Since the holiday season is upon us with mass amounts of online shopping taking place and the New Year quickly approaching, now is an opportune time to remind you that cybercrime is a real thing and doesn’t just impact big box companies’ online retail systems. 

In fact, small businesses, such as real estate brokerage companies, are common targets for cybercrime. According to the FBI’s Internet Crime Report, $1.42 billion of total losses occurred from cybercrime in 2017. Wire fraud and ransomware were the top two internet crimes of 2017. 

A cybercrime target exists regardless if a company sells a product over the internet or collects credit card information. Real estate companies and their agents are vulnerable to cybercrime in a number of ways — including wire fraud and social media. 

While the WRA has discussed wire fraud and ransomware as well as other cybercrimes at length — see the list of resources below — real estate firms are encouraged to do two things: 

Review current insurance coverage and discuss with your insurance agent if your policy covers cyber insurance. If not, give serious consideration to purchasing cyber insurance. When an issue is discovered, a company with cyber insurance can contact its insurance company, which will work with a forensic team to track down the source of the cybercrime. Cyber insurance is generally a separate policy. Like any insurance policy, the coverage and costs will vary depending on the policy and the insurer. 

Obtain an external audit to assess any IT risks to understand cyberattacks. Cybercrime is ever-evolving; to that end, there are new versions of cyberattacks every six months. Therefore, an audit by an outside expert will assist your firm in understanding how you can better improve processes and protect your business, agents and clients. 

If you have any online presence as a business, as an agent or as an individual, you are vulnerable to a cyberattack. Therefore, as you begin to review your 2019 business plan, you should seriously look into obtaining cyber insurance and an external IT audit. What’s the worst thing that can happen? You get completely freaked out, learn more about your cyberattack risks and end up purchasing cyber insurance. This option is better than being the firm that “learned the hard way.” 

Additionally, the National Association of REALTORS^® (NAR) created resources including a Cybersecurity Checklist — Best Practices for Real Estate Professionals. The checklist specifically discusses email and password hygiene as well as other IT-based security measures. See more information about the checklist in the resources below. 

Email and password hygiene 

• Never click on unknown attachments or links, as doing so can download malware to your device. 
• Use encrypted email, a transaction management platform or a document-sharing program to share sensitive information. 
• Carefully guard login and access credentials to email and other services used in the transaction. 
• Regularly purge your email account and archive important emails in a secure location. 
• Use long, complicated passwords such as phrases or a combination of letters, numbers and symbols. 
• Do not use the same password for multiple accounts. 
• Consider using a password manager. 
• Use two-factor authentication whenever it is available. 
• Avoid doing business over unsecured Wi-Fi.

Other IT-based security measures 

• Keep antivirus software and firewalls active and up to date. 
• Keep your operating system and programs patched and up to date.
• Regularly back up critical data, applications and systems, and keep this backed-up data separate from online systems.
• Don’t download apps without verifying that they are legitimate and won’t install malware or breach privacy.
• Don’t click on links in texts from unknown senders. 
• Prior to engaging any outside IT provider, review the applicable privacy policies and contracts with your attorney.

Cori Lamont is Director of Corporate and Regulatory Affairs for the WRA.

Kansas Buyer's Agent on the Hook for Buyer's Loss in Wire Fraud

A recent lawsuit reminds agents that they are not only vulnerable to wire fraud but also can be held responsible for it. A buyer in a Kansas transaction allegedly claimed to have received an email from her buyer’s agent providing new wiring instructions for the upcoming closing on a property. 

The buyer then used the false instructions to wire the purchase money to the fraudulent account and lost $196,622. Apparently, the criminal had infiltrated the email exchanges between the parties and created fake email accounts that were very similar to the email accounts used by the parties. The buyer sued numerous parties including the buyer’s agent. While the buyer’s agent claimed she never sent the email with the false wiring instructions, a jury found the buyer’s agent 85 percent responsible for the buyer’s losses, which came to $167,129, after the buyer transferred money to a fake account. Further, a Kansas federal court upheld the jury’s verdict. 

Read the NAR case summary of Bain v. Platinum Realty, LLC, No. 16-2326-JWL, 2018 WL 3105376 (D. Kan. June 25, 2018), at www.nar.realtor/legal-case-summaries/licensee-liable-for-wire-fraud-losses. 

Resources from the WRA

Wisconsin Real Estate Magazine

• September 2018: “5 Keys to Internet Safety,” at www.wra.org/WREM/Sep18/InternetSafety.
• October 2017: “The Risks of Sending Wire Transfer Instructions,” www.wra.org/WREM/Oct17/WireTransferFraud. 
• September 2016: “Safe. Secure. Successful.” at www.wra.org/WREM/Sep16/Safety.
• March 2016: “Please Wire Me Your Money! Protecting brokers and clients from wire transfer scams,” www.wra.org/WREM/Mar16/Scam.
• October 2015: “Online Privacy: Protecting Personally Identifiable Information,” at www.wra.org/WREM/Oct15/Privacy.
• October 2015: “Tighten It Up! 10 things you need to do immediately to protect your online privacy,” at www.wra.org/WREM/Oct15/OnlinePrivacy.

Legal Update

• February 2017, “Combating Cybercrime Concerns,” at www.wra.org/LU1702.

LegalTalks

• Wire Transfer Fraud with Debbi Conrad: www.wra.org/LegalTalks/WireTransferFraud. 

Resources from NAR

• Cybersecurity checklist: www.nar.realtor/law-and-ethics/cybersecurity-checklist-best-practices-for-real-estate-professionals.
• Online fraud prevention handout: www.nar.realtor/sites/default/files/handouts-and-brochures/2015/protecting-from-cyberfraud-handout-2015-11-24.pdf.
• Educational video for clients on the threat of wire fraud: realtormag.realtor.org/for-brokers/network/article/2016/05/threat-wire-fraud-real.