The 13-office, 900-plus agent Carolina One Real Estate Services in North Charleston, S.C., has been targeted by scammers on email practically every day, says IT Director Les Sease. So far, his team has been successful in repelling invasions.
“There’s one specific example, but I’ve seen it repeated a few times, and it’s always at about 3:30 on a Friday afternoon,” he states. “We started seeing emails that hadn’t been picked up by any virus scan or detection service. These emails were flying under the radar, but they were placing a third party in the middle of a transaction the company was handling.
The scam went just like the ones you’ve read about. “They did the traditional hack, read emails about what was going on, and waited right to the point of an imminent closing when money needed to be transferred,” explains Sease. “Then they created a copycat domain name. It was just like carolinaone.com, and they just varied a character in it. Think about an L or capital I that sometimes with the right font will look exactly alike.
“Then they’d set up a domain for free within G [Google] Suite, which is what we use as our platform,” adds Sease. “They got in the middle of the transaction and made themselves look like someone official in the company and sent an email.”
In one case, an alert closing coordinator got the email but was confused since money had already been transferred. She emailed the company staffer who was purportedly giving instructions for the wire, saying: “I thought we’d taken care of this.”
Sease was alerted, and he contacted Google to report the copycat domain, which he says is the fastest way to address these scams. When these kind of emails come in late on a Friday afternoon “when they think nobody’s paying attention or they’re rushing to get things done,” Sease says, “if nobody grabs this, we’re into the weekend. The hackers were betting that nobody was going to pick up on this.”
As for concerns about the potential dings to the company’s reputation because of these sort of attacks, Sease notes, “When we address these situations appropriately and communicate with everyone, including the client buyer or seller, then I think we’re handling them well. Whenever you can first stop the process, and then begin the communication process with all those involved, you’ve taken care of the obligation to figure out what’s going on. In this case, we escalated the situation to the FBI and other governmental resources. That’s what helps protect the reputation.”
But rooting out scammers using today’s tools doesn’t necessarily offer protection from future attacks that will undoubtedly grow more sophisticated. “Where people can find the smallest hole to exploit, they will. The more you train folks to be aware, then you begin to increase the ability to stop future breaches from happening. I don’t think you can overcommunicate that. Ultimately, it’s going to be our own vigilance—and everybody working together—to solve things like this. The more we are aware, the better off we’re going to be.”