7 Critical Steps to Safeguard your Business and Help Avoid Potentially Devastating Financial Loss From Occurring to Clients
About two years ago, a respected industry attorney and cybercrime expert released a video, giving real estate professionals the one "100% surefire way" to protect your computer against cybercrime:
- Close all programs.
- Power off and unplug said computer.
- Carry said computer to your backyard, dig a hole and pitch computer into the hole.
- Follow by pouring gasoline on the computer and setting it on fire.
"This," the lawyer quipped, "is how you secure your computer 100% from cybercrime."
Of course there is no 100% surefire way to eliminate the risk of cybercrime.
In fact, 2020 was a record year for cybercrime with nearly $4.2 billion in reported losses, up from 2019's $3.5 billion, according to the FBI's 2020 Internet Crime Report.
The pandemic has certainly played into the hands of the cybercriminals with more people working from home and systems going remote. One-third of all cybercrime over the last five years occurred in 2020, including $213 million in real estate-related crime losses.
Real estate fraud is particularly pervasive for a number of reasons: Cybercriminals love targeting small- to mid-sized companies, such as brokerages. Real estate agents handle large sums of money; work off multiple devices; deal with sensitive financial data; and interact with multiple players during the transaction, including buyers, sellers, agents, escrow agents, lawyers, mortgage brokers and banks — all of which makes them the perfect target.
The nature of our industry's remote work makes agents and transaction coordinators particularly vulnerable.
Moreover, the average real estate customer doesn't experience a real estate transaction frequently and, therefore, can be more susceptible to fraud.
So what can real estate professionals do to protect themselves and their customers? They can help to prevent cybercrime before it occurs and results in devastating consequences. Here's how.
In 2020, NAR data revealed that 13,638 people fell prey to real estate wire fraud, representing a 17% increase over 2019.
Even more alarming, title insurance professionals reported cybercriminals attempted to trick employees into wiring funds to a fraudulent account in one-third of all real estate and mortgage transactions, according to ALTA's 2021 Wire Fraud and Cyber Crime Survey. Fortunately, the thieves were only successful in a little over 8% of these attempts, thanks to proper training and education.
Typically, a cybercriminal targeting a real estate transaction will assume the identity of the title, real estate agent or closing attorney. Just before the deal closes, they will forge an email, which is then sent to the unwitting buyer with new wire instructions. Before anyone has detected what happened, the cybercriminal diverts the buyer's funds into their bank account.
These emails can look quite convincing and indeed appear identical to those sent from one of the trusted players in the transaction. However, real estate agents can take action to help prevent this type of wire fraud from occurring:
STEP 1 - Send Earnest Money Digitally
Emailing sensitive data like banking accounts and social security numbers can leave clients vulnerable to identity theft and loss of large sums of money. However, there's an easier, more convenient alternative to mailing checks and wire transfers, both of which can result in fraud.
Earnnest provides another option to buyers who opt to pay their deposit directly to the escrow holder via a digital transfer using dotloop's safe, secure Earnnest integration. Unlike the manual means of depositing a paper check or a wire transfer, Earnnest processes the funds using a bank-level encrypted transfer, the same high-level security implemented by banks.
Here are the three key steps to how an Earnnest digital transfer works:
The real estate agent selects their escrow holder with Earnnest. If the escrow holder is not in Earnnest's network, the agent can invite them to enroll.
When it's time for the buyer to pay their earnest money, the agent sends the client a request for earnest money via dotloop, which auto-completes the buyer information to kick off the process.
The buyer receives the request, pays the earnest deposit through Earnnest digitally, and the agent and buyer receive a payment receipt email when it's complete.
Unlike wire transfers, digital transfers through Earnnest allow agents and buyers to request and pay earnest deposits from anywhere while protecting their sensitive information. The system automates receipts, provides payment tracking and verifies funds, ensuring a swift delivery and speedy transaction process.
Earnnest takes several steps to ensure the security of all parties. First, the portal fully verifies the identification of the buyer and verifies funds. Also, Earnnest never stores banking information, so the buyer's sensitive data is never visible to anyone other than the bank and the escrow office where it's sent.
The entire process occurs within a matter of seconds, and it's free to real estate agents, costing the buyer only $15.
STEP 2 - Confirm by Phone
Most agents know this, but it bears repeating: Always advise clients to confirm wire instructions by phone using the contact information shared verbally, not via email. Hackers can spoof signature blocks in emails so convincingly, there have been some cases in which clients have called fictitious numbers to verify the wiring instructions only to unwittingly surrender their sensitive bank data to the hackers on the other line.
The best approach is to give the client the phone number of the escrow or title officer at the beginning of the transaction and verbally communicate any changes to the points of contact before any funds are transferred.
Agents should warn all parties involved in a transaction to remain suspicious and vigilant regarding any information exchanged via email, and clearly post these warnings in listing agreements and other visible means of communication.
STEP 3 - Use Secure Wi-Fi
Always use a secure Wi-Fi connection — not a public, unsecured Wi-Fi connection that hackers can easily breach. While it can be tempting to do business over a cup of coffee at the local coffee shop, Wi-Fi connections in public places are favorite targets of hackers.
STEP 4 - Don't Overshare on Social Media
Cybercriminals are notorious for gleaning key information from agents' social media accounts that they, in turn, use to forge a convincing email or identify their next potential victim.
As Chris DeRosa, NAR's member information and eCommerce product lead, points out, "Realtors® are very public people and social media makes it easy for hackers to learn about you. With the right logos and branding, information on listings and clients, photos and domain names that are very close [to your real one], someone could easily convince the target user that the communication and request is legitimate."
Be conscious of what you post on your social media channels and ask yourself, "Is this information a hacker could use to forge an email in my name?"
STEP 5 - Practice Safe Email Habits
Agents and clients can further protect their emails by enabling two factor authentication and, if using Gmail, clicking on the Details link at the bottom of the page in the inbox to show any recent activity, such as from a foreign country. If your email provider offers alerts of any unusual activity, make sure to set these notifications to "on."
As a general rule, always think before clicking on a link. Agents should particularly pay attention to referral emails, which might look like they're from a colleague or a client in another state.
Avoid sending personal information in emails or texts, such as social security numbers and bank account numbers, and regularly purge unwanted email.
Most importantly, avoid and caution clients to avoid clicking on any embedded links and attachments within emails if not from a verbally confirmed, valid source. Hackers often use an infected link or attachment to install malware that can devastate personal finances or wipe out a business's entire operation.
STEP 6 - Update Computer Security Often
It's important to ensure your computer is protected with the latest security updates. On Macs, updates can be installed using the Mac App Store or by choosing System Preferences and then Software Update from the Apple menu. On Windows 10, updates can be found in Settings. Select Update & Security and then Check for Updates.
You'll also want to install and frequently update virus protection as well as make sure your system firewall is enabled.
STEP 7 - Practice Good Password Hygiene
Keeping up with passwords can be a royal pain with the number of apps and devices the average user interacts with daily. However, it's critical that real estate professionals make sure they're not using passwords that can be easily hacked. Avoid using obvious password phrases and the same password for all your systems. Some experts recommend using long phrases of 20 characters or more. Also, consider using an encrypted password vault that stores and encrypts your passwords.
If You Suspect Fraud, Take the Following Steps:
- Notify the FBI at https://www.ic3.gov/. There's a critical 72 hour window after a breach, in which victims need to notify the authorities to optimize their chances of recovering diverted funds.
- Notify all parties involved in the transaction to stop any further spread of fraudulent activity.
- Change all usernames and passwords.
- Review your insurance policy and contact your insurance company immediately.
Blog post sourced from dotloop.