Cyberfraud is a major issue in any industry, but especially in real estate where property transactions can net a hacker hundreds of thousands of dollars in a single wire diversion. Attorneys who practice real estate law and their clients have become prime targets for hackers. According to published FBI data, $969 million was diverted or attempted to be diverted to “criminally controlled” accounts in real estate transactions in fiscal year 2017. Compare that with 2016, when comparable real estate wire transfer frauds amounted to just $19 million.
In the fight against real estate cyberfraud, it’s important to know how you are most susceptible and the steps you can take to limit risk — for both you and your clients.
Tales from the Cyberfraud Front
The following has happened too many times in the real estate industry: A buyer receives an email with wiring instructions that appear to come from a legitimate source, often an attorney. Upon close inspection, the buyer would see that a single character has been modified in the sender’s address. But, with closing only a couple of days away and much to juggle, the buyer overlooks the tiny inconsistency. Following the wiring directions in this email, the buyer unknowingly sends the closing funds to a fraudulent account — and the funds are then immediately transferred to an off-shore account.
Unfortunately, there is little chance those funds can be recovered. The buyer has now lost their closing funds and, in most cases, the seller has lost their buyer.
As email spoofing and malware have become more sophisticated, illegitimate emails have become harder to spot — even for the tech-savvy. Plus, given the stress and complexity that a closing adds to a buyer’s life, it’s easy to see how the distraction works in a hacker’s favor.
When my organization hosts training events for lawyers involved in real estate transactions, cybersecurity experts often stress the human factor. According to Plante Moran, our partner in these events, 49 percent of all breaches involve human error, whether it is missing a small change in an email address or sharing information over the phone with a convincing imposter. Even an exposed computer monitor can give a criminal access to secure information.
It’s extremely difficult to recover funds that have been wired to a fraudulent account, though not impossible. Those who realize the mistake immediately have a better chance. As is the case with many things in life, prevention is the best tactic. Here are ways to lower the risk of real estate cyberfraud.
- Do not send wiring instructions by email. Make it a strictly enforced policy. At Proper Title, we are very clear with all parties involved in transactions that we will not share wiring instructions via email. Too many parties use open-source email providers, like Gmail. While email is convenient, taking it out of the wire transfer process eliminates one primary way hackers are able to divert funds.
- Instead, verbally confirm wiring instructions with a known source. This adds an extra step to the process, but it is worth the time and effort to protect you and your clients.
- Pay close attention to any interactions with parties involved in wire transactions. This means both via email and over the phone. Essentially any information that isn’t shared face-to-face requires heightened awareness. To my earlier point, not every tactic hackers use is tech-oriented. It’s amazing how much information a hacker can receive over the phone by imitating a representative from one of the companies involved in a transaction.
- Use secure cloud-based systems or client portals for documents related to transactions. If you work with a title company that uses a cloud-based transaction management portal, take advantage of the extra level of security it offers. For example, we use a system called Proper Title Live, which, like most systems, is easy to use but requires a small investment in time to become familiar with it. Often your clients will be able to access the system as well. An added bonus of these systems is having all the documents in a single place, streamlining processes and keeping your email account less cluttered.
All lawyers handling sensitive information need to be aware of how they can decrease their risk by evaluating processes and systems to identify vulnerabilities. Knowing where your specific risks lie will help you be more vigilant — and that is a low-tech tool that makes a big difference with this high-tech crime.