Don’t Use E-mail to Manage Transactions

March 24, 2016

As hackers continue to use fraudulent online messages to steal money from unsuspecting home buyers, the best way to protect yourself and your clients is to avoid using e-mail to transmit or store transaction-related details. Instead, security experts recommend using other tools to handle information about home sales—and making sure every client knows that instructions related to their home purchase will never appear in their inbox.

These measures are essential to combating scammers who are trying to swindle unsuspecting home buyers by sweeping up sensitive information about real estate transactions and using it to craft convincing but bogus e-mails. The “phishing” messages, which appear to come from real estate agents, title companies, or lenders, instruct the recipient to send funds to fraudulent accounts. NAR and the Federal Trade Commission issued an alert about the growing problem on March 18, warning that once funds disappear, the buyer may never be able to recover them.

A key way to protect your clients, your brokerage, and your business from the scammers is to make clear to buyers that no one involved in their transaction will use e-mail to send them any sensitive information or instructions—and that they should check with you or another authorized person using a known phone number if they receive such a message. Tell them to be similarly suspicious of instructions in text messages.

Some agents are even requiring buyers to acknowledge in writing that they have been made aware of the danger of electronic communications and told not to respond to instructions to send funds that may arrive via e-mail. For example, agents affiliated with Keller Williams Heritage Realty in San Antonio, Texas, now require all clients to sign a form that warns them about the potential for e-mail fraud and directs them not to follow instructions to transmit funds that may arrive by e-mail, says Hank Braunstein, director of risk management at the 750-agent brokerage. The document, which the brokerage’s agents must submit with all residential sales contracts, advises clients to immediately contact their agent or title company using a known phone number should they receive such an e-mail.

Instead of e-mail, consider using a secure transaction-management system to handle information related to the home sales you’re involved with. These systems, such as zipTMS, a state-of-the-art tool from zipLogix that will be available as an NAR member benefit to all REALTORS® in 2016, allow you to manage transaction activities, store documents, and track completed tasks without the risk of exposing information to e-mail intruders. When possible, meet with clients in person to go over important details.

Another critical step is to store important information that a snooper may be able to mine to deceive you or your clients in a secure location instead of in your e-mail account. Also, be sure to regularly delete e-mails you don’t need. Remember, a hacker may be able to use seemingly innocuous information to appear trustworthy.

In addition, don’t click on links in e-mails, even if you believe you know the sender. Scammers can use “spoofing” techniques to make a phony e-mail appear to be from someone who didn’t actually send it, and links to file-sharing sites, social media polls or other online destinations may actually have sinister purposes. You’re better off going to a website by entering the address into your browser and navigating to the information you need.

“This is something we have to live with in the Internet age,” says Braunstein, adding that his office has been made aware of several attempts by thieves to use e-mail to defraud clients in just the past few weeks. “People have to be aware and cautious.”

—REALTOR® Magazine