Be Vigilant to Combat Cyber Security and Wire Fraud
by Kara Cook
A couple of weeks ago, I drafted a short summary of industry best learnings when Heather and I were at this year’s NS3 Summit in Phoenix. Among other topics, sessions and general discussions focused prevalently on cyber security threats and what our industry is doing to stem wire fraud in our industry. I touched on it in that other blog, but it’s so important to us here at Cook & James that I wanted to expand on the terrifying potential of cybercrime.
$150 Million Lost in 2018 Real Estate Transactions
First, you must know real estate is being targeted – successfully targeted – and people are losing money. A lot of money. According to the FBI, Americans lost nearly $150 million to real estate scams in 2018. No one is immune and everyone must be vigilant.
Last summer, the FBI released a report/public service announcement with updated statistical data for October 2013 to May 2018. It showed between 2015 and 2017 “there was over an 1100% rise in the number of BEC/EAC victims” and an almost “2200% rise in the reported monetary loss” in the real estate sector. (BEC means business email compromise and EAC stands for fraud/email account compromise.) Last year was even worse: “May 2018 reported the highest number of BEC/EAC real estate victims since 2015,” the FBI said.
So, yes. It can happen to the best of us and we are doing everything we can to ensure the cyber criminals never break through to Cook & James clients. Not only have we amped up our internet firewalls, systems, hardware and software, but we have literally plastered instructions everywhere – in our signature lines, on our website, in our pre- and post-instructions, in posters around our offices – here’s a link to a document we created specifically to warn our collaborators and colleagues about cyber dangers and how to spot and avoid them.
Never, Ever Respond to An Unsolicited Email
As real estate journalist Aly J. Yale reported in Forbes about her experience being targeted, most cyber criminals begin with an email.
So, we tell everyone, we will never, ever, ever, ever change wiring instructions via an email. Did you hear that? This will never happen. Please, please, please, ALWAYS be suspicious about emails.
Yes, email communication is a necessary way of doing business, but final instructions should never be communicated via email. Here at Cook & James we will always make a personal phone call should any guidelines or directions change – and that is best practice throughout the real estate industry as well.
Always Ask If You’re Unsure
If you’re ever unsure, ask. If something seems a bit “off” in an email, ask. Just pick up the phone and ask. But DON’T USE the phone number offered in that suspicious email. Use the number you were previously provided, the one that’s on the real estate professional’s business card.
If you’re unsure beyond this, there is a fun, little test (if you consider this stuff fun…) that Google developed earlier in 2019. Called a Phishing Quiz, there are eight examples on this quiz testing if you can recognize the difference between a legitimate email and a phishing scam. After each email example, Google explains how to tell whether it is a scam, often by hovering over URLs to check where they lead and checking the spelling of email addresses. Even for us real estate pros, it’s often hard to tell which examples are legitimate. And that makes cybercrime all the more terrifying to us.
Congress Requests Help
In June 2019, Congressmen Brad Sherman (D-CA), David Kustoff (R-TN) and a bipartisan group of 41 House members sent a letter to Federal Reserve Chairman Jerome Powell, requesting that he provide answers on how the Fed might better protect homebuyers from the growing threat of real estate wire fraud.
“Far too often, I hear of situations in which cyber-criminals send fraudulent emails to homebuyers, real estate agents, lenders, title companies and attorneys in an effort to steal a homebuyer’s down-payment. Cyber criminals do this by hacking into an e-mail account and sending false wire instructions to homebuyers to steal their down payment, in some cases their entire life savings,” said Rep. Sherman. “It is time the Federal Reserve provide answers on what can be done to address this vulnerability in our payments system.”
Fed Chair Powell’s Response
On July 9th, Federal Reserve Chair Jerome Powell issued his response. He outlined difficulties that would arise if the requested changes were implemented and expressed concerns about operational hurdles banks would face in instituting a payee matching system like the one currently being developed in Great Britain. He also briefly explained how the Federal Reserve is already taking steps to combat wire fraud.
Senators Jim Moran (R-Kan.) and Chris Van Hollen (D-Md.) are working on their own letter to Powell on the subject which will ask for more information about the work the Federal Reserve is doing to protect the wire system from fraud. So, stay tuned for updates on this important industry news.
What We’re Doing – Industry-wide and At Cook & James
There is a coalition to prevent wire fraud. Called Stop Wire Fraud – find it at https://StopWireFraud.org. Its purpose to raise awareness of wire transfer fraud and educate homebuyers, real estate and mortgage professionals, and policy makers about the urgency of the problem while providing steps that can be taken to prevent the risk of fraud.
There’s robust information on the site and the organization urges people to share their stories. The four main tips are actions that we here at Cook & James have adopted to help alleviate the potential of cybercrime and wire fraud; they are:
Warn Early and Often: Make sure your clients know about the growing and looming threat of real estate wire transfer fraud.
Educate: Remind your client that you will not send changes to wiring instructions or payment information.
Call: Tell your client to call you to confirm all wiring instructions, and soon after they make any wire transfers.
Create: Within your company, establish a rapid response plan for wire fraud incidents.
And, again, you can consult, print out, refer daily to the two-page guide I mentioned above. Again, it’s on our website here.
What You Can Do
First and most importantly, remain vigilant. And encourage those around you to do so too. You can also always contact your legislators and express your opinion. That is the way to encourage more stringent punishments for criminals and more robust and technical monitoring.
You should also educate yourself on cyber insurance – to begin, you can check out my Q&A last year with Cook & James insurance expert and VP of human resources Marvin Bushey.
And if you are a victim – or suspect you’ve been a victim – act quickly. Reporting speed is of the essence to regain missing funds and help the authorities locate the cybercriminals before they strike again.