Thursday, April 21, 2016

BEWARE - You and Your Clients Are a Target For This Real Estate Scam



Originally posted to Real Estate, The Economy, and News on March 24, 2016

Cyber-criminals are finding new methods every day to steal personal and financial information. Their techniques range from phishing scams to buffer overflow techniques and brute-force password hacking. Banking institutions have found themselves under attack far more than usual in recent years, and have in turn begun to incorporate stronger security measures in an attempt to block hackers. As a result, many scammers/hackers have moved on to what they believe are "easier targets." focusing on normal people rather than financial institutions, Just last week, the Federal Trade Commission and the National Association of Realtors issued a warning to consumers that they must be hyper-vigilant in order to avoid recent phishing schemes that have been targeting closing costs on real estate transactions.

The National Association of Realtors, along with the Federal Trade Commission, issued their statement warning people to be on the look-out for a specific scheme targeting those involved in a real estate transaction. First, the hackers gain access to the email account of a customer, real estate agent, or escrow officer, and use the information to keep up-to-date on the transaction and determine the closing date. When they have figured out the closing date, the scammer sends an email that has been masked in such a way that they are able to impersonate the escrow company, title company, or real estate agent, telling the customer that the wiring instructions had a last-minute change. If the customer takes the bait, they send their funds to the scammer's account, which can be emptied in minutes.

Sepulveda Escrow utilizes encrypted and secure email when sending documents with sensitive and confidential information. In addition, documents can be returned via email through this secure portal. Sepulveda Escrow has also instituted new procedures to contact Clients directly to confirm details, rather than relying on email or contact through a third party. (Please see end of this blog for some helpful tips.)

It is imperative to know that cyber criminals don't always need to be able to break through firewalls or use high-tech software to get your personal information or access your computer's data. Quite often, hackers use more subtle tricks to gain access. Phishing schemes are one of the most common ways by which they trick potential targets. One example of phishing is when a hacker sends a mass email to a group of people and makes it look like the email comes from a bank or other online payment platform. The email requests that the recipient verify their login information by following a link. The link leads to a page that closely resembles the actual login page for the financial institution, but when the user inputs their login information, the hacker records the username and password, thereby enabling them to access the account and steal their money.

Another example of phishing is when a hacker contacts a target or a group of targets under the guise of an Official informing them that they have been the victim of a scam. They then tell the recipient that they can help them fix the damage, but first ask for certain sensitive information like Social Security number or bank information, to "verify" what data had been "stolen."  While you may look at this and think that the scheme is too obvious to be effective, statistics show that approximately 0.4% of recipients fall prey to such attacks. In other words, if a mass email is sent to 10,000 people, about 40 of them will have their information successfully stolen.

While phishing is historically the easiest and most effective method by which hackers are able to steal personal or financial information, there are several other methods. A buffer overflow attack, used by more sophisticated hackers, involves inputting many lines of code into an online form in order to overload the system and allow the hacker to steal data inputted by previous customers. A brute-force password hack involves a computer program that inputs all kinds of combinations of letters, numbers, and symbols, until the correct password has been found and the hacker has gained access to an email or other kind of online account.

Finally, hackers often package viruses or worms into free online software or as attachments to mass emails. Such viruses can enable the hacker to record keystrokes, thus giving them access to many of your passwords, or enable them to access built-in microphones or webcams on laptops. Simply opening such an email or downloading an infected attachment can lead to a virus being installed on your computer or mobile device. Fortunately, anti-virus software can often help to detect and remove these viruses, but hackers are constantly finding new ways to avoid detection by your anti-virus program. The best way to avoid getting such viruses is to be careful when downloading anything, and to avoid opening any emails that seem suspicious or come from unknown or unreliable sources.

Here are some tips to help you avoid being affected by similar scams. First and foremost, if something doesn't look right or feels even a little bit suspicious, don't hesitate to double-check it. Don't rely too much on emails. Instead, pick up the phone and call your escrow officer or realtor to make sure that everything you have received is correct. Don't open email attachments you aren't expecting. Additionally, you shouldn't trust financial information that has been sent via email, nor should you send any of your own financial information via email, because it usually isn't secure. In general, wiring instructions are sent by fax or encrypted email message. When inputting personal information on a website, check the address for "https," of which the "s" stands for secure, meaning that your information will be better protected.

Be very careful when opening attachments or downloading anything from an email, no matter who sent it to you. Just because you recognize the email address, doesn't mean that the message actually came from the person you associate with that email address. It's possible that a scammer could have hacked a friend's email, or could have disguised their email to appear as if the message came from a friend's email address. Proceed with caution. Being aware and cautious can save you a lot of hassle in the long run. 

Biggest Tip: Following up on the phone after sending an email may seem burdensome, but we at Sepulveda Escrow find that it is always worthwhile to go the extra mile to avoid financial losses and potential lawsuits.

***************************************************************************************************
Find out more about us at www.sepulvedaescrow.net. Any Questions? Contact our Escrow Expert! Sepulveda Escrow Corporation (818) 838-1831. Follow our company on FacebookTwitterLinkedIn, and Google+.
***************************************************************************************************