In real estate, you need to be prepared for fraud attempts. In this article, we explain the steps you can take to prevent wire fraud in your company.
In real estate, you need to be prepared for fraud attempts. In this article, we explain the steps you can take to prevent wire fraud in your company.
Tom Cronkright
6 mins
Fraud Prevention
Jul 19, 2021
Wire fraud is a growing problem for real estate professionals and consumers alike. Fraudsters stole $446 million via business email compromise in the real estate nexus in 2023 (FBI IC3). While there's no silver bullet solution, you can better protect yourself and limit its impact by educating customers and adopting preventative measures. This requires a layered approach with four key practices:
However, even with the best security protocols, fraud can happen. We'll teach you the right strategies to prevent wire fraud from ruining your business.
Most commonly, we’ve seen that fraudsters will:
Armed with the right information and access, fraudsters can easy take advantage of a transaction. In the age of social media, where information is actively shared, that makes it easy.
You should set up measures to limit their access to your PPI (private personal information). Let's explore a few ways to ensure your information can't be used against you.
Fraudsters will exhaust every available resource to gain leverage against you. Here are a few tactics to help limit their access.
1. Limit Publicly Available Information
Though running a business requires that certain information be public, you can protect sensitive data by:
Train your employees and yourself to think like a hacker and minimize the ammunition you give them.
2. Use Strong Spam Filters
An effective email filtering system is a top method to shield employees from encountering phishing emails. Products like MimeCast and SpamBully provide solutions that filter these emails.
Preventing criminals from emailing your employees reduces the chance of them stealing account information and lowers the risk of fraud.
3. Try To Hack Your Employees
Many businesses are hiring companies to perform phishing tests. They create a phishing email, send it to your staff, and see who falls for it. These tests raise employee awareness and help them avoid repeating the same mistake.
You can also perform your own tests with products like CoFense and Sophos. They imitate real phishing attacks and provide analytics and reporting to find weaknesses.
We recommend Google‘s phishing test if you’re looking for a free solution. It provides a great set of emails that show how to identify phishing emails.
3. Real-time system monitoring
Perimeter security—such as a firewall, web-content filtering, malware protection, and geolocation blocking—helps keep your organization's network threat-free.
By monitoring all web activity that enters and exits the network, perimeter security identifies unusual patterns or abnormal behavior and takes action to stop it.
4. Secure Your Accounts with Two-Factor Authentication
Two-factor authentication (2FA) is another way to secure accounts. 2FA requires account owners to enter both a password and an additional piece of information, like a unique code, to log in. Even if a hacker knows an account’s username and password, they can’t log in without the third authentication detail.
Most social networks and email providers make it easy to turn on 2FA. Google Account, Facebook, LinkedIn, and Instagram all allow users to turn on 2FA using a variety of methods, including SMS, call verification, security keys, prompts, and third-party apps.
One final step is to educate your customers and referral partners about the benefits of 2FA.
We can’t take anyone’s identity for granted when wiring money. Scammers thrive on exploiting trusted relationships and target people who don’t use identity verification methods. But if identities are confirmed properly, trust is never breached and fraud never occurs.
There are practical ways to confirm identities and educate your employees, referral partners, and customers on the importance of identity verification.
Title companies, escrow providers, financial institutions, attorneys, and real estate agents must work together to gather and share transaction participants’ identity information securely. The earlier this occurs, the better protected buyers and sellers will be.
Gathering data early gives more time to create trusted communication pathways before the closing date. Agents have time to securely store the contact information and educate buyers on the risk of wire fraud. Everyone is better off, and the real estate transaction can run as safely as possible.
A well-defined internal process for receiving and sending wire transfers provides consistency and allows employees to spot behavior that could be fraudulent.
Proper education and clear instructions for customers can save them from losing their life savings. Most people are not familiar with wiring funds because they only do it during a real estate transaction. Transaction instructions should include how you will share wiring instructions and who is authorized to give wiring details.
Ensure that everyone in your organization and your customers know how to spot cybercrime. Here are some common red flags to look out for in phishing emails:
Whether you validate transfers over the phone, in person, or using software like CertifID, you need a proven way to authenticate wiring details and identities. Using these precautions will stop fraudsters in their tracks.
With these strategies, your organization will be protected from wire fraud, benefiting you, your employees, and your clients.
Learn more about what steps to take if you fall victim to wire fraud.
What specific steps can individuals take if they fall victim to wire fraud?
If you fall victim to wire fraud, take these four actions:
1. Immediately contact your bank.
2. Inform the police about the incident.
3. Consider reaching out to the FBI if you are in the US.
4. Additionally, notify any other parties involved in the transaction or your business about the situation.
Also, consider reporting the fraud to the FTC for help and to prevent future scams. For more, read our blog post.
How effective are different two-factor authentication (2FA) methods, and which ones are recommended for the best security?
Generally, not all 2FA methods offer the same level of security. For instance, SMS and call verification are less secure due to vulnerabilities like SIM swapping attacks. More secure methods include the use of authenticator apps (such as Google Authenticator or Authy) that generate time-based one-time passwords (TOTPs), or even more securely, the use of physical security keys that adhere to the Universal 2nd Factor (U2F) or FIDO2 standards. These keys provide robust protection against phishing and account takeover attacks.
Co-founder & Executive Chairman
Tom Cronkright is the Executive Chairman of CertifID, a technology platform designed to safeguard electronic payments from fraud. He co-founded the company in response to a wire fraud he experienced and the rising instances of real estate wire fraud. He also serves as the CEO of Sun Title, a leading title agency in Michigan. Tom is a licensed attorney, real estate broker, title insurance producer and nationally recognized expert on cybersecurity and wire fraud.
Wire fraud is a growing problem for real estate professionals and consumers alike. Fraudsters stole $446 million via business email compromise in the real estate nexus in 2023 (FBI IC3). While there's no silver bullet solution, you can better protect yourself and limit its impact by educating customers and adopting preventative measures. This requires a layered approach with four key practices:
However, even with the best security protocols, fraud can happen. We'll teach you the right strategies to prevent wire fraud from ruining your business.
Most commonly, we’ve seen that fraudsters will:
Armed with the right information and access, fraudsters can easy take advantage of a transaction. In the age of social media, where information is actively shared, that makes it easy.
You should set up measures to limit their access to your PPI (private personal information). Let's explore a few ways to ensure your information can't be used against you.
Fraudsters will exhaust every available resource to gain leverage against you. Here are a few tactics to help limit their access.
1. Limit Publicly Available Information
Though running a business requires that certain information be public, you can protect sensitive data by:
Train your employees and yourself to think like a hacker and minimize the ammunition you give them.
2. Use Strong Spam Filters
An effective email filtering system is a top method to shield employees from encountering phishing emails. Products like MimeCast and SpamBully provide solutions that filter these emails.
Preventing criminals from emailing your employees reduces the chance of them stealing account information and lowers the risk of fraud.
3. Try To Hack Your Employees
Many businesses are hiring companies to perform phishing tests. They create a phishing email, send it to your staff, and see who falls for it. These tests raise employee awareness and help them avoid repeating the same mistake.
You can also perform your own tests with products like CoFense and Sophos. They imitate real phishing attacks and provide analytics and reporting to find weaknesses.
We recommend Google‘s phishing test if you’re looking for a free solution. It provides a great set of emails that show how to identify phishing emails.
3. Real-time system monitoring
Perimeter security—such as a firewall, web-content filtering, malware protection, and geolocation blocking—helps keep your organization's network threat-free.
By monitoring all web activity that enters and exits the network, perimeter security identifies unusual patterns or abnormal behavior and takes action to stop it.
4. Secure Your Accounts with Two-Factor Authentication
Two-factor authentication (2FA) is another way to secure accounts. 2FA requires account owners to enter both a password and an additional piece of information, like a unique code, to log in. Even if a hacker knows an account’s username and password, they can’t log in without the third authentication detail.
Most social networks and email providers make it easy to turn on 2FA. Google Account, Facebook, LinkedIn, and Instagram all allow users to turn on 2FA using a variety of methods, including SMS, call verification, security keys, prompts, and third-party apps.
One final step is to educate your customers and referral partners about the benefits of 2FA.
We can’t take anyone’s identity for granted when wiring money. Scammers thrive on exploiting trusted relationships and target people who don’t use identity verification methods. But if identities are confirmed properly, trust is never breached and fraud never occurs.
There are practical ways to confirm identities and educate your employees, referral partners, and customers on the importance of identity verification.
Title companies, escrow providers, financial institutions, attorneys, and real estate agents must work together to gather and share transaction participants’ identity information securely. The earlier this occurs, the better protected buyers and sellers will be.
Gathering data early gives more time to create trusted communication pathways before the closing date. Agents have time to securely store the contact information and educate buyers on the risk of wire fraud. Everyone is better off, and the real estate transaction can run as safely as possible.
A well-defined internal process for receiving and sending wire transfers provides consistency and allows employees to spot behavior that could be fraudulent.
Proper education and clear instructions for customers can save them from losing their life savings. Most people are not familiar with wiring funds because they only do it during a real estate transaction. Transaction instructions should include how you will share wiring instructions and who is authorized to give wiring details.
Ensure that everyone in your organization and your customers know how to spot cybercrime. Here are some common red flags to look out for in phishing emails:
Whether you validate transfers over the phone, in person, or using software like CertifID, you need a proven way to authenticate wiring details and identities. Using these precautions will stop fraudsters in their tracks.
With these strategies, your organization will be protected from wire fraud, benefiting you, your employees, and your clients.
Learn more about what steps to take if you fall victim to wire fraud.
What specific steps can individuals take if they fall victim to wire fraud?
If you fall victim to wire fraud, take these four actions:
1. Immediately contact your bank.
2. Inform the police about the incident.
3. Consider reaching out to the FBI if you are in the US.
4. Additionally, notify any other parties involved in the transaction or your business about the situation.
Also, consider reporting the fraud to the FTC for help and to prevent future scams. For more, read our blog post.
How effective are different two-factor authentication (2FA) methods, and which ones are recommended for the best security?
Generally, not all 2FA methods offer the same level of security. For instance, SMS and call verification are less secure due to vulnerabilities like SIM swapping attacks. More secure methods include the use of authenticator apps (such as Google Authenticator or Authy) that generate time-based one-time passwords (TOTPs), or even more securely, the use of physical security keys that adhere to the Universal 2nd Factor (U2F) or FIDO2 standards. These keys provide robust protection against phishing and account takeover attacks.
Co-founder & Executive Chairman
Tom Cronkright is the Executive Chairman of CertifID, a technology platform designed to safeguard electronic payments from fraud. He co-founded the company in response to a wire fraud he experienced and the rising instances of real estate wire fraud. He also serves as the CEO of Sun Title, a leading title agency in Michigan. Tom is a licensed attorney, real estate broker, title insurance producer and nationally recognized expert on cybersecurity and wire fraud.