Alert: Hackers target home buyers
As if buying a property weren’t stressful enough, the NAR (National Association of Realtors) has just advised us that Internet hackers are now targeting home buyers. It was only a matter of time before hackers went after the vast sums of money involved in purchasing a home, but this time the route to the hacking is a bit different than in most cyber crime-schemes.
Apparently hackers are now targeting realtors’ email accounts and silently watching those emails for information that will allow them to re-route buyers closing funds to their own bank accounts. As closing approaches, escrow officers send buyers instructions, including what to bring to closing, amount of funds required, and where and how to wire funds to close the transaction. The hacker will also send the buyer what appears to be an official looking email from the “title company” with “updated instructions” on where to wire funds. (Remember that your agent and escrow officer have been communicating frequently during your purchase, so hackers have the official signatures each has been using, and these are easy enough to copy to make your email with updated escrow instructions look legit.) Some hackers may even include other information about your transaction to make the email look even more like it has come from a trusted source.
Generally speaking, this will not impact the majority of buyers who hand carry a cashiers’ check to the title company at closing. But, for out of state buyers and cash buyers, it is not uncommon for funds required for settlement to be wired to the title company. By watching emails exchanged between buyers and their agents, hackers gain information about how the purchase will be financed as well as the scheduled closing date.
How can you protect yourself from hackers?
- Make sure that your realtor is taking every step possible to keep hackers out of their email. Personally I change my password frequently which makes watching my email much more difficult for hackers, and I use strong passwords that hackers would be unlikely to guess.
- It is very uncommon for a real estate agent to request sensitive information from buyers, especially via email. We don’t need your bank statements (unless you are a cash buyer) or any information with your social security number. That type of information should always be handled by your lender. When we do require proof of funds for a cash transaction, buyers should always redact most of your account number (leaving only the last 4 digits), and should send proof of only enough funds required to settle the purchase. If you are able to encrypt the email, that would be even better.
- Before wiring funds, always double check with your escrow officer to make sure that you have the correct wiring information for your bank. Be sure to keep and check old emails you have received from the title company to make sure you are calling or emailing the correct person, because hacker contact information is almost always included in the scam emails you receive.
- Don’t click on any links in the email, giving the hacker access to your email (if they don’t already have it).
It’s an Internet world out there, but there are always steps you can and should take to protect yourself, and that I take to protect you if you are my client. Unfortunately, once the funds are wired, even to an incorrect account, the money is gone.
The good news is that banks, title companies and realtors are all being notified of this new threat and are all taking whatever steps we can take to tighten security on your behalf. But at the end of the day, responsibility for issuing correct wiring instructions is still yours. So, be careful out there. Check and double check your information before you pass on wiring instructions to your bank, and you should be fine.