Stay Ahead of Hackers

Scammers are targeting your e-mail. Here are steps to protect yourself.

July 15, 2015

During the economic downturn, real estate pros were on high alert for scams by perpetrators who preyed on cash-strapped home owners desperate to stave off foreclosure. Today, a new wave of scammers is breaking into people's e-mail accounts to cull information about pending deals.

The hackers—posing as sellers, title company representatives, or even other real estate agents—instruct buyers, agents, or attorneys to transfer funds related to the purchase to accounts belonging to the scammers, potentially swindling victims out of sizable sums. In addition, agents lately have been the target of ruses involving overseas cash "buyers" who ask for bank account information so they can supposedly wire deposits.

Whatever the technique, hackers are finding ways to trick buyers, sellers, and practitioners by e-mail or phone to hand over large amounts of money. In many cases, the heists could have been prevented if the victim had verified that the instructions were legitimate before proceeding. "For anyone involved in real estate transactions, the key is vigilance and making sure that what is happening should be happening," says Peter Bolac, trust account compliance counsel for the North Carolina State Bar, which has received multiple reports of fraud involving wired funds in real estate transactions, including one involving a loss of $200,000. "Everyone involved in handling [transactions] has a duty to be sure their accounts are secure" and the procedures they follow include safeguards to protect clients.

Hacking incidents, sometimes referred to as "spear phishing," have disrupted transactions in a number of states, including California, New Jersey, and North Carolina.

Any e-mail seeking a funds transfer from you or your client should be examined carefully. In one North Carolina case, the hacker used an e-mail address that varied from the actual seller’s address by a single letter—but the discrepancy went unnoticed until after the unsuspecting buyer had sent over money.

The best way to foil e-mail hackers is to keep them from getting into your account in the first place. "The nature of threats on the Internet is that you don’t always know whether your systems are getting attacked," says Les Sease, information technology director for Carolina One Real Estate in Charleston, S.C., underscoring the importance of paying close attention to how you manage your e-mail accounts.

One of the strategies Sease recommends for keeping intruders out of your e-mail involves two-step verification, which requires you to log in using a unique code provided by text message or through a mobile app in addition to your password. The advantage of this method is that even if a hacker is able to figure out your password, he or she won’t be able to enter your account without also knowing the code. E-mail providers such as Google and Yahoo offer this option.

Password strength is another factor to consider. Create passwords that are difficult to crack and change them often, says Robert Siciliano, a Boston-based personal security and identity theft expert. In addition, resist the temptation to use the same password for more than one account, and use passcodes to protect your smartphone and other mobile devices, he says.

Some real estate pros say reliance on electronic communications in business has contributed to the slackness. By contrast, the personal relationships that define the real estate industry are a powerful deterrent to fraud. Cameron Platt, owner of Platt Inc. Real Estate, in Oakland, Calif., says, when it comes to preventing information theft, "nothing beats face-to-face and voice contact" between parties in a transaction.

Sam Silverstein is a former writer-producer for the National Association of REALTORS® based in Washington, D.C.