A few weeks ago, a California Public Radio station reported that millions of dollars were being “bled” each month from Los Angeles homebuyers by cyberscammers. But the rip-off is not happening only in Los Angeles. It’s happening throughout the country at alarming rates.
According to the FBI, a cyberscam that tricks homebuyers into wiring money to offshore accounts is costing the Los Angeles area alone $5 million a month. The scam that surfaced in 2013 has rapidly grown, with the FBI’s Internet Crime Complaint Center reporting incidents spiking 480 percent between 2015 and 2016. Last year, the Federal Trade Commission issued a joint warning with the National Association of Realtors about the threat.
Here’s how the scam works:
A criminal will hack into the email account of a person involved in a pending real estate transaction. The hacker will spend days collecting information about the deal, as well as the participants. The hacker even picks up nuances, such as the way agents and customers speak, and details of the transaction. From this information, the hacker creates authentic-looking emails.
Usually during the chaotic moments of a deal’s closing, the hacker will send an email with last-minute changes to instructions about wiring transaction-related funds. Unsuspecting buyers, representatives and financial institutions may not question legitimate-appearing changes sent from the email accounts of “familiar” participants and follow the instructions. Money will be sent directly to the hacker’s account, where it will be quickly lost forever.
There is no shortage of horror stories emerging from this cyberscam. Consider the owner of a small escrow company in Southern California who opened an attachment reportedly containing information about a lost package. The phony email inserted a virus into her computer allowing a hacker to obtain her banking password, which was used to rip off $400,000 through a series of wire transfers.
Earlier this year, a Maryland couple lost more than $400,000 in proceeds from the sale of their home in a cyberscam with roots in West Africa. Unable to recover their money, the couple reportedly now lives paycheck to paycheck.
Wherever you look, recent cases can be found.
In Long Beach, $10,000 disappeared from a real estate deal. In Greenfield, Massachusetts, $80,000 in closing funds and $20,000 in earnest-money deposits disappeared. In Minneapolis, a retired couple buying a townhouse close to their adult children lost $205,000. Another retired couple in Denver lost $272,000 attempting to buy a house. A judge in New York was victimized when she mistakenly followed bogus instructions she thought had been sent by her real estate lawyer. She lost more than $1 million.
Clearly, cybercriminals have discovered a lucrative pot of gold containing easily duped buyers and sellers who may be infrequent participants in complicated, fast-moving financial transactions. And these real estate deals often are handled by small businesses that may lack adequate cyberprotection systems.
While cybercriminals seem to keep one step ahead of their victims, measures can be taken by real estate professionals to protect themselves and their clients.
• Inform all participants in a real estate transaction about the cyberscam and how it works.
• Have a cyberprotection plan and communicate it. At the outset of a transaction, explain to all participants how information will be conveyed and verified.
• Ask about the cybersecurity practices of participants, including other real estate professionals, financial institutions and vendors.
• Change passwords regularly on accounts, including email accounts. Encourage others involved in the transaction to change their passwords.
• Train staff to recognize bogus emails and to use caution when clicking on attachments.
• Do not communicate sensitive information or funds over unsecured Wi-Fi or unencrypted email.
• Immediately before initiating a wire transfer, call the intended money recipient via a verified telephone number and confirm instructions.
• Regularly clean out email accounts.
• Check your online bank accounts daily. Change your banking passwords on a regular basis.
• Work with information technology and cybersecurity professionals to examine computer systems, assure security software is active and current, and audit online accounts.
• Consider buying cyber liability insurance. A policy should cover a wide range of threats, as well as business interruption.
Alphonso Rivera is the founder and CEO of Advanced Micro Resource Digital Forensics, a Bakersfield-based digital forensic company that specializes in digital audits involving cell phone and computer evidence for attorneys, private investigators, human resources consultants and companies. His website is www.bakersfieldforensics.com.