Fraudsters are increasingly targeting potential home buyers and real estate professionals with wire fraud schemes and phishing scams. In May 2017, the FBI revealed that the identified exposed losses resulting from business email compromise (BEC) scams increased by 2,370 percent between January 2015 and December 2016. Those scams preyed on organizations in all 50 states and 131 other countries. In total, they caused a combined $5.3 million in losses to domestic and international victims, including buyers, sellers, lawyers, and professionals who fell victim to a real estate-themed BEC scam. One victim's story emerged in August 2017. A couple living in Washington, D.C. put down $200,000 on their dream home. After receiving an email from what appeared to be their title company, they wired the remaining $1.5 million to the bank specified in the email's instructions. As it turns out, someone had hacked the company and sent out the bogus email. Michael Nadel, an attorney for the couple, said the experience soured what should have been an exciting time in the pair of federal workers' lives. As he told NBC Washington:
"When you have a young child and you move into your house for the first time and you close on that house, that should be a really special moment, not a moment when a massive amount of money is stolen from you, so the whole experience has been marred."
The couple decided to sue the title company in the hopes of recovering their money.
A similar story came to light in October 2017 when Shannyn Allan received an email containing wire instructions to complete the purchase of her dream home in San Antonio. She unknowingly wired over $52,660.57 to a bank account under hackers' control. Fortunately for her, her bank contacted her shortly afterward with the real wire transfer instructions. She realized she'd been scammed and subsequently canceled the previous transfer.
Those types of stories are only the tip of the iceberg. Phishing threat management firm PhishMe clarifies this reality:
"The National Association of Realtors is itself often spoofed in what we call 'generic email' phishing pages. The well-worn ruse: you receive a message telling you to log in to view a great list of hot properties—like this page, recorded in April 2016."
Source: PhishMe
In addition, the company confirmed it's seen plenty of scams that try to go after real estate professionals' email credentials. No doubt those responsible leverage successful phishing attacks to target buyers with modified wire transfer instructions.
Those involved in a real estate transaction can protect themselves by familiarizing themselves with how a BEC attack works. They should then use that knowledge to verify all purchase instructions, exercise caution around last-minute changes, cleanse their email inboxes of sensitive information, and exercise good digital security hygiene.
