8 Arrested After Cybercrime Targets Real Estate Transactions
July 3, 2018
The threat of cybercrime is very real for REALTORS® this past week. Eight individuals, who are citizens of four different countries, were arrested for allegedly targeting Crye-Leike, a real estate company based out of Memphis, Tennessee, with a scam known as business email compromise. The scam involves hacking into email accounts associated with real estate transactions to monitor for information related to transactions. Then, shortly before a closing, the hacker uses the compromised email account to email wiring instructions to the buyer for the down payment and/or closing costs to be deposited in a fraudulent account. According to NAR, Crye-Leike identified the issue before data or funds were lost and contacted the authorities which were able to track down some of the alleged culprits. Read the full story here.
How to deter wiring fraud
Even if a REALTORS® email is not compromised, criminals can send emails to buyers that are markedly similar to the REALTORS® email address. Email addresses may be one letter or symbol off (alabamarealtors.com versus alabama.realtors.com) or have a different domain name (i.e. gmail.com instead of iamrealtor.com).
It is extremely important that REALTORS® inform clients that the clients will not receive wiring instructions by email and to treat any emails with extreme suspicion. Read NAR’s “Wire Fraud Email Notice Template” here.
Steps to take when wire fraud occurs or is suspected
Experts say the window of recovery for lost funds, if it exists, is very short, with a max of 72 hours. Once you learn of a wire fraud event, it is important to provide notice very quickly to bolster any hope of recovery.
Data Breach vs. Wire Fraud
Recently, the Alabama REALTORS® Legal Helpdesk posted an article on data breach notification. It is important to note that Alabama’s Data Breach Notification Act is applicable to some wire fraud events, but not all. Wire fraud can be a form of data breach but is not always. For example, if a real estate professional’s email account is hacked and used to commit a wire fraud event, the hacker may gain access to protected information, triggering applicability of the Alabama Data Breach Notification Act. On the other hand, email addresses may just be spoofed, with one letter or symbol or the domain different. In this situation, the Alabama Data Breach Notification Act is not necessarily applicable. So, analyze each situation before deciding whether the Data Breach Act mandates specific actions. This is not to say that the parties should not be contacted upon suspicion of a wire fraud attempt. After all, real estate professionals have a duty to “protect and promote the interests their client” and to “treat all parties honestly.” NAR Code of Ethics Art. 1. Informing parties quickly may prevent or minimize damage from wire fraud.