Months ago I wrote an article about real estate brokers facing liability when a wire fraud scam is perpetrated through the hacking of the broker’s email account. That article provides some precautionary measures to avoid being a victim of these scams. Brokers Face Liability for Wire Fraud Since the writing of that article the number of wire fraud attempts, and the victims of successful wire fraud scams, have gone through the roof. Just recently Land Title, Kentwood Real Estate Services, and an individual real estate broker were sued by buyers who lost more than $270,000.
The buyers had received wire instructions through an email that appeared to have been sent from their closer at Land Title. The wire instructions were to an account held by the fraudster, not Land Title. The buyers did not suspect anything strange because the amount requested in the email was the same amount that they had been told to wire during a telephone call with their lender. The buyers wired the money and now it’s gone. Read Full Channel 7 Report Here
These wire fraud scams come in all shapes and sizes. Sometimes the fraudster tries to trick the title company by sending fraudulent instructions from the actual email account of the seller or the listing broker, or a fake account that looks like the seller or broker’s email account. In other cases, like the Land Title case, the fraudster sends emails to the buyer pretending to be the title company. Some of these emails are extremely clever. We’re aware of one case where the fraudster sent an email to the buyer with two part wire instructions. The instructions stated that anything below $25,000 should go to one account (the legitimate account of the title company) and the remaining should go to another account (the fraudster’s account). This way if the buyer called the title company to verify the wire instructions the buyer might just give the first account info, and assume the second was legitimate as well.
While the tactics get more and more clever, the core vulnerability in most of these cases is email. The fraudsters have usually hacked into someone’s email, and in most cases it’s the broker’s email. Once they are in the email they can monitor all of the email communications. These hackers know when the closing is taking place, all of the parties involved, etc. The primary reason they focus on broker email accounts is because they know the broker is dealing in real estate transactions. They also know that most broker email accounts are easy targets because most brokers manage their email accounts independently, and they are less likely to have certain precautionary measures in place, like encrypted email, two-factor authentication, or virus protection.
There have been recent reports of transaction management systems being hacked as well. Again, it’s not that the hacker penetrates the file servers of the management systems through some sort of cyber attack. The hacker gets into the email of the real estate broker, which then allows the hacker to access the transaction management system (like CTME) through password reminders, etc. Once hackers have gained access to the management system, they can send very legitimate looking emails directly from that transaction management system.
So, what can be done? First and foremost, real estate brokers need to embrace encrypted email. Yes, I know encrypted email is not always user friendly — we have brokers who complain about it all the time. When you’re dealing with client confidential information security outweighs inconvenience.
Brokers also need to make sure their emails have two-factor authentication. Most hackers get into email by accessing the webmail of the victim. With two-factor authentication the hacker will need more than your email password. When they try to sign in a text code is sent to your phone and you need to enter the code in order to complete the sign in. Without your phone the hacker can’t access the webmail.
Another important step is education. Buyers must be told at the beginning of the relationship that the broker will NEVER send them account info by email, and that the buyer must contact the title company to verify wire instructions prior to sending any money. Most brokerages require they parties to sign a wire fraud notice at the beginning of representation. This is the perfect opportunity to educate your buyers and sellers.
When buyers drop off earnest money at our office, we hand them a physical document that includes our wire instructions along with a fraud warning telling them to always verify our info prior to wiring us any money. We also include the warning in our title commitments.
Brokers should also inform their sellers that they should never email wire instructions. If they want to receive funds by wire, sellers should bring wire instructions to the title company at the physical closing. We no longer wire seller funds unless they’ve brought us wire instructions at the closing and sign off on them. Of course, your sellers can also choose to receive the money the old fashion way — by check.
Below is a warning we include on all of our email signatures. Brokers may want to adopt a similar warning notice in their communications.
**Be aware! Online banking fraud is on the rise. If you receive an email containing WIRE TRANSFER INSTRUCTIONS call our office immediately to verify the information prior to sending funds.**