Real Estate Cyberscams Continue: Average amount Stolen $130k

A study shows that Los Angeles area homebuyers are losing five million dollars a month to cybercriminals. In a scheme which started in 2013, and which shows no signs of slowing down, buyers are tricked into sending their down payments into the pockets of cyberthieves.

The thieves, after hacking into the email accounts of real estate agents, escrow offices, or title companies, are posing as legitimate parties and giving clients last minute money-wiring instructions, diverting the money into another account. By the time the crime is detected, sometimes just hours later, the money can be gone for good. The average loss to a homeowner is about $130,000.

The modern-day real estate transaction, with so many parties involved and so much money at stake, is a growing target. Many times, there is a rush by homebuyers, realtors, brokers, mortgage lenders, and escrow companies to close on a home sales contract quickly and efficiently. In many instances, the homebuyer has never met all the players involved. Instead, all the parties exchange information via text message or email, rather than by telephone or in face-to-face discussions.

This creates a great opportunity for a hacker to monitor the emails and text messages flowing between the buyer and the various players, and at the appropriate moment, usually hours before closing is to occur, insert themselves in the conversation, posing as the realtor or escrow company. It is then a simple matter to direct an unsuspecting homebuyer to wire-transfer the money to a different account. The homeowner, unaware of the switch, sends the money and, in most cases, never sees it again. Josie Huang “Cyberscams are bleeding millions from LA homebuyers” www.scpr.org (Jul. 07, 2017).

Shannyn, a financial blogger, was the victim of this type of fraud. She received legitimate closing information six business hours before her scheduled closing time. Minutes later, she received a follow-up email, purporting to be from the same title company, changing the account information. Suspicious, she called her real estate agents who were working the sale. One did not return her phone call, and the other dismissed her suspicions, suggesting such last minute changes were not unusual. Shannyn followed the bogus email instruction and sent her $50,000 down payment to the new account. Fortunately, after realizing she had been victimized, she was able to recover most of her losses after a few months of frantic phone calls, social media discussions, and with the FBI exerting pressure on the banks holding the money. This was a rare case in which the homeowner got the funds back.

In her matter, Shannyn called her real estate agent, who dismissed the change as routine. Based in part on that endorsement, Shannyn sent her money. It was later determined the real estate agents were aware of similar schemes, but neither one took the time to investigate the change or verify the authenticity of the email. In this case, it was the title company’s email account that had been compromised, but it could have just as easily been the email account of the real estate company.

Protecting your clients and yourself starts with cybersecurity basic that are too often ignored. Use strong passwords, regularly update computer systems, and install anti-virus software. If you supply the wire-transfer information to your client, do it in writing on paper and in person. Do not send the information via email or text. If your buyer is out of town and you must do this electronically, use a secure company portal such as DocuSign or SignNow.

Warn your client to be aware of last minute changes in financial accounts, amounts, or closing instructions. If your client calls you regarding last minute changes, take the time to investigate and confirm any changes and report your findings to your client.

When you investigate, use the phone, and do not confirm changes with a title company via email. If you use the phone to verify the information, look up the number yourself. Do not use the number listed on the email because that could be fake.

Hanover Insurance Group

Equifax Announces Cybersecurity Breach

Another huge breach.. this one the bad guys good a lot of valuable information, here is the summary:

  • Equifax reported a cybersecurity incident potentially impacting 143 million U.S. consumers. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
  • The unauthorized access was discovered July 29 and Equifax notified us of the incident on September 7, 2017
  • The company said the information accessed includes names, birth dates, Social Security numbers, addresses and some driver’s license numbers
  • In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Yet another good reason to secure a Cyber Liability policy as well as improve your agents’ cyber awareness.