Cyber fraud: How to protect your clients and yourself
On December 6, 2016
By Peg Ritenour, OAR Vice President of Legal Services/Administration
If you think cyber fraud is going away you are seriously mistaken. Instead, instances where funds from real estate transactions are being diverted to dummy accounts set up by crooks continue to rise. And if you think it can’t happen to you, you are dead wrong. In every OAR program where this issue has been discussed, REALTORS across Ohio have recounted instances where such cyber fraud has occurred in a real estate transaction in their community.
So how does this happen? It begins with a breach of an email account, giving the hacker access to vital information regarding the transaction. After figuring out the closing dates, the hacker sends an email, posing as either the real estate professional, the title company representative or one of the parties with last minute changes in wiring instructions that result in funds being diverted to the hacker’s account. The hacker may pose as the title company or REALTOR, emailing the purchaser that the account to which the purchaser should wire the funds has changed. Or the hacker will pose as the seller in an email to the title company changing the account to which the seller’s proceeds are to be wired.
These phony emails mimic the wording and style used by the REALTORS, lender, title company, and clients, making them look legitimate to those involved. Of course once the funds have been diverted to the hacker’s account they are quickly withdrawn and the account is closed, with recovery of the funds unlikely. How are hackers able to do this? In many cases it is because of lax security steps taken to protect email accounts. While it may be difficult to ever fully protect yourself from cyber fraud, there are steps you can take to minimize the risk of your emails and transaction information being compromised.
The most important thing you can do is to educate your clients about the dangers of this type of fraud and instruct them to always call an independently verified phone number prior to wiring any funds. To document this instruction, it is recommended that buyers and sellers sign a form acknowledge this disclosure. Click here to access a sample disclosure form NAR created that can be given to clients warning of this danger. A tag to your email on this issue can also be included.
In addition, here are some other risk reduction practices recommended by the National Association of REALTORS:
- Use email encryption;
- Make sure your security software is up to date;
- Use strong email passwords and change them routinely;
- Clean out your email frequently and store any ones you need to maintain on your hard drive;
- Avoid sending wire instructions and any sensitive financial information via email;
- Don’t trust contact information on emails unless you can verify it’s legitimate;
If you believe you or your clients are the victim of cyber fraud it is important to take immediate steps. First, if the wire has already gone out, try to stop it by contacting the lender immediately. Secondly, if you are an agent, involve your broker or manager right away. All parties should be notified as soon as possible, as well as the FBI Internet Complaint Center and your local law enforcement. Finally, change all of your passwords and user names right away.
While you may not be able to completely insulate yourself from cyber fraud, but it is crucial that you take the necessary steps to minimize the risk of it occurring. It is highly recommended that brokers contact their E&O insurance carrier to make sure you have coverage for loss of data and funds resulting from cyber fraud.
Legal articles provided in the OAR Daily Buzz are intended to provide broad, general information about the law and is not intended to be legal advice. Before applying this information to a specific legal problem, readers are urged to seek advice from an attorney.