Real Estate Industry News

Diamond-shaped crossing sign with yellow background and black border with a short phrase saying “Fraud Ahead” in the middle. photo credit: Getty

Getty

With the FBI reporting nearly $150 million in real estate fraud losses last year, it seems Americans—and the industry pros who serve them—need to step up their game in the cybersecurity department.

According to experts, most of these losses occur due to a hacked email account or too-much publicly available data, allowing a fraudster to step in at one of the most stressful—not to mention expensive—times in a person’s life.

As Viral Shah, co-founder and head of financial products for Better.com, explains, “The attacker will learn about an upcoming home transaction’s details, typically by gaining access to a real estate agent, title agent or attorney’s email. They will then use that information to communicate with the prospective homebuyer via a nearly identical email address.”

They then insert themselves into the conversation, usually providing fraudulent wiring instructions in an attempt to steal a down payment, closing costs or both.

Charlie Hunt, executive vice president and chief operating officer of Hunt Real Estate ERA, said a buyer at his agency fell victim to a similar scam last year.

“This fraudster read into the details of all previous correspondence so diligently that no one detected it was not, in fact, the real agents sending the emails,” Hunt said. “This eventually led to the client mistakenly wiring money to the false agent five weeks in advance of the closing date. This was particularly troubling because, when the closing date finally came and the mistake had been realized, the 30-day window allotted by the client’s bank to identify fraudulent charges/transfers had passed.”

This instance is just one of the thousands in a growing crowd of swindled homebuyers. According to the FBI’s 2018 Internet Crime Report, more than 11,000 Americans fell victim to these scams just last year alone.

Preventing the Scam

According to Tom Cronkright, the CEO of the identity verification solution CertfID and the victim of wire fraud himself, there are some red flags buyers can look out for to prevent potential losses.

“One of the tells is they ask you when you’re going to send the wire,” Cronkright said. “They want to move the money as fast as possible to avoid detection.”

Recent legal cases point to a growing need for education on the topic—particularly on the part of agents and other vendors in the homebuying process. In Bain v. Platinum Realty, a jury found two real estate agents at fault when a buyer lost $196,000 in a wire fraud scam. The reason? They didn’t warn the buyer of the fraud risk up front.

“Communication and education are first,” Cronkright said. “We have to have honest conversations early in the transaction.”

Cronkright’s newest book, “Wire Fraud in Real Estate: The Complete Guide,” delves into some of the ways these emails and transactions are hacked, but the bulk of the risk comes from weak cybersecurity and information hygiene by someone legitimately involved in the transaction.

“We’re not using two-factor authentication. We’re not using secure passwords,” he said. “If these were done on a broader scale with real estate agents, lenders, buyers and sellers, a lot could be alleviated.

In addition to better passwords and stronger account security, experts also recommend you:

Be wary of urgent or rush requests.

“As a general rule throughout the process, remember that no one should be pressuring you to make a rushed decision, and no one should have any issue with verifying information or explaining why things have changed, especially if it pertains to sending huge amounts of your hard-earned money to a third party.” — Shah

Make sure you’re sending documents safely.

“Real estate agents, at times, freely send around contracts as PDF attachments. These are documents containing incredibly personal and sensitive information—everything from the price, deposit terms, loan amounts, closing dates, etc. Instead of sharing these documents via email, which is proven to be less secure, it’s advisable to share them through a transaction management system such as Instanet or Dotloop.” — Hunt

Voice-verify wiring instructions.

“Before sending a wire transfer, call the recipient to verify account information.  If you have any doubt, call the sender of an email to verify that they sent it to you, especially if it requests that you do something unusual or that you forward sensitive information.” — Adam Swanson, real estate attorney

Watch for changes.

Beware of any new or changed information. You can’t trust wiring information that comes over email. You cannot trust changed wiring information. The probability of that changing is so low. It’s just not going to happen—not in a 30-day window.” — Cronkright

Double-check email addresses.

“When communicating with anyone involved in the transaction, make sure that the email address is the same email that you’ve been corresponding with since the beginning of the transaction. Throughout the transaction, be on the lookout for inconsistencies such as changes in email addresses, the name attached to the email address and the phone number listed in the email signature. Whenever you’re unsure about something, call the person by finding a public phone number via a web search or a phone number you’ve used before, especially since the email may not actually be coming from your agent or representative.” — Shah

Steps After You’ve Been Victimized

If you do find yourself a victim of real estate wire fraud, time is of the essence if you want to recover your losses.

Shah instructs victims to “Contact your bank immediately of the fraud, alert your local law enforcement as well as the FBI, and everyone that you’ve been in contact with for the transaction itself. Timing is critical here, since the sooner you alert the bank and law enforcement, the greater the chances of success of recovering your money. “

For a full breakdown of what to do when wire fraud occurs, see Cronkright’s “When Minutes Matter” recovery guide and report the incident to the FBI’s Internet Crime Complaint Center immediately.