How to Identify and Protect Against Real Estate Scams

Wire fraud has become a big business. International cyber fraud syndicates have become highly sophisticated and go to great lengths to make victims act on their instructions. Many victims of wire fraud don’t even realize they’ve lost their money until it’s too late.

In the real estate market, fraudsters use different methods to trick the buyer into using false wiring instructions. Let’s take a look at some techniques often used, and how to build your best defense.

In this article:

• How to identify real estate scams
  • Email phishing
  • Spear phishing
  • Whaling and business email compromise
  • ‍Vishing
  • Social engineering
• How to protect against real estate scams
  • Educate clients early and often‍
  • Offer secure payment instruction options‍
  • Practice strong cybersecurity hygiene‍
• Knowing how fraudsters work Is key to stopping them

How to spot real estate scams

Most often, scammers claim to be from a trusted company. The hacker will explain that there’s a problem with your account and direct you to a malicious link to solve the problem.

The link might look real, but it’s actually a clone designed to steal your login details. In the example below, the webpage looks realistic and trustworthy, but if we look at the URL, we can see that it’s misspelled.

‍

On clone sites, hackers replicate the login pages of trustworthy websites, and prompt you to enter your details. After you enter your login credentials, the clone website records and sends them to the cybercriminals. 

Sometimes, after you enter your login credentials, the fake site explains that you have done so incorrectly and redirects you to the real website, increasing the chances that you won’t realize your details were stolen.

Another technique is to convince the victim to download key-tracking malware. This malware tracks what is typed on the computer, including passwords and usernames. All the data is then sent to the hackers.

‍

Email phishing

Phishing is when criminals send emails to as many people as possible to capture their account credentials or personal information, such as bank and credit card details. 

In real estate scams, hackers often spear phish, or intentionally target and attack people to get their email account credentials, like usernames and passwords. 

With phishing, it is common for hackers to:

• Send an email claiming to be from a trusted organization, such as a bank, email provider, or electronic document platform,
• Send the email from a disguised address and include logos and taglines of the company they’re spoofing, and
• Provide a convincing reason for needing the information and negative consequences for not sending it.

Spear phishing

Spear phishing is a targeted scam that occurs when a fraudster sends an email from a cloned account, using the same name, email, job title and signature of a trusted source. In real estate, fraudsters pose as the buyer, current property owner, title agent, or realtor.

The scam artist will attempt to get confidential information through fake websites or log-in portals. They may even ask for financial details. In real estate, they commonly send over “updated” information for a wire transfer and pressure you to make an upfront payment.

‍

Spear phishing attacks are less likely to be flagged by spam filters because the emails aren’t sent to many people simultaneously. They may also be sent using an email address that hasn’t been used for phishing before.

These emails often have warning signs. Sometimes, they come from unrecognized email addresses. Or they might ask you to deviate from the original wire instructions and take an immediate action: wire funds, click a link, disclose confidential information. Slowing down and confirming authenticity first may pay big dividends in the long run.

Whaling and business email compromise (BEC)

Whaling is a scam tactic that fraudsters use to target or impersonate business owners and high-level executives and gain access to their accounts. With the information they learn, fraudsters craft convincing messages from higher-ups to trick someone of lesser authority into sending money to fraudulent accounts. For example, a fraudster may impersonate the CEO in a message to the company’s controller to pay a large invoice or transfer a significant sum of money.

In the case of real estate fraud, hackers often use a title company owner’s email account to run a business email compromise scam. They use the compromised account to convince employees to wire money to their bank accounts.

Emails used for whaling and business email compromise generally steal passwords through techniques such as key-tracking malware and spoofed hyperlinks. There are many techniques hackers use to spoof hyperlinks:

• A cloned domain name: A scammer might use a URL that looks like a legitimate company’s web address, but it’s actually a site controlled by the scammers. 
• Change the text that is displayed to a different link: When linking in an email, there is nothing stopping a hacker from changing a link's text. For example, the following link mail.google.com actually goes to CertifID’s homepage.
• Mask the email address used to send the email: Using the right software and an SMTP server, scammers can make it appear that emails are from any address. If these emails get through your spam filter, they can be difficult to spot and may require you to check the IP address to see where the email originated.

Be wary of personalized emails asking you to verify account details or transfer funds. If you’ve got any doubt, don’t act!

Vishing

Vishing, or voice phishing, is one of the fastest-growing strategies in the US. Hackers will call a victim or leave a voice message that seems like it’s coming from a trusted party, such as the title company, real estate agent, attorney’s office, or bank.

Fraudsters will often lead with specific transaction details and state that the call is being made to protect the person from fraud. This builds instant credibility and disarms the victim. Their end goal is to convince the victim to use the new wiring instructions and send funds.

Vishing scams have become more convincing as fraudsters leverage technology platforms that allow them to spoof phone numbers. These display the name and number of a trusted party on the caller ID.

As many business phone numbers are publicly listed on their websites, it isn’t difficult for a hacker to find them. They can even find personal phone numbers by hacking into email accounts or using paid identity services.

Social engineering

Access to email accounts, transaction information, and techniques such as vishing allows fraudsters to convincingly manipulate their target. This is called social engineering.

The social engineering techniques used in real estate are some of the most convincing. Cloned emails and knowledge of the transaction give fraudsters a leg up when they send emails to their targets.

Additionally, fraudsters are able to apply pressure by introducing an element of immediacy, as well as serious repercussions for not following the instructions.

For example, fraudsters may impersonate a title company, send a buyer a fake email asking for a wire, and threaten to walk away from the deal if the transaction does not occur immediately. 

‍

How to protect against real estate scams

To protect your business, clients, and your reputation from real estate scams, it's important to think proactively. Here are some key actions you can take to stay ahead of fraud attempts lurking around the corner.

Educate clients early and often

To stay ahead of evolving real estate scams, proactively educate clients. Some of the most effective techniques include:

• Providing resources and information to clients on how to identify and report real estate fraud
• Teaching clients about common warning signs of phishing emails and suspicious transactions
• Offering guidance on how to verify the legitimacy of communications, documentation, and transactions
• Encouraging clients to ask questions and seek help if they are uncertain or suspicious about any aspect of a communication or transaction
• Sharing real-life examples of real estate scams, key indicators of a scam, and methods to avoid scams

Offer secure payment instruction options

Take the sensitive financial information out of less secure forms of communication by leveraging an industry-leading platform like CertifID, which gives your clients and business the ability to:

• Utilize end-to-end encryption to protect communications and the sharing of sensitive financial and account information
• Independently verify the identities of all parties involved in a transaction before sharing sensitive information or initiating a transfer
• Take additional steps to independently verify bank routing information to ensure that it is accurate and legitimate
• Offer access to professional fraud recovery support, if the unthinkable ever happens due to improper or lack of verification 

Practice strong cybersecurity hygiene

Because it's difficult to predict what techniques fraudsters will attempt next, it is equally important to ensure that your organization and employees are practicing strong cybersecurity hygiene. These steps include:

• Enabling two-factor authentication (2FA) on customer accounts and key systems to prevent unauthorized access to sensitive information
• Enforcing password policies that require a combination of letters, numbers, and special characters, and that users change them frequently
• Educating employees on how to recognize and report suspicious activity such as phishing emails or requests for personal information
• Verifying the identity of all parties involved in a transaction before sharing any sensitive information or making payments

‍

Knowing how fraudsters work is key to stopping them

The real estate industry has made significant progress in identifying and preventing real estate scams, but cybercriminals are still finding new ways to trick victims. This is especially true as new digital tools become more accessible and ubiquitous, paired with fraudsters who are more sophisticated, creative, and bold in their tactics. 

It is more important than ever to take proactive security steps such as educating your clients, securing the wire transfer instruction process, and practicing strong cybersecurity hygiene. By staying ahead of the latest fraud tactics like those shared in this article and taking proactive measures, your business can better safeguard your organization, clients, and reputation from the damaging effects of real estate fraud.

if you'd like to see how CertifID can help keep your business safe from these kinds of tactics, request a demo.

‍