The stories regarding hacked email accounts, forged wire instructions, cyber fraud and other risks continue to be reported at an alarming rate. According to the FBI, attempts to steal your customers’ data were up 480% in 2016. These fraud schemes are becoming rampant and everyday these criminals become more and more sophisticated.
By engaging in routine, seemingly harmless communication, criminals bait users into giving their personal information or clicking a link that allows hackers to steal log-in information and passwords. Typically, a method called phishing in the form of email messages, website forms or phone calls is used to fraudulently collect personal information. When this personal information is obtained, the target is set and often times is used in attempts to gain access to wiring of funds.
Here are some valuable tips to protect you and your customers against wire fraud:
Be suspicious of all emails, especially from free, public email account domains that pertain to the movement of money, as these email accounts are often a source of risk.
Watch out for phishing emails with embedded links, even when they appear to come from a trusted source.
Consider which email account domain you use for any financial business. As stated above, the free, public email account domains are a target for cyber-thieves and, without additional levels of security, are particularly vulnerable to attack and the subsequent liability that comes from such an attack.
Wire and other disbursement instructions received by email should be confirmed by telephone at a trusted/known or previously verified number, NOT the telephone number at the bottom of the email you are trying to confirm.
Be especially skeptical of any change in wiring instructions from any parties involved in the transaction. How often do people and businesses change their wire instructions? Specifically, if you receive an email or any other communication that appears to be generated containing new, revised or altered bank wire instructions, consider it suspect and call a number you trust.
Call, don’t email. Confirm all wiring instructions by phone before transferring funds. Use the phone number from the title company’s website or a business card.
Verify and confirm it all. Ask your bank to confirm not just the account number but also the name on the account before sending a wire.
Verify immediately. You should call the title company or real estate agent (again, at a known, trusted phone number) to validate that the funds were received. Detecting that you sent the money to the wrong account within 24 hours gives you the best chance of recovering your money.
Forward, don’t reply. When responding to an email, hit forward instead of reply and then start typing in the person’s known email address, not the one that may appear in the email you received. Criminals use email address that are very similar to the real one for a company. By typing in a known email address you will make it easier to discover if a fraudster is after you.
Our industry is on high alert and many companies are using these precautions (and others) to prevent their customers from becoming vulnerable. With that protection, additional processes are needed. Use common sense. While we all strive for seamless communication channels, it is important to be aware that our industry is taking extra steps to protect our customers and sometimes that requires us to set guidelines on how we are willing to exchange personal information. We are all in this together and it is important for real estate agents to be knowledgeable about these risks and the steps we are taking to protect our customers.
Finally, common sense and a healthy dose of skepticism are still great weapons in the battle against cyber fraud. This is not a “tech” issue, but a human issue, and human common sense is the best defense against anyone that may try to steal your money.