On Saturday I received an email from my state professional association. It discussed the problem of fraudsters targeting folks in the process of buying a home here in Hawaii. Via email, the bad guys impersonate an escrow official or the estate broker to persuade buyers that the original wire instructions were incorrect. Here are the correct wire instructions they say, and do send the money now. It’s a scam. Here is the complete text from the Hawaii Association of Realtors newsletter, including tips on how to protect yourself from this and similar email scams:
BE AWARE OF EMAIL SCAMS AND WIRE FRAUDSTERS – In recent months, real estate professionals have reported an upswing in a particularly insidious wire scam. A hacker will break into
a licensee’s e-mail account to obtain information about upcoming real estate transactions. After monitoring the account to determine the likely timing of a close, the hacker will send an e-mail to the buyer, posing either as the title company representative or as the licensee. The fraudulent e-mail will contain new wiring instructions or routing information, and will request that the buyer send transaction-related funds accordingly. Unfortunately, some buyers have fallen for this scheme, and have lost money.
The best line of defense against fraudsters is to make sure that all parties involved in a real estate transaction implement security measures before a cyberattack occurs. These measures include the following:
–Never send wire transfer information via e-mail. For that matter, never send any sensitive information via e-mail, including banking information, routing numbers, PINS, or any other financial information.
–Inform clients from day one about your email and communication practices, and alert them to the possibility of fraudulent activity. Explain that you will never send, or request that they send, sensitive information via email.
–Prior to wiring any funds, the wirer should contact the intended recipient via a verified telephone number and confirm that the wiring information is accurate. Do not rely on telephone numbers or website addresses provided within an unverified e-mail, as fraudsters often provide their own contact information and set up convincing fake websites in furtherance of their schemes.
–If a situation arises in which you have no choice but to send information about a transaction via email, make sure to use encrypted e-mail.
–Security experts often recommend “going with your gut.” Tell clients that if an e-mail or a telephone call ever seems suspicious or “off,” that they should refrain from taking any action until the communication has been independently verified as legitimate. When it comes to safety and cybersecurity, always err on the side of being overly cautious.
–If you receive a suspicious e-mail, do not open it. If you have already opened it, do not click on any links contained in the e-mail. Do not open any attachments. Do not call any numbers listed in the e-mail. Do not reply to the e-mail.