*The content of this article was provided by Ekko Title
Chances are you’ve heard of recent cyber-crimes targeting our industry. Wire fraud and theft involving real estate transactions are on the rise. It is important that everyone involved in the settlement process—REALTORS®, lenders, buyers and sellers—are aware of this threat and take steps to make sure transactions are secure.
Ekko Title has extensive security measures in place to protect our clients from fraud. However, settlement fraud is rarely the result of bank or title company servers being hacked. Cyber-criminals look for the weakest link in the communications chain, which is often the client’s own email account.
Do your clients keep the same account passwords for years on end, or use a free email service? Have they ever logged into their email account using public wifi? If so, they could be vulnerable to criminals scanning their email communications, searching for keywords that signal upcoming financial transactions. This does not require the presence of malware or viruses on a computer or smart phone and leaves virtually no evidence that any messages are compromised.
Once a criminal has targeted a transaction, a common tactic is to send an email message instructing a client to wire funds required for their settlement. The email may look exactly like other messages they have received from their lender, REALTOR®, or settlement firm. It may include links that appear to go to a known or trusted financial institution, but these are easily modified to direct them to the scammer’s own bank. There may even be a warning to alert the client to the very type of crime they are perpetrating.
We can’t do away with email, wire transfers, or other electronic transactions in use today, but we can take steps to avoid falling into the scammers traps. Here are some tips to help recognize scams and avoid becoming a victim of cyber-crime.
- Never rely on emails purporting to change wire instructions. Parties to a transaction rarely change wire instructions in the course of a transaction.
- Keep your computer, phone, or tablet operating system, email, browser, and virus protection software up to date.
- Regularly change all passwords used for your email or online banking accounts. The most secure passwords consist of a string of random characters, are at least 8 characters in length, contain a combination of upper and lower case letters, digits and symbols, and are not actual words or phrases. Never use your birthdate, mother’s maiden name, pet’s name, street address or other easily compromised information as part of your passwords. And, of course, never disclose your passwords to anyone.
- Never use the same password for more than one purpose.
- Never send your bank routing and account number, social security number, or other confidential information by email.
- Avoid clicking on links contained in an email. Type the website address directly into your browser instead.
- Avoid clicking links embedded in email message text (like this: click here).
- If you click on a link that seems to be spelled out, pay attention to the website to which you are directed. A link that appears to go to https://bankofamerica.com may actually direct you to https://2bankofamerica.com.
- Use a secure website (https:// and a security “lock” icon) when submitting financial or other sensitive information online.
- Never use public wifi for banking, shopping, logging into email accounts, or entering personal information online, even if the website is secure. When in doubt, your 3/4G or LTE connection is always safer than using public wifi.
- Call your bank before completing any transfer of funds to ensure the receiving bank’s routing number and account are owned by the business that is handling your transaction.
- Double-clicking the “lock” icon on a website will display the security certificate for the website. If the certificate isn’t displayed, or you get a warning message that the address of the website does not match the certificate, do not continue.
- Never submit confidential information via forms embedded in an email message.
- When contacting your settlement agent or bank, do not use phone numbers included in an email message. Instead, refer to your contract or other trusted document related to your transaction.
- Request that your settlement company send wiring instructions or other sensitive documents via overnight delivery, rather than by email or through a password-protected web portal.
Should your client be a victim of a scam, have them immediately contact their bank to see if the wire can be reversed. (Sometimes it can be, but you have a very small window of time—as in a few hours.) Additionally, you can contact the FBI by going to www.ic3.gov to file a complaint. You may take this step on behalf of your client.