REALTORS® Face Growing Cybercrime Risks Through Email Scams
An important notice from Attorney Ron Farris...
Mississippi REALTORS® are reporting an uptick in fraudulent wire transfer schemes targeting real estate professionals. Hackers hack the licensee’s email account and obtain information about an upcoming real estate transaction. Having the closing date from emails, hackers email the parties or their agents posing as the title company or closing attorney. The fraudulent email appears valid, using names, details and even documents relating to the closing, and claims there have been last minute changes to the wiring instructions. These bogus emails provide new wiring instructions for closing funds. Unwary victims wire the closing proceeds, down payment or other escrowed funds directly to the hacker’s fraudulent account. Funds lost to this scheme are generally not recoverable.
Since originally issuing a “high alert” warning to REALTORS® in 2015, the National Association of REALTORS® has partnered with the FBI and the Federal Trade Commission to warn buyers and agents about these schemes. “If you’re buying a home and get an email with money-wiring instructions, STOP,” says Colleen Tressler, FTC Consumer Education Specialist, “Email is not a secure way to send financial information, and your real estate professional or title company should know that.” FBI agents say wire fraud involving real estate transactions has escalated from $5 million in all of 2015 to $14 million in just the first quarter of 2017, a serious cause for alarm.
REALTORS® should evaluate their internal email system to verify that their email server is encrypting email communications. NAR sternly warns REALTORS® to never send any sensitive information by email, including wiring instructions, banking information, routing numbers, PINS or any other financial information.
Best practices for REALTORS® should include a written policy concerning email use that prohibits disclosure of sensitive information in emails, and a policy for verifying the validity of requests for sensitive information received by email. Other best practices and tips include:
- Warn clients from day one about wire fraud and the importance of verification
- Verify all requests for funds, wiring instructions and other critical items by phone with a verified contact
- Always question any “last minute” changes to protocols, especially those involving payments or transfers of funds
- If email must be used, use only encrypted email on secure servers
- Never click on unknown links in an unverified email
- Never use unsecured WIFI (like that usually found in coffee shops and airports)
- Clean out your email box regularly; stored messages can be used by hackers to learn sensitive information about you, your business and your clients
- Change user names and passwords on a regularly-scheduled basis
- Use and maintain the most current firewall and anti-virus technologies on all systems
- Report all suspicious emails to the FBI, FTC and law enforcement authorities
- Notify MAR and NAR of any fraudulent schemes that come to your attention so that others can be warned
If a wire has been initiated and you determine that it may be suspect, contact the bank immediately. It may be possible to terminate the wire before the funds go through. Then, report the scheme to the FBI.
NAR suggests adding the following notice to your client disclosures and communications:
IMPORTANT NOTICE: Never trust wiring instructions sent via email. Cyber criminals are hacking email accounts and sending emails with fake wiring instructions. These emails are convincing and sophisticated. Always independently confirm wiring instructions in person or via telephone call to a trusted and verified phone number. Never wire money without double-checking that the wiring instructions are correct.
For more information, contact the FBI Internet Crime Complaint Center at http://www.fbi.gov/scams-safety/e-scams.