronic documents, “spoofing” uses emails forged to appear as if sent by a familiar or trustworthy source. “Phishing” (vishing, smishing or pharming), often used in conjunction with a spoofed email, falsely claims to be from an established, legitimate business.

These emails ask the recipient to divulge passwords, credit card numbers and bank account information at a phony website created to obtain the user’s information.

7. Ransomware

This is malware that preys on human or technical weaknesses within a business or personal network to deny access to data and/or systems. It’s often delivered through “spear-phishing” emails that initiate rapid encryption of sensitive files within a corporate network.

The organization is no longer able to access their data, and the perpetrator now demands payment, typically in virtual currency such as bitcoin to reestablish the victim’s data access.

Staying safe online

Safeguarding oneself and one’s company from these pervasive criminal activities is harder, but especially important while the COVID-19 pandemic is taking such an emotional and economic toll around the world.

There are also apps and online services that leverage two-factor authentication, biometric or PIN-based logins and password managers, including Dashlane, Lastpass and 1Password, that can create ridiculously hard-to-crack passwords that users won’t need to memorize for every login.

Justin Stutz is the vice president with WEST, A Williston Financial Group Company. Connect with him on Facebook or LinkedIn

After 25 years, Inman Connect is coming to you. We’re transcending our legendary events in a live digital event, Inman Connect Now. Get ready for the top industry leaders plotting the path forward, new business ideas and opportunities, networking like you’ve never imagined it, and tons of exciting new magic, all straight to you. It’s all part of an epic new Inman experience, Connect Now, June 2-4, 2020. Click here to save your seat.

agent safety
Show Comments Hide Comments
Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Thank you for subscribing to Morning Headlines.
Back to top
Only 3 days left to register for Inman Connect Las Vegas before prices go up! Don't miss the premier event for real estate pros.Register Now ×
Limited Time Offer: Get 1 year of Inman Select for $199SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription