In FBI surveillance video, a young man of about 18 sits at
his computer in his room. His mother, donned in a white bathrobe, approaches
with a plate of cookies, sets it on his desk, and walks away as he continues to
stare intensely at his computer screen. He’s not immersed in a video game. This
man—perhaps a recent high school grad still living at home with his parents—is
a typical hacker. And he’s one of many who are increasingly disrupting real
estate transactions with phishing scams and wire fraud schemes.
“Most are young and see a
certain allure to the notion of being able to hack,” Martin Hellmer, who
supervises the FBI’s Cyber Task Force in Phoenix, said during a cybersecurity
webinar hosted by brokerage firm Realty Executive International on Jan. 26. The
webinar, “Wire Fraud: Educating Clients & Avoiding Scams in Real Estate,”
also included a legal expert from the National Association of REALTORS®.
Hellmer presented FBI footage of hackers, mostly young and unsophisticated
online users, including teens and impostors posing as staff at a Chinese hotel
who hacked a guest’s computer. “We typically think of hackers as these
magnificent young minds doing things we don’t know how to do,” Hellmer said.
“Some of them are—but most of them aren’t.”
Hackers have different
motivations for attacking real estate brokerages and other entities, ranging
from political causes to warfare.
How Do They Do It?
“We are the weak point,” Hellmer said, referencing real
estate professionals—and people in general—who do not employ enough safeguards
to protect their networks from vulnerabilities. The number one way hackers
infiltrate networks is by getting a user to click on a link in a phishing
email, so “we are the ones giving bad guys access,” Hellmer said.
Weak passwords are also a prime avenue for hackers to gain
access to networks.
Hackers are particularly
focused on real estate transactions because of the large amount of money being
transferred in a home purchase, said Finley Maxson, senior counsel for NAR.
Wire fraud schemes, which are a growing problem in real estate, have accounted
for $5 billion in financial losses to consumers since 2013, according to FBI
statistics. Other common schemes in real estate include fake referral emails,
“overpayment” scams, and fake DocuSign emails, Maxson said.
What Can You Do?
Do not ignore software updates
or wait until later to install them because they usually contain security
improvements to keep your computer safe, Maxson said. It’s also wise not to
keep files containing personally identifiable information for you or your
clients on a computer with access to the internet. Hackers can gain access to
those files and expose sensitive information to other criminals.
Maxson also stressed the
importance of brokers having policies to deal with hackings. Real estate
companies can be sued for not having proper policies in place, such as document
retention and destruction, cybersecurity and data security, and a process to
notify clients of a breach. Brokers can also get in trouble with their state real
estate commission for breach of fiduciary duty if they don’t follow policies
intended to protect their clients. “You can even get sued by the [Federal
Communications Commission] for not communicating cybersecurity problems to
clients,” Maxson said. “They’ll audit you and make you file annual reports.”
The most important thing
brokers can do is to educate their agents and clients about cybersecurity
protocols. Agents should know not to click suspicious links, and clients should
know to verify wire instructions with their agent if they get an email saying
the instructions have changed. “Have an email footer that says wire
instructions will never change, and if they do, call me before you do
anything,” Maxson said. “And make sure your employees and contractors are
vigilant not to click things that could expose your network.”
—Graham Wood, REALTOR®
Magazine
Reprinted from REALTOR®
Magazine Online, Jan. 2018, with permission of the National Association of
REALTORS®. Copyright 2018. All rights reserved.
