 |
| Real Estate Wire Fraud |
Cash Buyers Lists News
Most articles about real estate fraud have focused on the same scenario: hackers breaking into professionals email accounts to learn about upcoming transactions, emailing the buyer to wire money to the hackers account. In reality, there are many other ways hackers insert themselves into communications, such as tricking the real estate professional into installing malicious software on their computer or phone, or changing escrow instructions (or other disbursements) at the office of the real estate professional via email.
Hacking can also be done by less sophisticated methods, including phone, fax or inter-office memo. The latest evolution of the scam, however, is truly insidious.
1. A hacker obtains a REALTOR(R)’s transaction management/e-signature system login credentials by using a phishing email that looks like it’s from the transaction management system.
- The user first types their credentials into the fake transaction management website, then are forwarded to the real one where their credentials work. They never even notice they’ve been phished. They just think they mistyped a password the first time.
2. The hacker logs into the transaction system to identify target transactions and collect information to fool participants.
3. If the agent uses the same credentials for both email and the transaction system, the hacker now has access to the agents email.
3. If the agent uses the same credentials for both email and the transaction system, the hacker now has access to the agents email.
- The hacker may set up an email-filtering rule so emails from the client "skip the inbox" and go right to the hacker.
- Emails to clients can now be sent from the agents real email address. It’s not a spoofed email (which only looks like it’s from the agents account).
- Changing their email password may help, but at this point, the hacker only needs to spoof future emails-and unless the agent notices the filtering rule, the hacker still has access to those email conversations.
4. Because the hacker has information about the mortgage and title company from the transaction system, they can spoof an email from those parties, too. When a client receives a (spoofed) email from multiple parties - which confirms each other’s message – they’re more likely to trust each of those emails.
5. From that point, it’s a typical wire fraud scenario: At the appropriate time, the client is told to wire funds to an account the hacker has access to.
This is only one variation of many that Clareity has seen "in the wild."
Clareity Consulting has written a paper that more thoroughly explains the wire fraud issue and provides concrete guidance on how to reduce the risk. Download the paper by visiting clareity.com/reducing-the-risk-of-real-estate-wire-fraud.
Matt Cohen is chief technology officer at Clareity Consulting.
For more information, please visit www.clareity.com.
CashBuyersLists.com Please Like, Comment and Share
No comments:
Post a Comment