A security company has issued a warning to real estate professionals about a growing scheme in which criminals are hacking into their emails and sending messages to their clients to wire down payment funds to fraudulent accounts.
Information security firm SANS cites an example of the “business email compromise” scheme from an email an agent recently forwarded to the company. The email was a seemingly typical exchange with a potential buyer who expressed interest in purchasing a home and asked the agent to represent him. The agent requested that the buyer be preapproved for a mortgage, and the buyer responded with a link to the supposed approval letter. The link, however, went to a phishing site, which has since been taken down, prompting the agent to login with his email credentials.
By doing so, the agent’s information would have been passed on to scammers, who could log into his email account and manipulate his messages. If an email came to the agent’s inbox asking for bank details to wire funds, the scammer could step in and reply with his information. The true buyer then could unknowingly transfer money to the wrong account.
These types of wire transfers are rarely reversible, SANS warns. The money typically gets forwarded on quickly to a foreign account, where the electronic trail then gets lost. And your email account may be particularly vulnerable to such scams.
Phishing/email scams continue to be a persistent threat and alert associates and staff are recognizing and reporting suspicious email on a regular basis. While messages may appear to be legitimate, always be alert to the potential for fraudulent email and other online activity. There are a few things you can do to protect yourselves and your customers from these attacks. I have included the Do’s and Don’ts below.
2 step authentication is one of the best things you can do to protect your accounts. The link below offers 2 step authentication for various websites, such as Gmail, Facebook, Twitter, Yahoo Mail etc. If you need assistance enabling the 2 step authentication, please log into EWM’s live help.
http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now
DO’S
– Be skeptical of any emails from strangers or even e-leads.
– Hover over links in your email with your mouse to see the true source of the link.
– If you have a Gmail account, register for the 2-step verification process that will alert you if someone accesses your account from anywhere except a trusted device. The link to register is: https://www.google.com/landing/2step/.
– Have a list of basic questions to ask a new e-lead or customer to make sure you’re dealing with a bona fide customer before you proceed to do a property search.
– Report suspicious emails to [email protected].
DON’T’s
– Open attachments from unidentified sources as these may contain phishing emails.
– Click on links from unidentified sources as these may contain phishing emails.
Attachments and links in unidentified emails basically hack into your accounts and track your email activity to see who you are communicating with and then begin communicating directly with your client and giving them false information.
Other links:
List of websites and whether or not they support 2 step authentication. https://twofactorauth.org/
This is a great article from cnet with instructions on how to set up 2-step on popular websites http://www.cnet.com/how-to/how-to-enable-two-factor-authentication-on-popular-sites/