Hackers Targeting Real Estate Transactions

Real estate transactions have long been the target of fraud; however, recently our industry seems to be the targets of more sophisticated cyber scammers.  

In fact, at the 2015 REALTORS® Conference & Expo, panelists at the Risk Management and License Law Forum discussed potential threats and gave suggestions for how agents can protect themselves, their businesses and their clients from cyber-attacks.  

The news tends to focus on large companies falling victim to hackers, but small businesses - which usually lack the technology and legal teams of larger businesses - actually account for the majority of attacks.

"Small businesses need to pay just as much attention as large companies to possible cyber threats,” stated Melanie Wyne, National Association of Realtors®’ technology policy expert.  

According to Wyne, data breaches can impact real estate businesses in three primary ways:

1. Businesses can suffer from financial harm from expenses resulting from the breach
2. Legal risks from lawsuits from clients or others impacted by the hack
3. Reputational risks from having to publicly disclose the hack

Cloud and free email services are certainly convenient options for business, but it's important to understand that they are never completely secure. Before using a service or storing information or documents into one, Wyne urges to research the level of security those companies are employing. She also suggests agents ask these services to be compensated if the service is hacked.

Furthermore, Wesley proposed that when using a free email service for business, one should encrypt emails with client data - check out lifehacker.com (then search on “encryption”) for great tips on encrypting emails.

Darity Wesley, founder of the Lotus Law Center, warned that hackers are seeking personally identifiable information, including credit card and bank account information, login credentials, employment details or a physical address, e-mail address, and phone or social security number.

“Most people don’t know the vast amount of data stored about them in a variety of systems,” said Wesley. “Identity thieves can do a lot of damage with this information; your credit and whole life could be ruined.”

Jessica Edgerton, NAR associate counsel shared that real estate professionals have seen an upswing in a wire scam in which a hacker breaks into an agents' email account, obtains information about upcoming real estate transactions and then, after monitoring the account, sends an email to the buyer posing as the agent requesting that the buyer wire transaction-related funds.

To avoid this type of fraud, agents should inform clients at the beginning of any transaction about this scam and if buyers receive an email about wiring funds they should immediately contact their agent by phone.

Most laws governing data security are currently at the state level therefore, it’s important for agents to know the state laws regarding data security and privacy that affect their organization, especially since some states have enacted laws that require businesses to have proactive security programs in place.

Additionally, all of the speakers recommended strong passwords, developing a data security program, and implementing and maintaining safeguards to protect private data.  

Interested in learning more?

1. Download NAR’s free Data Security and Privacy Toolkit
2. Check out the Center for Realtor Development®'s 4-hour online training course for REALTORS® and local and state REALTOR® association and multiple listing service staff
3. Read the full cybercriminal report from NAR