In the age of technology, it’s becoming increasingly difficult to keep confidential information secure when the Internet is involved. Look at the recent data breaches at Facebook (with at least 87 million users affected,) Equifax (143 million) and Under Armour’s MyFitnessPal app (150 million) and you’ll see the alarming trend of people entrusting their personal information to corporations, which failed to protect them. In decades past, real estate transactions were executed with pen and paper and the agents merely had to keep those files in a physically secure location. Now, with the advent of email, texting and web-based services, their clients’ information is vulnerable and can be obtained by hackers if not properly secured. Similarly, agent’s identities can be stolen or their websites can be hijacked without secure firewalls, strong passwords and malware scanning programs in place.
A recent spike in money-wiring scams was reported by the Washington Post, based on FBI data, with “$969 million diverted or attempted to be diverted” from legitimate real estate transactions to “criminally controlled accounts” in 2017. The cybercriminal will often infiltrate one party’s email account and after collecting details about the transaction, pose as the title company and send instructions to wire-transfer funds directly to the thief’s account, which can be nearly impossible to recover. The FBI’s Internet Crime Complaint Center calls these scams business email compromises, which used to mainly target title companies, but are increasingly involving other parties such as agents, sellers, buyers and attorneys. A 2016 report from the FBI showed wire-fraud cases reported by title companies jumping by a staggering 480%.*
Cybercriminals have also found ways to use malware, which is software that infects computers, networks and mobile devices and allows them to damage or to remotely control the activities of that device. Most often, a user clicks on a link or opens an attachment, which allows the virus to spread. According to a 2017 Data Breach Investigations Report from Verizon, 80% of hackers were able to breach accounts due to stolen or weak passwords. If an agent’s email account has been hacked due to weak passwords or unsecure networks, an email from a hacker will seem completely legitimate to a client or to another agent. Trusting the source of the request, he or she may give up sensitive information. Other types of malware that are growing in popularity are ransomware attacks, where the data is encrypted until you pay the criminals a fee to “unlock” it, spyware and website hacks that can inundate your visitors with unsavory content or infect their systems with viruses. Larger brokers typically have protection systems in place for their agents, but smaller businesses and independent agents don’t always have the same level of security and are frequently targeted for that reason.
Phishing scams have long been a problem with tax return fraud and are increasingly getting worse due to recent breaches in data stored at tax preparer’s office locations. Copies of W2s are sold on the black market for a nominal fee and fraudulent returns are filed on behalf of real taxpayers, which are rejected by the IRS as duplicates. The process of contacting the IRS, FTC and credit bureaus to resolve the fraud can take roughly 4 months. To fix your credit and tax return is a hassle that no one would welcome, but to re-establish your reputation with clients and other agents can take years to correct and cost you exponential business dollars in lost clients.
An agent’s best defense is to communicate up front to his or her client that they will only receive emails from a secure company account and to verify anything that seems out of the ordinary with a simple phone call to the agent. “Email is comparable to a postcard, which has no envelope and can be read by anyone who handles it,” says Andy Yen of Protonmail, a provider that offers end-to-end encryption. Communicating to clients to only give bank accounts, social security numbers and other important information to a representative trusted by the agent such as a conveyencer, or transaction coordinator, is very important. Other good practices to follow are to install firewalls, use 2-step authentication programs, download updates and security patches and keep data stored in a backup system in case of a breach. There is also a site created by Microsoft developer Troy Hunt called https://haveibeenpwned.com/, which aggregates data from publicly disclosed breaches into a database that you can use to see if you’ve been “pwned,” or hacked.
Educating clients about the risks of online business practices is always best. Information is currency and there are plenty of cybercriminals who are ready to take advantage of any vulnerabilities, whether the target is a multi-billion-dollar corporation or a single party in a real estate transaction.*NAR Realtor Magazine (Mar 2018) http://realtormag.realtor.org/technology/feature/article/2018/03/risky-business