The phishing emails many REALTORS® and homebuyers receive with generic messages, suspicious attachments, or other telltale signs that something is wrong are the low-tech, low-effort segment of a $1 billion problem in real estate: wire fraud.

But as awareness about wire fraud scams increases and companies take steps to secure their networks—and educate their agents and staff about the latest threats—cybercriminals are becoming more sophisticated.

The National Association of REALTORS® provides a Data Security and Privacy Toolkit you can download with information about how to protect your business.

“There’s not much of a limit on the creativity of scammers,” says Brad Schuelke, senior assistant attorney general in the technology

division of the Texas Attorney General’s Office. “Any story they can come up with that might convince someone to send money through a relatively untraceable source … they’ll come up with it.”

Criminals will scour social media or other sources for information that makes their scams more convincing and likelier to deceive or manipulate, a practice known as social engineering. And as individuals and companies take steps to protect themselves, criminals go to greater lengths to steal passwords and personal information, trick people into sending them money, and break into individuals’ and companies’ computer systems.

“A lot of companies don’t recognize they need to secure their networks better,” says FBI Supervisory Special Agent Matthew Perry, who works on cybercrime.

The Federal Communications Commission (FCC) and Better Business Bureau (BBB) offer cybersecurity checklists you can complete to gauge your vulnerability. Go to “BBB 5 Steps to Better Business Cybersecurity” and “FCC Cybersecurity for Small Business.”

After gaining access to someone’s email account or computer, or breaching a business’s network, criminals may take the time to conduct surveillance on how a company operates to make an attack more effective. “They’ll snag the email signatures, how they’re talking—they’ll copy the verbiage from an email,” Perry says. With this information, the fraudulent email with new wiring instructions sounds familiar and believable when sent to a real estate agent
or consumer.

“We’re constantly seeing instances where people are losing money,” Perry says.

A simple phone call and you’ve defeated them.

FBI Supervisory Special Agent Matthew Perry

Report fraud early and address best practices

In an instance of attempted or successful wire fraud, it’s important to report the incident to your local FBI office and the parties involved as soon as possible. The quicker this happens, the more likely it is that the money can be stopped before it disappears. In some regions, including parts of Texas, there are mechanisms in place at the FBI’s Internet Crime Complaint Center (IC3) at to immediately contact the banks involved when fraud is reported. When Perry spoke to Texas REALTOR®, he said early fraud reporting had stopped the transfer of money twice that week.

The bulk of successful attacks can be thwarted by employing “cyber hygiene” best practices, says Mike Spanbauer, vice president of research strategy at cybersecurity firm NSS Labs.

One best practice is to utilize better password hygiene. “Folks use the same password for most if not all accounts,” Spanbauer says. Criminals who steal passwords exposed in major data breaches (such as from Yahoo, Target, Home Depot, and Equifax) can then access users’ accounts for other services and websites.

Wire Fraud: The Next Wave of Online Risks Wire fraud continues to be a top security issue for real estate professionals and their clients—and online threats are evolving. Here is an article that I wanted to pass along from the Texas Association of… Click To Tweet

Where to report wire fraud? Successful or attempted wire fraud should be reported as soon as possible to your local FBI office, banks or lenders involved, and at, the FBI’s Internet Crime Complaint Center. Reports through can be made by the victim or a third party.

Another best practice is to exercise caution when clicking links, opening email attachments, and visiting websites. Criminals can use malicious software known as malware to lock you out of your own system unless you pay a ransom. In addition to the steps individuals can take to prevent ransomware attacks, businesses can guard against and lessen the effects of these attacks by keeping good data backups, limiting who has administrative access to systems, and only using a login with admin access when you need it.

After you understand basic best practices, there are a variety of ways to secure your network. Spanbauer recommends all businesses install a firewall and endpoint technology, which protects all connections to the company network—including remote connections, such as a VPN, and wireless connections. To maintain the efficacy of these protective systems, always install updates and patches.

The next step to protect your data is to find firms that specialize in cybersecurity, such as managed security service providers (MSSPs). MSSPs handle many aspects of cybersecurity through a subscription model, saving businesses the cost and difficulty of adding specialized staff. Internet service providers like Verizon and AT&T offer managed security services, as do local and regional firms that partner with security technology companies such as SonicWall to install and administer their solutions.

Choosing a security firm can be challenging. “Ask for references and speak to other clients,” Spanbauer advises, including asking about how responsive the company has been and whether security is its main service or only ancillary to its business.

Call a known phone number

Phone numbers can be spoofed so that the incoming number that shows up on your phone is not the caller’s real number. Email accounts can be hacked, which means that an email from a client’s or colleague’s email address may actually have been sent by a criminal who gained access to that person’s account. Cyber thieves also create email accounts that appear to be ones you trust. Most people don’t look closely enough at a sender’s email address to detect that a lowercase “l” has been switched to a number “1,” for example. The best course of action when receiving any kind of communication regarding new wiring instructions or bank routing information is to call a phone number you know, Perry says. “A simple phone call and you’ve defeated them.”

“It’s really a matter of verifying, verifying, verifying,” Schuelke says. “When I’m contacting consumers and I tell them I’m with the Texas Attorney General’s Office, I suggest they look me up, call the toll free number, and get routed the long way to confirm.”
Criminals go where the money is—the path of least resistance, Spanbauer says. Perry adds a note of caution for Texas REALTORS®: “Business email compromise, for real estate, is where the money is at.”

I hope this information has been helpful and will be useful to you.  I look forward to visiting with you soon and do not hesitate to contact me if I can help you with any of your real estate needs.

If you've enjoyed this post regarding “Wire Fraud: The Next Wave of Online Risks,” share it on social media and feel free to comment below.

P.S.  If you are looking to sell your home, be sure and get my Special Report “29 Essential Tips That Get Homes Sold Fast (And For Top Dollar) by CLICKING HERE.

P.P.S.  If your listing has expired and did not sell, get my Special Report “20 Questions You Absolutely Must Ask Your Next Agent Before You Sign On The Dotted Line (And Make The Same Mistake Twice)” by CLICKING HERE.

P.P.P.S If you are looking to buy a home, you need to get my Special Report “How To Avoid Paying Too Much (A Simple Guide To Help You Avoid Overpaying For Your Home.) by CLICKING HERE.