We all know how important it is to keep our email systems bug-free and secure, but real estate licensees now have an especially pressing reason: Foreign hackers are methodically targeting licensees across the country with the goal of stealing home buyers’ money at settlements. That’s right – they are robbing licensees’ clients of tens of thousands of dollars just before they close on a home purchase.
I recently spoke with several agents who’ve either been victimized or nearly victimized after hackers penetrated their email systems, lurked around for weeks searching for details of upcoming closings, then diverted closing funds into their own untraceable bank accounts by giving settlement agents bogus wiring instructions.
In one case, the buyers lost $100,000. In another they lost nearly $200,000. And in one near-miss situation, where the misdirection of funds to be wired was detected by title agency personnel at the eleventh hour, the loss would have exceeded $800,000! Nationwide, according to NAR’s legal department, these “phishing” cases have been on the rise and now total in the hundreds. In cases where the fraud could be traced to a country of origin, most seem to be coming from China, eastern Europe and west Africa.
The Federal Trade Commission has put out warnings about the problem, as has NAR. Yet these real estate cyber thefts are continuing. What’s next? I predict there will be lawsuits that seek to hold realty agents and others legally responsible for the losses. That could be really really messy! Just last week I was contacted by a lawyer who is preparing a lawsuit and wanted to “compare notes” with me (translation: gather more ammunition.) No thanks! I am not getting involved in lawsuits!
A title agent in Maryland, who had been involved in a transaction where criminals had successfully stolen thousands, told me the legal backlash on real estate phishing could be painful for licensees whose email systems were penetrated. After all, he said, “who is going to make the home buyers whole again?” Where else are they going to get back the money they lost because hackers got into their realty agent’s email system? The police – all the way up to the state and federal levels – have had no luck recovering funds stolen this way. So buyers and maybe sellers are going to look to the agents, the agent’s broker and maybe the settlement agents in for redress.
Some questions he posed that I think are worth sharing and pondering:
--In cyber theft cases, did licensees take sufficient precautions to make their communications systems as secure as possible from hackers? Did they change passwords frequently? Did they use software that is specifically designed to thwart attacks like this? If not, the case against them may be easier.
--Did they conduct their business over email channels that he said are more vulnerable – popular, globally available systems such as Gmail, Yahoo or AOL? Or did they use their own broker’s in-house domains, which he considers somewhat less vulnerable?
--Are brokers and licensees protected by their E&O insurance policies against cyber fraud? He said such coverage costs more and that many licensees probably don’t have it yet.
The legal aspects of all this are yet to play out, but it’s more than a little foreboding. My suggestions to licenses are to (1) be aware of the potential threats posed by cyber thieves. Discuss it with brokers, clients and settlement service vendors and take defensive action. Consider using the broker’s domain address for all business-related communications if that appears to offer greater protection from intrusions. Advise clients – early on and in writing – to be suspicious of any wiring instructions , or changes in wiring instructions, that they receive by email, and urge them to always confirm them by phone or some other means besides email.