REALTORS beware – you are the perfect target for cybercrime
According to The National Association of REALTORS (NAR), “big-name breaches make good headlines, but smaller businesses make easy targets for online criminals. This is partly because many small-business owners believe they are “below the radar” for cybercrime and thus fail to implement safety measures to protect themselves from attack.” There are more than 12 cybercrimes per second. Per NAR, “by 2019, cybercrime will cost businesses an estimated $2 trillion annually.” This post is to help you and your clients to avoid being the next victim.

The dangers of the World Wide Web and specifically, wire fraud
This sounds like a scary headline from 2000 when businesses first started going online. But, now in 2017, the dangers are oh so real. At the REALTORS® Legislative Meetings & Trade Expo in Washington, D.C.  in May NAR General Counsel Katie Johnson identified wire fraud as a “sophisticated scam causing consumers to lose millions of dollars each year.” This according to “The Threat of Wire Fraud is Real” by Erica Christoffer and Graham Wood of REALTOR Magazine. When she asked the audience of real estate professionals if they knew of someone who had been a victim of wire fraud, 1/3 of the audience raised their hand. She then detailed the following:

“Hackers are gaining access to e-mail accounts through captured passwords, and they’ll search inboxes for messages related to real estate transactions, Johnson said. Once they find a victim who’s in the process of buying a home, they’ll send a spoof e-mail that looks like it’s from their agent, title representative, or attorney, and it will say there are “new” wiring instructions, which includes a fraudulent account. The home buyer will then unwittingly wire funds directly into the hacker’s account. Once they send it, the money is gone. Millions of dollars are lost on this.”

MortgageFraudBlog.com gives point in case to Johnson’s scam where fraudulent emails were used to conduct wire fraud and bank fraud from escrow deposits in June 2016 involving three companies and hurting 6 victims with the scam.

How to protect your business
Here are some tips to make sure you take the proper precautions online.

  1. Maintain a data security policy. See samples of policies here.
  2. Maintain a document retention and destruction policy. Identify how long to keep documents and how to destroy the information safely. Be sure to work with your legal counsel to create this.
  3. Notify affected parties of a security breach. Remember immediacy and transparency are key in your communications. In the event of a data breach reference the Federal Trade Commission’s Data Breach Response: A Guide for Business.
  4. Use tech to safeguard personally identifiable information. Implement certain technology-based protections, such as maintaining appropriate firewalls and password controls.
  5. Use strong passwords. Here is how to create a strong password.
  6. Establish procedures for wire transfers and communicate with your clients what to expect in the transaction and what communications they will receive from you. Here are some tips from Clareity Consulting on “Reducing the Risk of Real Estate Wire Fraud”.
  7. And, finally, FOLLOW YOUR POLICIES and educate your associates.

The dangers of free wi-fi
According to KnowBe4, “you should always watch what Wi-Fi hotspots you connect to, and use a VPN to help keep your sensitive information out of the hands of hackers.” If you connect to free wi-fi that is unprotected, the provider could have access to what you transmit over their network. For example, at the Republican National Convention, attendees were hacked by a fake wi-fi network. Here’s what happened per Stu Sjouwerman,

“The PR people at Avast decided to have some fun and created a series of fake Wi-Fi networks at various locations around the Republican National Congress in Cleveland. Avast’s team set up several networks, using names such as “Trump free Wifi” or “Google Starbucks,” which were designed to look as though they were set up for convention attendees. Upon connecting, trusting a random and unprotected network they found in a public setting, the users unwittingly gave Avast access to spy on their devices. Over the course of a day, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed, and slightly less than half of them checked their email or used messenger apps.”

This is scary business, literally. Lesson learned – Remember to always use a secure network with a username and password, and use a VPN when conducting business. Say to yourself now, “No more free wi-fi – it is NOT worth the risk.”

I hope this is helpful as you work to strengthen your cybersecurity practices. I urge you to download Protecting Your Business and Your Clients from Cyberfraud from The National Association of REALTORS to make sure you have your cybersecurity bases covered. This includes Best Business Practices, Best Email Practices, Best Transaction Practices and Best Damage Control Practices. I will cover these Best Practices in future blog posts, so stay tuned.

To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

RESOURCES:
https://www.nar.realtor/articles/legal-you-re-the-ideal-target-for-cybercrime
http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html
https://www.nar.realtor/law-and-ethics/protecting-your-business-and-your-clients-from-cyberfraud
https://blog.knowbe4.com/scam-of-the-week-rnc-attendees-get-hacked-through-fake-wi-fi-networks
https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business
http://realtormag.realtor.org/for-brokers/network/article/2016/05/threat-wire-fraud-real
https://clareity.com/wp-content/uploads/2016/08/Reducing-the-Risk-of-Real-Estate-Wire-Fraud.pdf
https://www.rt.com/news/cybercrime-victims-number-grow-427/
https://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-create-stronger-passwords-0156907/
http://www.mortgagefraudblog.com/exclusive-criminal-complaint-concerning-fraudulent-emails-diverting-escrow-deposits/