A homebuyer in southeastern Pennsylvania recently received an email from his agent, with an attached letter from the title company, providing information about wiring his $92,000 required payment for settlement. This young buyer went to his credit union and asked their staff to process the wire payment. He took a photo of the receipt with his phone and sent the photograph to the address provided in the email letter.
Unfortunately, both the email and the letter were fakes.
“Criminals are very savvy in their attempts to take money from unsuspecting victims,” said PAR past President Dominic Cardone. “In this case, my agent was very technologically savvy and still, this happened to her client. Luckily for this client, his bank called him the morning and told him they didn’t transfer the money because they believed the request was suspicious. But not everyone is this lucky.”
In fact, wire fraud in real estate is one of the fastest-growing cyber crimes in the U.S. Scams targeting the real estate industry are on the rise, with an 1,100% increase in the number of victims reporting crimes from 2015 to 2017, according to the FBI.
“As much as I’d love for these to magically go away, they’re not going to. The real estate industry is particularly attractive to cyber criminals because of the large amounts of money involved in most transactions, and because most of the communications are via email and text, both of which are fairly easy to spoof,” said Robin Cartwright, intelligence analyst with the Bureau of Criminal Investigation with the Pennsylvania State Police. “Cyber criminals also know how to word their emails to manipulate their victims to act immediately without paying attention to what they are doing, and considering that many phases of a typical real estate transaction involve deadlines that can be fairly tight, that need for immediate action can sound legitimate.”
“During Realtor® Safety Month this month, we’re working to educate both Realtors® and consumers about this growing crime,” said PAR President Bill McFalls Jr. “Realtors® can’t stress this risk to their clients enough. We have to be vigilant in reminding our clients to contact someone trusted in the transaction before wiring the money.”
The sophisticated and elaborate fraud is often difficult to detect. And it doesn’t just affect buyers.
Cardone, a broker with more than 200 agents and a real estate educator, said he learned of a title company that received an email from a client, asking that the money from the home sale be wired to their account. The email was a fake.
His company developed a notice they have clients sign to help protect against wire fraud. Unfortunately, many people don’t think this will happen to them.
“When your client is signing the documents and notices, it’s not immediate at that point. Then they’re looking at the house, making an offer and they forget about the possibility of wire fraud,” Cardone adds. “It’s important to continue to remind them how the transaction process will progress and caution them to confirm any request verbally for funds with someone they know to verify where the money is being sent.”
“Everyone gets hurt by these criminals,” he added. “It’s us against them, agents, brokers, title agents, banks and attorneys united to stop these crooks from taking someone’s money.”
Pennsylvania Land Title Association President Chuck Nowicki, CLTP, NTP, urges Realtors® to take a few steps to protect clients and themselves. “Invest in an encrypted email service. Using free email services leaves you vulnerable,” he said. “Remind clients to communicate directly with the title company and make sure the client has the correct contact information. Never use the phone number or email provided in the email, especially if it contains wire transfer information.”
McFalls added, “This crime affects everyone when it happens. A buyer may lose the opportunity to purchase a home, the seller may lose the chance to sell their home and real estate businesses are affected.”
Cartwright offers the following cyber security tips for Realtors®:
- Use strong passwords for all systems. There are a number of good password managers out there that can generate and then store these passwords so all you have to do is remember one master password. (Password managers also keep people from writing passwords on stickies or in notebooks and leaving them in public places.) Using the same password for every account, especially if the account requires the use of an email address as the login, makes it much easier for a hacker to steal that information and use it in a business email compromise.
- Companies should also use multi-factor authentication, which involve two or more pieces of information, such as a password and a one-time code sent to an email address or a phone.
- Be mindful about the information shared online. Real estate is a business that relies heavily on personal marketing, but the more personal information shared online, the easier it is for a scammer to impersonate someone in a BEC email.
- Never use public Wi-Fi to conduct business. If you do, you should use a virtual private network, which is a more secure protocol. Ideally, you should use a private, secure Wi-Fi connection like a mobile hotspot, office or home-based network.
- Make absolutely sure that all computers – work and home – have current updates and patches, use current antivirus software and shut down any features that are not being used. Agencies that are staffed with independent contractors may be able to take advantage of volume discounts on software licenses to reduce the cost.
The National Association of Realtors® provides resources on this topic at NAR.Realtor.