The Threat
Closing day can be exhilarating. It often represents a dream come true — a growing business, a step toward financial independence, or the culmination of years of work.
Being part of a closing is one of the joys of working for a title company.
Though being at the closing table with everyone is satisfying, the Internet has the potential to make the process smoother than ever. Fewer people need to come to our office, and it’s simpler to get everyone on board to get the deal done quickly.
But with so many parties involved, every real estate pro should ask the question: Are all my communications secure? In recent years, wire fraud has become a significant problem. During every transaction, informed real estate professionals do all they can to mitigate this very real and ever-evolving risk.
With hackers trained through well-funded government programs in countries like North Korea and Russia, now is the time to concern ourselves with security. And unfortunately, elite hackers have become intimate with real estate transactions. Many in the industry work to keep up with this threat. However, with so many people involved, no one can guarantee safety.
Here at Leaders Title, we’ve created systems, policies, and procedures to protect you. We’ve also adopted the state-of-the-art wire transfer platform CertifID to keep our clients and their funds safe.
But we’re only one party involved in a real estate transaction. Vigilance is essential, and little mistakes can open the door to catastrophic consequences.
Here’s how wire fraud happens and what you can do to protect yourself and your clients.
How Wire Fraud Works
Wire fraud is an incredibly sophisticated operation. The bad guys, whom we call “fraudsters,” understand the mechanisms of real estate funding. They hack into vulnerable email accounts belonging to real estate professionals and watch for upcoming deals.
- At the beginning of the process, when the buyer wires earnest money to the title company
- At the closing, when the buyer wires a down payment to the title company
- At the end of the process, when the title company wires out money to various sources (like a mortgage payoff or seller’s proceeds)
Unfortunately, the vulnerable email often belongs to the real estate agent. When that agent sends wire instructions, the fraudster intercepts the email. They open the PDF, change the routing number and other information, and send the email on as if nothing had changed. When the buyer receives and follows those instructions, they are not sending their money to the title company.
They’re sending it to the fraudster’s bank account.
At this point in the process, the title company may not know the earnest money is coming. Depending on the agent and the situation, they may not even be aware of the buyer’s existence.
Banks can often help victims recover their money within 48 to 72 hours of a scam like this. Unfortunately, fraudsters know this too. Many times, they’ll perpetuate the crime on Fridays or right before a holiday. They’ll do whatever they can to make sure no one notices until that 72-hour window closes.
The worst part of wire fraud is this: Once the money is gone, it’s generally not recoverable. Perpetrated by people all over the world (and sometimes sanctioned by their government), the FBI is often powerless.
But there are ways to outsmart the hackers! Here’s what you can do to protect yourself from wire fraud schemes.
Wire Fraud Protection #1: Verify through Human Interaction
Whoever you are, and no matter how many precautions you’ve taken, remember that email safety is never guaranteed. Not only should real estate pros and their clients be wary of wire instructions, but they should also be wary of the phone numbers printed on those instructions.
First, one should look up the title company’s phone number through independent means. Search for it on the Internet or call a trusted source. Then, your client should call the title company personally and verify the wire instructions over the phone.
Finally, after the client sends the wire, they should contact the title company again to make sure the transfer went through.
It only takes a moment and, in this current environment, is worth it.
Repeat this mantra to yourself, your colleagues, and your clients as often as possible: “Inquire before you wire.”
Wire Fraud Protection #2: Use Every Available Security Precaution
First, all of us in the real estate business should enable two-factor authentication and use a password manager.
It no longer makes sense for people to use one password for everything. It’s dangerous. Once a fraudster gains access to one of your accounts, that person will have access to all of them. Also though two-factor identification may seem like a hassle, it’s a proven way to protect yourself, your colleagues, and your clients.
Second, consider moving away from @gmail, @yahoo, or similar addresses for professional business. Though often not inherently dangerous, hackers can spoof them easily. A hacker impersonating johndoe@gmail.com can create john.doe.realty@gmail.com (or something similar) with almost no friction.
It’s best to own a unique domain.
Third, continually educate yourself on the wide variety of phishing scams that target the unsuspecting. The old “Nigerian prince” email is easy to spot. However, fraudsters today are far more skilled at deceptive emails, and recent phishing schemes have caught even the most sophisticated off guard.
For example, a highly placed employee at Snapchat fell victim to a targeted attack. Convinced they were communicating with their CEO, that person emailed a hacker all of the company’s payroll information.
(For further details on current phishing tactics, here’s a great article.)
Wire Fraud Protection #3: Your Office and the “Human Element”
We tend to think the most valuable items we own are actually “things.” We lock our doors and alarm our buildings, but what about our information? Furniture and TVs are so much less valuable than our identity — and that of our clients.
Smart thieves no longer use crowbars and getaway cars. They look for opportunities to access personal data. It’s crucial to shore up our policies, procedures, and education surrounding our most valuable assets.
First, if it’s private, be careful about putting it on paper. Someone can lose it. Left on a desk, a criminal can photograph it. It’s best to keep sensitive documents and other information on a secure device.
If you think you or your colleagues are too careful to make such a mistake, remember this: A Department of Homeland Security employee left Super Bowl anti-terror plans on an airplane. If they’re prone to that kind of error, all of us are vulnerable.
Second, corporate entities must take cybersecurity seriously. Hackers can gain access to your company through unsecured routers; smart devices and appliances (known as the Internet of Things); and BYOD (Bring Your Own Device) business practices. Every brokerage should have professionally developed processes and procedures designed for safety.
Third, every member of a brokerage needs consistent cybersecurity training. We’re all forgetful and prone to grow lax in our habits. Additionally, today’s phishing schemes will evolve into something harder to detect tomorrow.
Make sure your team stays up to date.
Wire Fraud Protection #4: Use a Title Company Committed to Cyber Security
Here at Leaders Title, we do everything in our power to provide a secure transaction every time. We consistently update our processes and procedures to stay ahead of the curve. And, as mentioned before, we’ve incorporated CerifID for wire transfers, which:
- Is easy to use
- Will analyze each device employed in a transaction for security issues
- Requires two-factor identification
- Guarantees its security
We would love to be your choice for your next real estate transaction. We also want to partner with you as you update your practices and stay ahead of threats.