How to Keep Hackers Out of Your Email

June 7, 2017
Panelists at the IDFPR Cybersecurity Conference discuss the prevalence of email as a vehicle for cybercrime and business professionals can secure their own email accounts.

The FBI reports that email phishing accounts for 95 percent of cybersecurity threats. That’s why client communications are a key component of “cyber hygiene,” legal and law enforcement experts said during the Illinois Department of Financial and Professional Regulation’s Cybersecurity Conference in Chicago, which focused on threats to the real estate industry.

The typical advice to employ complicated passwords and change them often isn’t enough to thwart hackers, said FBI special agent Daniel Wierzbicki, who leads a team of cybercrime watchdogs at the agency’s Chicago field office. The email platform you choose to conduct business communications may make you more vulnerable to cyberattacks. “A lot of real estate professionals use private Gmail accounts or accounts with other email providers to do transactions with customers instead of using company accounts,” Wierzbicki said. “But a lot of company accounts have better systems in place to protect against hacking activity; Gmail does not.”

Email hacking has become so pervasive that cybercrime now ranks as the FBI’s third-highest priority after terrorism and counterintelligence, he said. And the real estate industry is a major target for criminals. Last year, Wierzbicki’s office fielded 551 cybersecurity complaints from customers in real estate transactions and 328 complaints from title companies. Together, that accounted for 64 percent of the cybercrime victims the office responded to in 2016.

“No matter what your email system is, it’s not a great vehicle for sensitive information,” said Jessica Edgerton, associate council for the National Association of REALTORS®. She suggested using a third-party transaction management or document sharing platform rather than email when transferring private client information—but even that isn’t infallible. “Almost every company has experienced some level of data breach,” she said. “Know your third-party providers and how they have reacted to past security breaches.”

A common practice involves cybercriminals hacking into practitioners’ email accounts and sending fraudulent wire-transfer instructions to their clients. That’s why having a strong email password is so important. Wierzbicki suggested longer passwords—at least 26 characters—is more secure than making them overly complicated with capital letters and symbols.

Edgerton added that frequently changing passwords also isn’t the best prevention against cybersecurity threats. If you use a pattern that’s easy to guess to update your passwords more frequently, “it may actually give hackers an in [to breach your email],” she said. Edgerton recommended using a password management system to store passwords; then you can ensure each one meets security standards without worrying about forgetting them.

One low-tech way real estate professionals can combat this problem is to educate their contacts. “People aren’t aware of what’s happening,” Edgerton said. “When it comes to a real estate transaction, you have so many different players, and all it takes is one person in that transaction who isn’t aware of the signs of fraud to make the whole thing implode. … As the initiators of a transaction, you can spread the word about these security problems to everyone in the transaction who needs to know about it.”

—Graham Wood, REALTOR® Magazine