Lee Nelson is a freelance journalist from the Chicago area. She has written for Yahoo! Homes, TravelNursing.org, MyMortgageInsider.com, and ChicagoStyle Weddings Magazine. She also writes a bi-monthly blog on Unigo.com. Contact Lee at email@example.com.
4 Cyber Scams Targeting Brokerages
These disturbingly common cybercrimes are putting real estate companies at risk. Find out what to do if your data ends up in the crosshairs of a hacker.
August 7, 2015
You never know who is peeking into your files these days. Cybercrime has become a huge threat, with a growing number of scams affecting real estate agencies virtually every day.
“There’s a new level of sophistication going on out there in cyber threats,” says Jessica Edgerton, associate counsel at the National Association of REALTORS®. “There is a lot of money changing hands in real estate, and that’s why it’s worth it to these folks to come after real estate professionals.”
A 2014 Forrester Research study shows that people who purchased a home within the past 12 months are 2.8 times more likely to be a victim of identity theft. In fact, in December 2012, two people were imprisoned for running a massive identity theft ring in San Diego, and police believe most of the information they used came from real estate files.
This article is part of a three-part series informing brokers on data security issues. Also read:
As time goes on, scams continue to become more sophisticated. But which ones are the biggest threats real estate agencies, and what should you do if you are hacked?
1. Wire Fraudsters: The Georgia Association of REALTORS® warned its members early last year not to e-mail money wiring instruction to clients. Hackers had been mimicking their e-mails and sending similar ones to clients with the intention of diverting funds to fraudulent accounts.
Ned Blumenthal with Weissman, Nowack, Curry & Wilco, a law firm in Atlanta, has dealt with at least three dozen wiring scams committed against real estate agents and their clients in the past year. One particular case involved a couple that fell victim to the wire fraud when selling their home.
The closing attorney received an e-mail from the husband, which stated that he wanted to change where the proceeds from their sale should be wired. The wife, who was present at the closing, did not question the change. The closing went through on a Friday afternoon, and the couple expected the money to be in their account by Monday. When they didn’t have the funds by Tuesday, the couple made some phone calls. Soon everyone involved put the pieces together: A scammer had posed as the husband via e-mail and $108,000 was wired to a fraudulent account, Blumenthal says.
“Once this happens, the money is unfortunately gone,” he says. “These are all warnings to the real estate industry.”
Have you been hacked or victimized by cyber criminals? Report the incident or get more information:
Scammers will pretend to be a buyer, seller, real estate agent, or someone else involved in the closing. They’ll say there is a last-minute change, and include new wiring instructions. And once the money is transferred to the scammer’s account, it disappears — forever.
Edgerton says that agents should call their clients and double-check everything immediately before the wire is sent. “This is happening to savvy people. It could happen to anyone,” she says. “You really need to communicate with everybody involved in a transaction.”
Blumenthal’s law firm now gives buyers a login and password in order to access wiring instructions through a private portal system. There is no intermediary person.
“Real estate agents need to tell their clients that if they get wiring instructions from another source, that they don’t do anything with it until they contact that person by phone and confirm that [it’s accurate],” Blumenthal says. “And don’t call the number on the wiring instructions. Look up the title company or law firm and verify directly with them.”
2. CryptoWall: This scam has been around since April 2014. The problem starts when you click on an advertisement, open an e-mail or attachment, or visit an website. Once the victim’s device is infested with the “ransomware,” the victim’s files become encrypted so that they can’t access them. If the victim pays the ransom fee, sometimes he or she will get their system and information back. Sometimes, they don’t.
The financial impact to victims, according to the FBI’s Internet Crime Complaint Center, is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, countermeasures, loss of productivity, legal fees, IT services, and the purchase of credit monitoring services for employees or customers.
Between April 2014 and June 2015, the FBI received 992 CryptoWall-related complaints, with victims reporting losses totaling more than $18 million.
3. Tech Support Scams: It’s not all high-tech; some scam artists are using the phone to get information to break into your computer, according to the Federal Trade Commission. They claim to be IT professionals at well-known companies such as Microsoft. They talk about finding malware and viruses on your computer to convince you to give them remote access or pay for new software you really don’t need.
Once you are on the phone with them, they try to win your trust and ask you to go to your computer. No matter how official they sound, do not give them remote access or enroll in anything they are offering. Just hang up and call the company they claimed to be representing yourself on a phone number you know is correct.
4. Phishing: Fraudsters impersonate businesses to trick you into giving out personal information, a technique known as phishing. This scam can involve spam e-mail, a pop-up window, or an instant message that infects the victim’s computer with spyware. When you click on a link or picture in the spam message or open an attachment, the spammer gains control of your computer and all the information inside it, says Edgerton.
“It could look like a bank, real estate agency, or any number of companies. They may link to a website that looks legitimate and then you can fill in your information,” she says. “But all of it is fake.”
How One Broker Handled a Hack
Brian Sears, broker-owner of Sears Real Estate in Springfield, Mass., now understands how powerful scammers can be, and how it can affect a business. One of the computers in the property management division of his company became infected with a virus, but they weren’t quite sure how. Hackers ended up getting the company’s login and password to Experian, one of the three largest credit-reporting bureaus. They went on to run about 80 credit reports (of random people, not Sears’ clients) before Experian shut it down.
The incident was reported to the Secret Service, and Sears had to have his servers certified as clean and prove that he had significant antivirus software protecting the computers.
“Something like this truly opens your eyes. [After the hack] we made sure we had good and powerful user names and passwords, and we change those passwords at certain intervals,” Sears says. “We also started looking at what our real estate agents were collecting when it came to personal identification information.”
The leadership of the brokerage took stock of everything that they do as a business. They upgraded their server and Norton AntiVirus so it’s deployed by the server and not the individual users.
"The important thing is to look at new ways to protect clients’ information and protect ourselves,” he says.