In recent months, there’s been an uptick in cases of “phishing” – a type of email scam – that’s been targeting homebuyers and mortgage applicants. Do you know how to keep yourself – or your clients – safe?
Cyber-hacking and fraud is a growing problem in the real estate and mortgage industry, and one that consumers, real estate agents and mortgage brokers all need to be vigilant to prevent.
Just last week, another round of “phishing” attempts was launched against home buyers and mortgage borrowers in several real estate markets across the country. Find out what you can do to keep your transaction data safe when buying real estate or applying for a home loan.
How Does this Real Estate Phishing Scam work?
For a little more than a year, there have been reports of cyber hackers posing as Realtors, closing agents and others commonly involved in real estate transactions. The most recent round of attempts occurred just last week, prompting the FTC to re-issue its past warnings about the growing risk of real estate “phishing.”
Step 1: Real estate phishing involves a scammer posing as a closing agent, real estate agent or title insurance company and attempting to trick consumers into sending them money or downloading malware.
Step 2: The email will claim that there has been a last-minute change to the wire instructions that were previously provided. It will include a new account where consumers are supposed to send their closing costs by wire. If these instructions are followed, the money will be wired to the scammers account.
Step 3: Some of these emails also have a malware payload, so that even if you don’t send a wire to the scammer, simply clicking a link in the email could compromise your computer and give the scammer access to your personal data.
What makes this type of “phishing” such a threat is that the scammer will be posing as a person known to you – someone whose name you know from the transaction. They will have either gained access to that person’s real email address, or will have created one very similar to it. The scammer will also have access to real data about the transaction – including closing dates – so it will be very difficult to tell if the email is legitimate without further investigation.
What You Need to Know
- As a general rule, because of the threat of these types of phishing attempts, people involved in a real estate purchase or loan should not rely on email to transmit sensitive information.
- Always verify identity by calling a known phone number (not the one found in an email signature) before sharing any sensitive or payment information via email.
- DO NOT click links or reply to emails to confirm identity of an email’s sender, as these may download malware to your computer. Again, call a known number to confirm.
- Because of the risk of this type of phishing, ask your closer to fax wire instructions or send them as a hard copy with the rest of your closing instructions. Avoid using email for this purpose.
- Do not use any free, unsecure email accounts such as Gmail to send or receive closing information.
It’s not known how the scammers are gaining access to these accounts, so it’s critical for everyone involved in real estate transactions to be extra vigilant in handling email security and sensitive data such as closing dates. It’s also a good idea to change passwords regularly, avoid reusing passwords across different applications, and again – don’t send sensitive information (including wire instructions, closing dates, etc.) via email.
Let’s work together to keep our real estate transaction information – and funds – safe!