Cyber Crimes are a Real (Estate) Problem: Protect your Clients and Escrow Accounts from Fraud

May 5, 2023

- By The MAR Legal Team

As a real estate practitioner or brokerage owner, you must know what your weak points are.

Business email compromise (BEC) is one of the biggest threats to small businesses and the real estate market offers a flashy target for scammers.

The lease and sale of properties come with the transfer of large funds and endless correspondence. Couple that reality with the fact that most real estate firms are small businesses and are not large companies that would be backed up by an IT department, those Gmail and AOL accounts are prime targets.

Scammers victimize and insert themselves to act as legitimate actors in the transaction. They either hack accounts or create spoof accounts with the intent of infiltrating the process and rerouting funds.

As a Practitioner:

Keep careful watch on your emails. Do not fall victim to emails that are meant to: 1. Scare you; 2. Reward you; 3. Pique your curiosity. Simply delete them. You owe it to your clients to not be click happy.

Scammers can target you by hacking your email or by creating an email “spoof” whereby they change some small detail of your email address to appear to be communicating as you. In either case, you are likely unaware as they are sophisticated and act quickly and discretely.

Be smart about your passwords and what you share on the internet. Scammers are using sophisticated scraping tools to easily pull and organize the data to guess your passwords and access your accounts. Facebook does not need to know your full D.O.B. for example. Do not use personal information in your passwords. For example, you should never have a password that contains information such as your name, maiden name, dog or other pet’s name, parents’ names, kids’ names, address, bank, D.O.B., schools you have attended, or your graduation year.

It is suggested that you use phrases for passwords and change your password often. These are much harder to guess. Think “ILove$tarbucksCoffeefrom3SmithStreet” for example.

Talk to your client. When talking to your client, make them aware of the prevalence of fraud. In addition to an email warning, verbally advise your client that you will never email them with instructions to reroute wire funds (neither will anyone else in the transaction) and to call you if they ever get an email or odd call concerning this.

As a Business Owner:

Over 43% of cyber-attacks are directed to small business owners. You are not too small to be hacked, you are just too small to make it into the news. Those in the real estate profession are constantly moving large sums of money and will always be a target. Having spyware protection is just not enough anymore.

In order to protect your business, you need to increase your defense against ever growing and changing fraud schemes and malware. You need to both protect your business with IT solutions and connect with the proper insurance carriers.

Protections for your business:

Multi-factor authentication

Phishing training

Endpoint Protection/EDR

Ransomware – safe verified backups

Cyber security awareness training

Vulnerability scanning

Cyber insurance

In addition to these protections, if you believe that funds have been fraudulently wired, you must act quickly. Immediately contact the bank and ask them to recall the wire. At the same time, fill out an IC3.gov complaint with the FBI. Do note that a wire hold is usually only for 24 hours, most funds that go out fraudulently do not get recovered. Once those funds go overseas, they are gone.