Your client saved up tens of thousands of dollars to buy a home. They found the right one after weeks of hunting. Their offer was accepted. They made it through the inspection process. Now, it’s finally time to close.
Then a cybercriminal posing as an attorney or a real estate professional fools your client into wiring the down payment to him or her instead of the seller.
Poof! The money is gone, the buyer has lost the house, you’ve lost your commission, and adding insult to injury, confidential personal information has been compromised too — all due to a successful phishing scam.
This hideous scenario has become all too real, and it could turn the American dream of homeownership into a nightmare for unsuspecting consumers and a huge business headache for brokers and agents. Awareness is all the more important now that the spring housing market is heating up.
Real estate scams are increasing
Down payment theft is an increasingly popular tactic that falls under “business email compromise,” which according to the FBI, was responsible for 40,203 incidents in 2013 and 2016 and $5 billion-plus in losses. Real estate-related scams increased in the number of complaints filed by title companies by 480 percent in 2016.
Down payment scams take advantage of people’s trusting nature and inclination to follow what seems like a legitimate process. Homebuyers and agents could be especially vulnerable after navigating a tight housing market that has left them looking forward to a fast closing.
In a typical attack, hackers compromise the email account of a person or professional involved in an upcoming transaction. They wait for just before the buyer is set to wire funds, and then pounce.
They impersonate the real estate pro, title company or attorney in an email, say there has been a late change to the wiring instructions, for example, the mortgage company switched banks and buyers should wire the closing costs to a different account, which actually belongs to the hackers.
Not only is the prospective homeowner’s money probably gone forever, but personal data such as Social Security numbers, addresses and bank information likely has been compromised as well.
In another threat, attackers are becoming increasingly sneaky in impersonating web services such as DocuSign, Microsoft Outlook and Google Drives that are often used in real estate transactions. Again, they’re taking advantage of human nature — when someone receives an email from what seems to be one of these trusted services, one’s first instinct is usually to just follow the directions.
Unfortunately, criminals are using these brands to entice victims into logging into bogus websites and freely enter their information, which gives complete access to their email accounts.
What consumers can do to protect themselves
Now more than ever, homebuyers and real estate agents must protect themselves from the horrible down payment scam. Real estate agents can proactively take steps to warn buyers about the nefarious characters out there.
Here is a six-part checklist to give your clients:
- Carefully examine any email request for transfers of funds. Does anything seem out of the ordinary? Follow your gut.
- Beware of a sudden change, such as a request to wire money to a different, unfamiliar party.
- If you have doubts whether an email sender is genuine, don’t use the “reply” function. Instead, use “forward” and type in the email address you know to be valid.
- Immediately delete email from a sender who seems suspicious. Do not click on links or open attachments, as they often contain malware that will hand over access to your computer.
- Be careful what you post to social media. Announcing on Facebook that you’re about to close on a new house might not be a good idea.
- Last but not least, do not rely on email to confirm requests for transfers of funds. Pick up the phone, and make a call.
Sadly, as online fraudsters become more sophisticated, real estate agents and their clients must become smarter about their tricks.
Asaf Cidon is the vice president of email security at Barracuda Networks in California. Follow him on Twitter, or connect with him on LinkedIn.