The Biggest Payout for Cybercriminals
There’s nothing more frightening than finding out you’ve been a victim of fraud. Any type of cybercrime is horrific, and it will devastate your whole world as you know it. But most people don’t really acquaint themselves to the epidemic that is cybercrime. It’s always “someone they know” or “a story they heard on the news.” Even if it did hit close to home, the common excuse for not upping their cybersecurity protocol is that “they have nothing criminals would want.” Welp, newsflash.
There’s always something that a cybercriminal would want.
It’s one thing if you’re doing some holiday shopping online, or you click on a link and get your passwords stolen because you haven’t listened to anything I’ve said; but what if you got your life savings stolen? I mean, what’s the biggest purchase one would save many years for?
That’s right…your home.
In my many decades with the FBI, cases of real estate fraud have plagued many families, not to mention my anxiety. If you’ve followed my blogs or speaking engagements, you’ll know I’m not the best at sugar coating things.
So to maintain my integrity, I’ll bluntly declare that real estate cybercrime is out of control, and it is the next sector of cybersecurity that really needs to be watched.
In a recent alert by the Consumer Fraud Protection Bureau, the real estate sector has seen a 1100% increase from 2015 to 2017 with losses exceeding $1 billion. From my personal experience, I know that a majority of these incidents are not reported, due to embarrassment or fear of reputational risk. On top of that, the last thing someone thinks about after having all of their money stolen is making sure they report it to help out national statistics.
It goes without saying that many of the losses are impacting homebuyers and sellers.
It’s called a sophisticated phishing attack, also known as the business email compromise.
I simply describe it as bad business process, and an overall lack of understanding of the threats that loom via cyberspace.
Here’s how it works. Cybercriminals intercept the email, as they figure out the details of the transaction. Then they send some last minute emails with instructions on where to wire the money. It all seems real, so they just get you to send the proceeds to them; not to the bank, person, or wherever it was initially slated to go. Pretty smart, huh?
Buying a home is one of the largest purchases anyone will ever make.
The last time I went through that ordeal was about a decade ago, but the way I remember it was through meetings, calls and emails with my agent and broker. I can recall she sent me an email with my closing/settlement instructions and directions on where to wire my down payment. I’m almost 100% sure I followed her instructions and wired the money to the sellers account without even questioning it. I mean, why would I question this transaction?
When I was an FBI Agent I was involved with an incident involving a young man who was a first-time home buyer. He got that same email from his broker; an email directing him to wire transfer the down payment. He followed the instructions in the email and sent the 50k to what he believed was the seller’s escrow account. He had no reason to question the email because he had numerous conversations in emails with the broker. What he soon found out was the email did not come from the broker; it was spoofed by a cybercriminal to look like it was from the broker. The broker, title and mortgage company all claimed they did not send the email to the buyer. The liability ultimately then fell on this young man. What a bad day for him, and all those involved.
So how did the cybercriminals get in the middle of transaction and trick the young man? Well, none of the parties were using two-factor authentication. Therefore, the criminal could access all of the emails between the buyer, broker, title or mortgage company.
Even if any mortgage company keeps their accounts/systems safe and secure, the bad guys will continue to go after the weakest link in the chain.
Enter the buyer and the seller.
So often at real estate conferences I put the attendees on the spot and ask them, “What are you doing to keep your clients safe from cybercrime?” They mistakenly tell me about all the things they are doing to keep these criminals out of their systems and I remind them that’s not my question.
All correspondence within the real estate industry needs to be secure.
All email systems must use two-factor authentication. This will prevent the bad guys from reading any emails and gaining information about the transaction; which they ultimately will use to divert the wire transfer and get paid a big chunk of change.
The only way for this to work is by having every person and every company use this protocol. Since the chances of that happening is slim; there must be strict policies in place and adhered too. Under no circumstances can there be changes to bank account or routing information through all forms of communication. If there is- you need to question it’s source and validity. Is this pain? Yes. Will this slow down the business process? Yes. Is there a better way? If you find one, let me know.
The Consumer Financial Protection Bureau has an excellent checklist to prevent yourself against this kind of cybercrime. It’s a must read.
I’ve seen so many lives destroyed by scams such as these, and if you follow my advice you will dramatically reduce your chances of becoming the next cybercrime victim.
I dedicated an entire chapter in my book, The Secret to Cybersecurity, on Real Estate Rip-Offs. I could have put together an entire book based on the countless victimizations, and details on how they all could have been prevented.
Don’t worry; you can buy your house and live happily after ever. Just reread this before you do!