Welcome to part one of MyITpros’ two-part series in which we investigate wire fraud phishing scams targeting the realty industry. Wire fraud is a growing complaint among realtors and buyers, costing millions of dollars each year.
We don’t need to tell you that buying a home can cause some closing-day jitters. As a realtor, you probably soothe frazzled nerves every day, and agents have developed some clever ways to handle those last-minute anxieties. One realtor even started handing out “remorse pills”—candy placebos designed to get buyers through the stress of closing.
And now there’s a new reason for buyers to feel anxious about shopping for homes: wire fraud phishing scams.
The facts on wire fraud phishing scams
Even high-profile buyers and sellers aren’t safe. Take, for instance, the case of New York Supreme Court Justice Lori Sattler, who was scammed out of over $1 million. Like many victims, Sattler was sent a phishing email instructing her to wire funds to an international bank account. The email appeared to be from her real estate lawyer, so she followed through and transferred the money.
Her situation is not as rare as you’d think, as the FBI reported a 480% increase in this kind of real estate phishing scams in 2017. And while phishing is not a new hacking technique by any means, scammers’ latest target—homebuyers—is. Moreover, because victims so often willingly give up access to their accounts, there’s only so much technical IT solutions can do to address the problem.
One reason why homebuyers are being targeted is that the nature of the real estate industry aids this kind of cybercrime. For instance, some agents use their personal email addresses in their professional interactions, so seeing an unusual address doesn’t automatically send up a red flag for clients. Additionally, many homebuyers are accustomed to taking emails at face value instead of investigating their veracity. Ultimately, hackers are able to pull off scams like these because of the growing sophistication of social engineering attacks, a threat that has IT solutions providers worried.
How real estate wire fraud scams work
Forget Nigerian princes and typo-riddled business proposals. The latest hacking tactics rely on social engineering, an advanced form of deception in which attackers pose as a reliable source known to the victim. In this kind of attack, hackers break into a real estate agent’s email account, typically by sending the agent a realistic-looking phishing email. That email directs them to click on a link, which takes them to a phishing site where their password can be collected.
Once inside the agent’s email, hackers are able to peruse client/agent correspondence to look for pending sales. When they come upon a home that’s about to close, they send a last-minute email to the buyer, posing as an agent, real estate lawyer or title company. That email either instructs recipients to wire money or directs them to an external link and asks them to enter personal information such as account details or passwords. From there, all hackers need to do is take the money and run.
How real is the risk of wire fraud phishing?
It’s easy to write off scam alerts like these as hyper-alarmism, especially if you don’t know anyone who’s been directly affected. However, the rise in realty-related fraud has been extreme enough to set off consumer watchdog groups. For instance, in 2016, the FTC and the National Association of Realtors issued an alert to homebuyers warning against phishing threats. Last year, criminals stole an estimated $1 billion from unwitting homebuyers, up from $19 million in 2016.
If one of your clients is hacked, you may be out a lot more than a sale. According to American University’s WAMU-FM, a D.C.-area couple are suing their title company for $5 million after losing approximately $1.6 million to scammers, claiming that the company’s lax cybersecurity led to the hack. Whether cases like theirs will hold up in court remains to be seen, but this example certainly highlights the seriousness of the situation for realtors, lawyers and title companies.
There are a few steps you can take to protect yourself and educate clients against wire fraud, beginning with a simple IT solution: learning how to identify a phishing email. Join us for part two of MyITpros’ two-part series investigating realty wire fraud phishing scams, where we’ll discuss what phishing emails look like and tell you how to educate clients without scaring them off. We’ll also talk about backups and other IT solutions you can use to provide fuller security, and what to do in the wake of an attack.
Don't feel like waiting for part 2? Get solutions right away by browing our Security Services, and start building your security strategy now rather than later!