Being Your Clients’ Frontline Defense Against Fraud
As more real estate business is conducted online, hackers have greater opportunities to disrupt your transactions. Learn the steps you can take to protect your clients against cyberattacks.
October 6, 2021
- Compromised email accounts, identity theft, and real estate fraud are among the top sources of cybercrime.
- Post warnings to clients on your blog, social media profiles, website, and other communication channels.
- Cyberattacks aren’t 100% preventable, but having good digital hygiene goes a long way to protecting your data.
You’re the primary safeguard protecting your clients from cybercriminals. Scammers are targeting real estate transactions—most of which involve the exchange of large amounts of money—more than ever. So, you need to be able to spot the signs that you and your clients are in the crosshairs of a fraud scheme.
Real estate has experienced a dramatic rise in cybercrime in recent years. The pandemic has exacerbated the problem, forcing transactions to become more digital and people to operate on unsecured networks at home. The FBI received nearly double the number of cybercrime complaints in 2020 than in 2019, with losses totaling $4.2 billion, according to the FBI’s 2020 Internet Crime Report. Compromised email accounts, identity theft, and real estate fraud were among the top sources of cybercrime.
This article is sponsored by Stewart Title.
“Real estate transactions are an enticing target for cybercriminals,” says Olive Morris, NAR’s policy representative on technology issues. “Real estate transactions require frequent email communication, sharing of personal financial information, and large transfers of funds between multiple parties. Also, the real estate sector is primarily made up of small and midsize companies, which were the most likely businesses to experience a cyberattack in 2020.”
Scammers often attempt to dupe buyers with fraudulent wire transfer instructions to steal their down payments. Ransomware attacks, which are becoming more common, also threaten real estate brokerages, MLSs, REALTOR® associations, and third-party vendors. One of the most damaging cybercrimes in U.S. history occurred this summer when Cloudstar, a major cloud-based platform used by thousands of title companies and mortgage lenders, was targeted in a ransomware attack. Hackers gained access to millions of consumers’ personal and financial information, and closings across the country were put in jeopardy.
“The move to digital does create more opportunities for potential harm,” says Paul Benda, senior vice president of operational risk and cybersecurity at the American Bankers Association (ABA). REALTORS® have significant legal and ethical duties to protect their clients’ personal and financial information, and some have been sued for failing to warn clients to take appropriate precautions.
Warn Your Clients About the Risks
There are steps you can take this October, which marks Cybersecurity Awareness Month, to show that you take cyberthreats seriously. Post warnings to clients on your blog, social media profiles, website, and other communication channels. “Real estate professionals should serve as the frontline of defense against cybercrime,” Morris says. “Talking to your staff and clients about cybersecurity best practices could help save your business from a devastating cyberattack.”
SecurusID, a REALTOR Benefits® Program partner, has created several guides, such as “Concerned About Fraud? Know the Signs of Identity Theft to Catch it Early” and “Preventing Tax-Related Identity Theft.” The Cybersecurity & Infrastructure Security Agency also offers sample social media posts and graphics to share online and educate customers.
Stewart Title, which offers nationwide residential and commercial title insurance as well as closing services, has developed a series of videos and educational materials warning the public about fraud risks. “We are committed to cybersecurity education and training across our entire organization,” says Steve Lessack, group president of U.S. and international operations and commercial services at Stewart Title. “We’ve taken numerous measures to combat wire fraud, including a strict policy on wiring instructions; customer, REALTOR®, and employee education and training; as well as a Fraud and Forgery Watch Program.” The program offers a cash award of up to $1,000 to any Stewart Title agent who detects fraud or forgery in policy documents.
Lenders also are being more proactive about warning clients of fraud risks. The ABA this month is relaunching its 2020 social media campaign #BanksNeverAskThat to help consumers spot red flags and outsmart scammers. The campaign calls out the type of information banks will never ask of its customers over email, text, or phone, such as account number, social security number, PIN, username and password, or answers to security questions. (Consumers may be asked to verify confidential information if they initiate the call to their bank, but never the other way around.)
6 Steps to Thwart Scammers
Phishing scams have long been a nuisance to the real estate industry. One buyer lost his family’s $123,000 down payment when a scammer impersonated a party in the buyer’s transaction and emailed him fraudulent wiring instructions. But real estate is vulnerable to other scams involving loan modification and refinancing, mortgage relief, and leaseback or repurchase agreements. Ransomware attacks like the 2019 attack on the Corcoran Group’s computer systems also are a rising problem. Here are some precautions to take:
Always use multifactor authentication. While two-factor authentication isn’t foolproof, it could potentially mitigate the risk of most of these threats, Benda says. Two-factor authentication and programs like Google Authenticator can help you equip yourself to securely work from home.
Don’t be fooled by a phishing email. Beware of suspicious links that could contain malware. Double-check the information you receive in an email—especially wiring instructions—with a verified number you already have or an actual person from the company handling the escrow. Also, never reply to a suspicious email. Forward messages instead so that you can manually enter the email address. Scammers often make subtle changes to email addresses. For example, one scam involved fake SentriLock invoices sent to customers from “sentril0ck.com” (with a zero instead of an “o”).
Watch for red flags. A sudden change to wire instructions—which title companies rarely do—or a change in the timing or location of settlement can indicate fraud. “Scammers often try to create a sense of urgency. They are trying to inflict a sense of panic in you,” Benda says. “A bank will close an account if you don’t do X, Y, or Z. A bank is never going to call you up and demand you do something instantly or else they will close your account.” Hang up and call the main office or a verified phone number. “Any legitimate company will be OK with that, but they won’t be if they’re not legitimate,” Benda adds.
Communicate the risks to clients. Add a disclosure form as a risk management tool for your brokerage. Several state associations and brokerages have developed a wire fraud disclosure form that real estate pros can use to warn clients about cybercrime risks. Access sample forms at nar.realtor.
Have safeguards in place. SecurusID offers a free dark web scan report as well as full-service identity theft protection. Title companies also offer extra protection. Stewart Title has partnered with CertifID to help ensure its clients are protected, guaranteeing each wire transfer up to $1 million against fraud. “Founding CertifID was in direct response to a wire fraud that I experienced as a title agency owner,” CEO and co-founder Tom Cronkright said in a statement. “Since then, we’ve seen how education and adoption of technology can significantly reduce the risk of wire fraud.”
If you suspect fraud, act quickly. Every minute counts after a fraudulent wire transfer or other crime has occurred. Contact your bank and request a recall or reversal of funds immediately. Contact local law enforcement and file a complaint online through the Internet Crime Complaint Center at ic3.gov.
“Cybercrime is never 100% preventable, but maintaining good password hygiene, never clicking unknown links and attachments, and communicating safety protocols with all clients, employees, and business partners could help protect your business,” Morris says. “More than just shielding your business from liability as well as reputational and financial harm, strong cybersecurity is a competitive advantage that real estate professionals can offer their clients.”