Window to the Law: Best Practices for Cybercrime Prevention

Cybercrime has become one of the most profound and immediate threats to businesses around the world.  While national news headlines would lead us to believe that governmental entities and international banks are the prime targets of cybercriminals, that’s not necessarily the case.

Let’s start with some scary statistics:

-        In 2016, approximately 50% of small to midsized businesses reported an attempted cyberattack.   

-        When that attack resulted in the loss of business assets - including confidential or sensitive business data - the average cost to the victimized business ranged somewhere between $690 thousand dollars to $1.8 million dollars. 

-        Perhaps unsurprisingly, given those numbers, the U.S. National Cybersecurity Alliance reports that approximately 60% of small businesses go out of business within 6 months of being victimized by cybercrime.

And here’s the cherry on this rather awful statistical cake:  Our real estate industry – right now – is squarely in the sights of cybercriminals. 

Over the past two years, real estate professionals have been victimized – repeatedly and often – by a particularly dangerous and successful cybercrime involving wire fraud. 

The crime is as follows:  A hacker breaks into the email account of a real estate professional, or someone else involved in a real estate transaction, and quietly gathers information.  He then sends a convincing, well-crafted fraudulent email to the prospective homebuyer.  In this email, the hacker pretends to be the real estate professional or another trusted advisor, and instructs the buyer to send transaction-related funds - often the earnest money or down payment - via the hacker’s fraudulent wiring instructions.  The homebuyer wires the money, and as soon as the wired money lands in the hacker’s account, the funds – and the hacker – disappear forever. 

This is happening all the time.  So what do we do? 

First let’s talk prevention.  In order to help your clients avoid being the subject of a cybercrime, consider taking, or encouraging your clients to take, the following measures: 

•        First - Communicate and educate. From day one, inform your clients about the possibility of this fraud. 

•        Also, whenever possible, avoid sending wire-related information – or any sensitive information for that matter – via email.  Instead, consider using a secure transaction management platform or document-sharing platform to share transaction-related information.

•        Third, instruct buyer clients to call the intended recipient of wired funds immediately prior to sending the wire, using an independently verified phone number. (And by “independently verified phone number” I mean that the buyer should not call the phone number listed in an unverified email, or else she may end up talking to the hacker himself.)

•        Avoid doing business over unsecured wifi.

•        Finally, implement strong email security practices.  Some best email security practices to consider include:

-        Never clicking on links or attachments in unverified emails. 

-        Checking your junk mail and sent mail folders for unrecognized activity. 

-        Regularly purging your email account.  The more data you store in your email account, the more data a hacker has at his fingertips.  

-        Using strong passwords – and changing your passwords regularly.  In addition, try to avoid using the same password for multiple accounts.

And what if, despite your best efforts, your client’s transaction is hit by wire fraud?  The victims should consider the following measures: 

•        First, immediately contact the local FBI field office.  The FBI has been instrumental in retrieving funds in a number of wire fraud cases.

•        Also immediately - contact all financial institutions involved in the wire to try to stop the funds. 

•        Report the attack to the local police department.

•        Change your passwords.

•        Run anti-malware software to ensure the hacker is cut off from the system.

•        And finally, consider reporting the crime to any appropriate insurance carriers. 

Cybercrime can be devastating to a business, and wire fraud specifically has devastated homebuyers.  The good news is that by empowering yourself with information and the right tools, you can effectively protect your business and your clients from cybercrime.  Check out these additional resources from NAR.realtor.

As always, thank you for watching Window to the Law.