While this scam has been going on a while and I have sent our messages before, it has spread across the country and has gotten much more sophisticated. PLEASE Read:
Here is the official statement from the National Association of Realtors that we received:
Sophisticated Email Scams Targeting the Real Estate Industry
NAR Legal Affairs
Criminals are hacking into the email accounts of real estate agents or other persons involved in a real estate transaction and using information gained from the hack to dupe a party into a fraudulent wire transfer. The hackers often send an email that appears to be from an individual legitimately involved in the transaction, informing the recipient, often the buyer, that there has been a last minute change to the wiring instructions. Following the new instructions, the recipient will wire funds directly to the hacker’s account, which will be cleared out in a matter of minutes. The money is almost always lost forever.
This is a busy and hectic time for real estate professionals, and many millions of dollars will be sent and received via wire before the end of the year. This is exactly the environment in which online criminals seek to operate.
The National Association of REALTORS® urges its members and state and local REALTOR® associations to be on high alert for email and online fraud.
In May 2015, NAR issued an alert regarding a sophisticated email wire fraud hitting the real estate industry. Since then, the incidents of online scams targeting practitioners have continued to rise but the advice is the same.
Bottom line: Do not let your guard down. Start from the assumption that any email in your in-box could be a targeted attack from a criminal.
Follow this guidance to avoid becoming a victim:
- Immediately contact all parties to all of your upcoming transactions and inform them of the possibility of this fraud. Attorneys, escrow agents, buyers, sellers, real estate agents, and title agents have all been targeted in these scams. You can also download and distribute NAR’s online fraud prevention handout, accessible here.
- If possible, do not send sensitive information via email. If you must use email to send sensitive information, use encrypted email.
- Immediately prior to wiring any money, the person sending the money must call the intended recipient to verify the wiring instructions. Only use a verified telephone number to make this call.
- Do not trust contact information in unverified emails. The hackers will recreate legitimate-looking signature blocks with their own telephone number. In addition, fraudsters will include links to fake websites to further convince victims of their legitimacy.
- Never click on any links in an unverified email. In addition to leading you to fake websites, these links can contain viruses and other malicious spyware that can make your computer – and your transactions – vulnerable to attack.
- Never conduct business over unsecured wifi.
- Trust your instincts. Tell clients that if an e-mail or a telephone call ever seems suspicious or “off,” that they should refrain from taking any action until the communication has been independently verified as legitimate.
- Clean out your e-mail account on a regular basis. Your e-mails may establish patterns in your business practice over time that hackers can use against you. In addition, a longstanding backlog of e-mails may contain sensitive information from months or years past. You can always save important e-mails in a secure location on your internal system or hard drive.
- Change your usernames and passwords on a regular basis.
- Never use usernames or passwords that are easy to guess. Never, ever use the password “password.”
- Make sure to implement the most up-to-date firewall and anti-virus technologies.
Be aware that these emails are extremely convincing. Many sophisticated parties have been duped. No one should assume that they are “too savvy” to recognize the fraud. In addition, no one should assume that they are “too small a target” to be on these criminals’ radars. This fraud is pervasive, convincing, and constantly evolving.
Margo Borkin Real Estate has already put in place measures to avoid this, our title company has started using encrypted mail services, most importantly we will never ask you for any sensitive information via email – And usuall follow up any email requests with a phone call notifying you what we sent and how to send it back. If you receive any email from us that you aren’t sure of, please call – It is better to be safe than sorry