During the economic downturn, real estate pros were on high alert for scams by perpetrators who preyed on cash-strapped home owners desperate to stave off foreclosure. Today, a new wave of scammers is breaking into people's e-mail accounts to cull information about pending deals.
The hackers—posing as sellers, title company representatives, or even other real estate agents—instruct buyers, agents, or attorneys to transfer funds related to the purchase to accounts belonging to the scammers, potentially swindling victims out of sizable sums. In addition, agents lately have been the target of ruses involving overseas cash "buyers" who ask for bank account information so they can supposedly wire deposits.
Whatever the technique, hackers are finding ways to trick buyers, sellers, and practitioners by e-mail or phone to hand over large amounts of money. In many cases, the heists could have been prevented if the victim had verified that the instructions were legitimate before proceeding.
"For anyone involved in real estate transactions, the key is vigilance and making sure that what is happening should be happening," Peter Bolac, trust account compliance counsel for the North Carolina State Bar, told RealtorMag. Bolac related how the North Carolina State Bar has received multiple reports of fraud involving wired funds in real estate transactions, including one involving a loss of $200,000. "Everyone involved in handling [transactions] has a duty to be sure their accounts are secure" and the procedures they follow include safeguards to protect clients.
Hacking incidents, sometimes referred to as "spear phishing," have disrupted transactions in a number of states, including California, New Jersey, and North Carolina.
Any e-mail seeking a funds transfer from you or your client should be examined carefully. In one North Carolina case, the hacker used an e-mail address that varied from the actual seller’s address by a single letter—but the discrepancy went unnoticed until after the unsuspecting buyer had sent over money.
The best way to foil e-mail hackers is to keep them from getting into your account in the first place. The nature of threats on the Internet is that you don’t always know whether your systems are getting attacked, and so you need to pay close attention to how you manage your e-mail accounts.
One of the best strategies for keeping intruders out of your e-mail involves two-step verification, which requires you to log in using a unique code provided by text message or through a mobile app in addition to your password. The advantage of this method is that even if a hacker is able to figure out your password, he or she won’t be able to enter your account without also knowing the code. E-mail providers such as Google and Yahoo offer this option.
Password strength is another factor to consider, however. It's best to create passwords that are difficult to crack and change them regulalry, and you should try to resist the temptation to use the same password for more than one account. Finally, try to use passcodes to protect your smartphone and other mobile devices too.