How to Spot Wire Fraud, Email Scams and Other Hacker Schemes

 

by Kara Cook

Fraud is illegal and dangerous but often hard to spot. Especially in real estate, wire fraud and other email scams and schemes by sophisticated hackers are significant issues with potentially disastrous financial ramifications for both buyers and sellers.  In fact, the Washington Post reported that in 2017, nearly $1 billion ($969 million, to be precise) was fraudulently “diverted or attempted to be diverted” from real estate purchase transactions and wired to “criminally controlled” accounts.

But how do you avoid wire fraud and not fall prey to hackers?

A lot of fraud begins with email. Hackers methodically monitor email messages from lenders, real estate agents, title companies, attorneys and anybody else involved in real estate transactions. These hackers are skilled and identify a pattern of communication that clearly indicates when a party is involved in a transaction to buy or sell real estate. From the emails, they determine when and where the transaction will be closing along with many other pertinent details.

Then they spoof an email, which often looks completely legitimate, to the potential homebuyer or seller with a change in wiring instructions. They may also send it to the realtor or attorney pretending to be a buyer or seller asking for funds to be sent via a different method than originally discussed.  The unsuspecting party then complies with the new wiring instructions, sends funds to the wrong place, and they often vanish.

We’ve assembled a few tips to help you dodge these wily wire fraud experts.  Learn how to spot scams before it’s too late and you are victimized by a fraudster, whether you’re a buyer, seller or a real estate professional.
 

  • Never wire funds based upon the content of an email.  Always assume email has been hacked and validate all information over the phone. Wire instructions do not change that often so regard any request to do so as suspicious.  It’s a good practice to always verify payment instructions in person or by phone.  When verifying over the phone, make sure you do some research on the phone number and do not simply use the number listed on the wire instructions since this information can easily be altered.

     
  •  Enable second factor authentication on your email.

    • You will enter your password as usual.  Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer’s USB port.  With 2-Step Verification, if a bad guy hacks through your password layer, he'll still need your phone or Security Key to get into your account.


       

  • Change email password frequently. 

    • If you are not already doing so, change your password to a strong 10-character password every 90 days.  Don’t use the same password for everything. If you do, the attacker only needs to find that one password to gain access to everything, and they will try that one password everywhere.
       

    • Don’t use similar passwords. Merely changing a number or a couple of letters, while the rest is the same does not keep malicious attackers from recognizing your password pattern and using it to quickly find your other passwords.
       

    • People tend to use the same passwords so they can remember them easily but there is a better solution to this problem.  Try a password manager like LastPass.  With LastPass, you only need to remember your master password and they keep up with the rest.  LastPass recommends using a memorable passphrase to create a super strong master password. Something like lyrics to a song, a quote from a movie and the color of your favorite coffee mug.


       

  • Don’t trust links received in email.

    •  If you want to go to the web site, type in the address yourself. Also, don’t trust files attached to an email, especially if you are not expecting it. When in doubt, pick up the phone and call to confirm that the sender sent you that file.


       

  • Immediately report and delete unsolicited email spam from unknown parties. Do not open spam email, click on links in the email or open attachments. These often contain malware that will give access to your computer system


     

  •  Use commercial anti-virus software, and update it frequently


     

  •  Educate your clients on wire fraud. Remember the old adage, “knowing is half the battle?” Well, clients can’t protect themselves if they don’t know they’re at risk. Share information on recent trends and common ways it occurs.  Let them know your typical communication practices so that they know what to expect and to be suspicious of anything else.  All of the advice listed above also applies to your clients and customers.  Their emails contain lots of juicy information too like who is buying/selling, who is closing, when they are closing and how much money is involved.  Ask your client to notify you if anything changes. If they received wiring instructions, and then days later received a second email notifying them instructions have changed, that is a huge red flag.


     

  • Avoid free Wi-Fi. As convenient as it is to use free Wi-Fi at your local coffee shop, it can be the main catalyst in cybercrime activity. More people have emails compromised, passwords stolen and other sensitive information captured using free Wi-Fi than a secure network.


     

  • If you are a victim of wire fraud, look into the Kill Chain Process

    • The FBI offers a Financial Fraud Kill Chain (FFKC) process to help recover large international wire transfers stolen from the United States. The FFKC is intended to be utilized as another potential avenue for U.S. financial institutions to get victim funds returned. Normal bank procedures to recover fraudulent funds should also be conducted.
       

    • The FFKC can only be implemented if the fraudulent wire transfer meets the following criteria:

      • the wire transfer is $50,000 or above

      • the wire transfer is international

      • a  recall notice has been initiated

      •  FBI was notified within 72 hours
         

    • Any wire transfers that occur outside of these thresholds should still be reported to law enforcement and, of course, the bank but the FFKC cannot be utilized to return the fraudulent funds.

       


       

Here’s a quick video with more information ("Source: National Association of REALTORS®")  By educating yourself, your colleagues and your clients – and following these tips – we can make a dent in cyber crime and keep more people safe from wire fraud, spam and email scams.

 

 
Kara Cook