Cyberscams are increasing, and real estate is a big target because of the large dollar amounts that are involved in transactions.

There are criminals out there lying in wait. They hack into agents’ email accounts or the email accounts of title agents or others involved in a real estate transaction. They are rooting for the transaction to be successful. Can you hear them? “Come on, agents; resolve that concern with the plumbing!” They are waiting for the moment when closing is scheduled and the transmission of purchase money funds is discussed. If there is an email providing wire transfer instructions, the criminals pounce, intercepting the original email and substituting an email with different wire transfer instructions. An unsuspecting buyer receives the message and dutifully instructs his bank to accordingly wire the money needed to close the transaction. If no one becomes wise to the substituted email and the fraudulent wire transfer instructions, the buyer’s money is wired to the crooks. The crooks have just stolen a large sum of money from the buyer. By the time this is discovered, it’s typically too late. The hacker’s account will be cleared out in a matter of minutes. The money is often lost forever.

One way the cyber criminals may gain access to real estate email accounts is with a fake email that appears to be from a title company purporting to be sending closing documents, but the email really is from the clever criminals. A broker in a hurry or otherwise not paying attention might easily click on the attachments and essentially open the front door to the crooks who then will work their diabolical magic and gain access to all email in that account. Upon careful review, these emails have something that is off or misspelled, for example, from “First America Title,” not “First American Title.”

The hazards of tuning out the warnings

Real estate professionals have been warned of the dangers lurking when email is used to transmit sensitive consumer information, including wire transfer instructions. But sometimes it seems like some just tune it out. Maybe they think that this is just something that happens to others but not to them; they think they are bulletproof. That attitude has the potential of landing a broker in a very bad spot if the broker is simply disregarding the warnings and not taking proactive steps to protect buyer funds and prevent the broker from being sued by buyers who lose their money. If the Equifax website can be hacked, potentially putting the private information of 143 million U.S. consumers at risk, then it would seem imprudent to believe a real estate email account is impenetrable.

If the broker is tuning out because he is associated with a firm that has strong email and communication procedures and protective IT measures in place, that broker is in a relatively good spot. The broker is using company email rather than Gmail, Hotmail or other free email services that are easily comprised. That firm, however, has to avoid becoming complacent because the risk was addressed at one point in time. Technology and criminal ingenuity are not static and are ever-evolving. That firm’s protective measures should be periodically reassessed and updated. 

The danger is real, and the buyers will sue you

The wire transfer fraud hackers are back again in Wisconsin, regularly feasting on buyers’ closing funds. Most of these incidents follow an all-too-familiar storyline, like when a Milwaukee-area title company emailed wire transfer instructions to a real estate agent whose client was purchasing a residence. The buyer client needed to take approximately $115,000 to closing. The wire instructions provided to the agent listed the routing number and account number, and the “from” line in the email listed an email address for a title company employee who the agent was familiar with. Unbeknownst to the title company and the buyer’s agent, a cyber crook had intercepted the email containing the wire instructions, changed the routing and account numbers, and sent the email to the real estate agent who forwarded the instructions to the client. The buyer then wired more than $115,000 to the crook’s bank account. It was not discovered that the wire instructions had come from a bogus email account until after the wire had been sent. 

See other vivid examples in the resources section at the end of this story. Those buyers are pursuing court action, alleging that real estate practitioners who did not employ adequate cyber security measures are responsible for the hackers gaining access to the email and ultimately stealing the buyers’ money. 

Bottom line: Please don’t let this be you. If you don’t take steps to prevent wire transfer fraud and a buyer loses his money to a cybercriminal, make no mistake — the buyer will sue you! 

Dealing with the danger

Firms would be prudent to establish and strictly follow a policy with regard to the communication of wire transfer instructions. A policy should be created, and then all agents associated with the firm should be held responsible to observe and enforce the policy.

1. Avoid the situation: Never email financial information. Email is not considered secure. Some Wisconsin firms have policies whereby they don’t ever email wire transfer instructions and there is no email discussion of any client or customer financial information. 

2. Establish protocols and educate the parties: Instill a protocol where everyone double checks wire instructions. At the beginning of every transaction, explain to all clients and customers the firm’s communication policies and security practices. Explain the potential risks of wire transfers and let clients and customers know what you are doing to keep their information safe. Thoroughly explain the communication procedures they must follow. 

Some firms may wish to set up a protocol whereby the person wiring funds contacts the sender of the wire transfer instructions — using an independently verified means of communication. That means to use the phone number from a website or a phone directory and not any contact information from the email. Hackers will recreate legitimate-looking signature blocks with their own telephone number. In addition, fraudsters will include links to fake websites to further convince victims of their legitimacy. It is also prudent for agents to call the buyers on the phone immediately prior to the transfer of funds so the buyers know they’re sending money to a legitimate source.

Build a standard warning about wire scams into your email signature or include a disclaimer at the bottom of your emails that says you will not discuss personal financial information over email. A broker may also include a standard warning about wire scams into every licensee’s email signature block or include a disclaimer at the bottom of emails. NAR has provided a wire fraud email notice template as an example of a notice that may be added to licensees’ email signature lines:

IMPORTANT NOTICE: Never trust wiring instructions sent via email. Cyber criminals are hacking email accounts and sending emails with fake wiring instructions. These emails are convincing and sophisticated. Always independently confirm wiring instructions in person or via a telephone call to a trusted and verified phone number. Never wire money without double-checking that the wiring instructions are correct.

3. Protect email from hackers: Use up-to-date cybersecurity measures. 

• If possible, do not send sensitive information via email. If you must use email to send sensitive information, use encrypted email. 
• Consider two-factor authentication whereby an email account is protected by a password and another personal security measure. This makes it extremely difficult for hackers to infiltrate email accounts because they unfortunately are very good at learning passwords, but they will not have access to the second security measure that will check for the source device, such as your tablet or your cell phone and stop others. Watch the video at https://www.youtube.com/watch?v=0mvCeNsTa1g and read about this simple preventative measure in these two-factor authentication resources:
  • PCMag “Two-Factor Authentication: Who Has It and How to Set It Up”: https://www.pcmag.com/article2/0,2817,2456400,00.asp. 
  • Two-factor authentication for Apple ID: https://support.apple.com/en-us/HT204915.
  • ZoneAlarm “How to Turn on Two-factor Authentication for Your Email Accounts”: http://www.zonealarm.com/blog/2013/08/how-to-two-factor-authentication-email-accounts.
• Change your usernames and passwords frequently; use strong passwords.
• Use the most up-to-date firewalls and anti-virus technologies. Make sure your operating system, browser and security software are up to date.
• Don’t open suspicious emails and unsolicited attachments and be cautious about downloading any files from emails.
• Avoid free Wi-Fi with no firewall to protect against hackers capturing an email password or other sensitive information.
• Avoid free emails and stick with a company email address that will have more security measures in place.
• Never click on any links in an unverified email. In addition to leading you to fake websites, these links can contain viruses and other malicious spyware that can make your computer — and your transactions — vulnerable to attack. 
• Check the security of the website. For any sensitive information provided over the web, check that the site is secure. The URL in the browser should begin with “https.”
• Clean out your email account on a regular basis. Your emails may establish patterns in your business practice over time that hackers can use against you. In addition, a longstanding backlog of emails may contain sensitive information from months or years past. 

4. Make sure the firm has liability coverage: Review the firm’s insurance policies to see what coverage there is for computer fraud-related losses. Coverage may be limited with regard to losses caused by email fraud or computer hacking. Consider a cyberliability policy or adding additional coverage to the existing policy. Make sure you are protected against the worst case scenario where the buyer’s money is stolen and the buyer sues you!

Resources

• February 2017 Legal Update, "Combating Cybercrime Concerns": http://www.wra.org/LU1702.
• “Please Wire Me Your Money! Protecting brokers and clients from wire transfer scams,” in the March 2016 Wisconsin Real Estate Magazine:
http://www.wra.org/WREM/Mar16/Scam.
• WRA LegalTalks video about wire fraud: http://www.wra.org/LegalTalks/WireTransferFraud.
• Download and distribute NAR’s online fraud prevention handout: https://www.nar.realtor/sites/default/files/handouts-and-brochures/2015/protecting-from-cyberfraud-handout-2015-11-24.pdf.
• This NAR video helps educate clients on the threat of wire fraud. You can embed the video on a website or share it with clients via email or social media: http://realtormag.realtor.org/for-brokers/network/article/2016/05/threat-wire-fraud-real. 

Knight Barry Title Company wire fraud videos

• Knight Barry Title explains two-factor authentication and DMARC: https://www.youtube.com/watch?v=mz9BGlhgX3A.
• Learn about real estate wire fraud and how to prevent it: 
  • Part 1: https://www.youtube.com/watch?v=QfP0h_3Qf1E.
  • Part 2: https://www.youtube.com/watch?v=yADpxaVg9Nk.

Illustrations of hackers stealing buyers’ money

• Homebuyers lose life savings during wire fraud transaction, sue Wells Fargo, REALTOR^® and title company: http://www.thedenverchannel.com/money/consumer/homebuyers-lose-life-savings-during-wire-fraud-transaction-sue-wells-fargo-realtor-title-company.
• Hackers allegedly steal $1.5 million from D.C. couple in homebuying phishing scheme: http://www.fox5dc.com/news/local-news/dc-couple-loses-15-million-in-home-buying-cyber-attack-scam.
• New York judge scammed out of $1 million by real estate tricksters: http://www.foxnews.com/us/2017/06/21/ny-judge-scammed-out-1m-by-real-estate-tricksters.html.

Most importantly, if anyone experiences any attempted hack or fraud similar to what was described in this article, please contact FBI Special Agent Brian Due at Brian.Due@ic.fbi.gov or 414-291-4305.

Debbi Conrad is Senior Attorney and Director of Legal Affairs for the WRA.