When my husband and I closed on our newest home in December, I remember vividly the flurry of emails between the lender, the title company, our Realtor, and more. It seemed like daily — and especially as the closing date drew nearer, hourly — there was some new form that would need to be signed, or some new update on the process.
So when I heard last week of a family in Frisco (who declined to be named for this story) who showed up at closing thinking they had already paid their down payment, only to find that the emailed instructions they got were a fraud, it didn’t sound improbable.
You get a lot of emails. And if one came from what appeared to be a title company or a lender and you had never bought a home before (or hadn’t purchased one in a while) you might take a request to wire your down payment as some kind of new, modern way to do it.
Only, it’s not. And this family showed up at closing and were surprised when they were asked for the customary check for the down payment. It was literally the first time they knew that the thousands of dollars they had saved were gone forever.
It’s something Lydia Blair, an escrow officer at Carlisle Title and CandysDirt.com columnist, said title companies are seeing a lot of in recent months.
“Title companies across the Metroplex are all too frequently seeing these home purchase scams,” she said. “And they aren’t just aimed at first-time homebuyers or inexperienced consumers. Homebuyers need to realize that if they are buying a home, they are a target for online criminals.”
And the emails will look very legitimate. A recent CNBC story said that scammers target someone who engages in real estate transactions frequently first.
“A person involved in a real estate transaction, such as a real estate attorney or realtor, has his or her email account compromised by malicious software, known as malware, sent by a criminal over email,” the story said. “Unbeknownst to the professional, the fraudster can now monitor the realtor’s emails to look for upcoming transactions.”
“The breach almost always comes from a hack through the consumer or Realtor’s email,” Blair agreed. “These scammers hack into thousands of ordinary folks email accounts and wait for the right words to pop up – like purchase, escrow, contract or down payment.”
“They pretend to be the lender or title company by sending the buyer an email with a slight change in the email address,” she continued. “An L might become an I or a T becomes an L in their name. It’s usually something not easily detected. They follow the buyer’s emails and can intercept or copy incoming correspondence from the bank or title company.”
“Then they send the buyer an email that looks like it comes from the lender or title company with instructions on where to wire funds for closing.”
When the closing date comes close, an email from that slightly different but still legitimate looking address arrives in the buyer’s inbox, telling them there’s been a change of plans and they’ll need to wire the money before the closing date, to the seller’s bank account.
In reality, the bank account belongs to a scammer, and it’s usually overseas and well out of reach of U.S. law enforcement.
“Reputable title companies have tight security and we diligently guard against hackers and scammers,” Blair said, adding that it’s never a bad idea to verify any requests for money.
“My advice is that the buyer keep the very first email they get from the title company. If they later get instructions to send funds to a different account, they should call the title company,” she said. “Yes, pick up the phone and make the call. Confirm the information. Do not call the phone number in the email that instructs you to send funds to a new account. It may be the scammer’s phone number.
“Once the funds are wired to these criminals, they are gone,” she added. “The consumer won’t be getting them back. The fault is not with the title company or lender.”
Realtors can also be diligent in making sure they don’t fall prey to malware that could leave their buyer clients vulnerable, the National Association of Realtors said.
“Inform clients from day one about your email and communication practices, and alert them to the possibility of fraudulent activity,” NAR associate counsel Jessica Edgerton said in a 2015 alert about the wire fraud threat. “Explain that you will never send, or request that they send, sensitive information via email.”
“If you receive a suspicious email, do not open it,” she continued. “If you have already opened it, do not click on any links contained in the email. Do not open any attachments. Do not call any numbers listed in the email. Do not reply to the email.”
Edgerton also recommended Realtors clean out email accounts regularly, because “your emails may establish patterns in your business practice over time that hackers can use against you.” Longstanding backlogs of emails can contain sensitive information. She recommends saving important emails to your hard drive or server.
Changing email passwords frequently (and making sure all employees and licensees do so as well) can also help protect you, as can making sure that you have the most up-to-date firewall and anti-virus technologies available.
Earlier this year, in a piece for REALTOR® AE Magazine, zipLogix COO Lisa Mihelcich also wrote about cybersecurity for Realtors, saying that wire fraud was the number one type of fraud in 2016, causing $50 billion in losses.
In addition to Edgerton’s recommendations, Mihelcich said she recommends that Realtors not use public Wi-fi to conduct business and to require a digital signature and two-step verification software for document signing.
“Use secure applications to collaborate online,” she added. “Use strong passwords, safeguard passwords, and do not use the same password for multiple accounts.”
“Cyberthreats and wire fraud will persist as long as real estate professionals continue performing transactions online, but it’s not necessary to resort to the old-fashioned way of doing business just to stay secure,” she concluded. “Improvements in protection mechanisms against these crimes are staying one step ahead, continually outsmarting and preventing criminals from getting access to confidential information.”
The NAR also offers an entire toolkit to Realtors regarding data security, and also provides frequent alerts regarding common scams.
And if you have fallen victim to this kind of scam, Blair said that’s by design — the criminals behind them are pretty savvy.
“These types of scams are becoming way too common. This is a lucrative business for these scammers,” she said. “They are professionals and very good at their illicit profession. Anyone can fall victim to them.”
Bethany Erickson is the award-winning education, consumer affairs, and public policy columnist for CandysDirt.com. Contact her at firstname.lastname@example.org.