This document is a good guide for real estate agencies who are looking for cyber security best practices to help keep their agency and agents protected from the omnipresent threat from cyber criminals.
Below is an example of an anti-fraud disclosure that some of our real estate clients are asking their clients to sign.
IMPORTANT ALERT AND ANTI-FRAUD DISCLOSURE STATEMENT
PROTECT YOURSELF FROM CYBER FRAUD
This alert is to inform and caution you about a nationwide threat involving a real estate transaction cyber crime intended to divert funds due from you for your closing to the bank account of illegal scammers. These emails are convincing and sophisticated.
Here is how it works: Scammers hack into the email of someone involved in the transaction(real estate agent, lender title agent, buyer or seller) and use that access to discover details of thepending transaction, including the closing date.
As the closing date approaches the scammers use a fraudulent email account (or other form of electronic communication) which appears legitimate and is frequently from the Realtor®, title agent or settlement agent and directs the buyer to wire closing funds to a shell account The funds are misdirected to the scammers and are gone! These emails look legitimate and appear to be from the proper party.
Please be advised that our sales professionals (Realtors®) at ___________ will not email you a request to wire money for your closing (or for any other reason whatsoever). That request will be directed to you by your title and settlement provider in conjunction with letting you know your final cash to dose amounts. If you receive such a request from what may appear to be your Realtor®, do not comply! Also, if you receive wire instructions via email, ALWAYSphone verify with the appropriate recipient that the information is legitimate and that theABA, routing numbers, account numbe.rs and/or SWIFT codes are correct!
It is always a best practice if you have any concerns, to stop and call via telephone to verify before you send out any wired funds. Also do not send confidential information such as your SSN, credit card information, DOB, bank accounts etc. via email. This should be done in person or via telephone.
By signing below, you acknowledge your understanding of the cyber fraud activities described herein.
Cyber Liability policies designed to provide 1st party coverage as well as 3rd party protection have numerous definitions which can make it complicated to figure out what is addressed by the policy and what is not. One specific area of concern for our real estate agency clients is whether their agent’s hardware e.g. phones and laptops and their software e.g. CRMs and email accounts, etc. are included in the definition of a “Computer System” and hence addressed under the policy once a breach occurs.
PBI Group’s newly created Arch Cyber Liability policy includes a broader definition of “Computer System”. This definition now explicitly defines employee or independent contractor software used for the benefit of the Insured Entity to be included in the “Computer System” definition. This affirmative coverage position is an innovative feature for our policy because real estate agents often use their own phones/ laptops as well as a free email address from Gmail or Yahoo, etc to conduct their business. All that said, PBI Group recommends using a private domain email provider (e.g. firstname.lastname@example.org ) instead of free email services because it is harder for bad actors to create a similar looking email address and start emailing as one of your agents.
Definition from the Arch Cyber policy:
“Computer System” means any computer hardware, electronic mobile device, software or firmware, and components thereof including data stored thereon, that is owned or leased by an Insured Entity, and is under the direct operational control of an Insured Entity or any mobile device or software owned and under the direct operational control of an employee or natural person independent contractor of an Insured Entity if such mobile device or software is used for the benefit of an Insured Entity. “Computer System” also includes cloud computing and other hosted resources operated by a third party for the purpose of providing hosted computer resources to a Named Insured as provided in a written contract between the Named Insured and such third party.”
Interested in PBI Group generating a Cyber Liability or E&O insurance quote for your real estate agency? Click here.
* Every coverage situation is different, and the final outcome depends on the unique facts, law and insurance policy involved. The E&O policy contains reductions, limitations, exclusions and termination provisions that impact coverage for a specific event. Full details of the coverage are contained in the policy.