The current market for housing is still tight, with skyrocketing demand and an ever scarce supply. Unfortunately, the market is not only attracting buyers, but also the opportunists who want to take advantage of the loopholes of the system.
ENTER SPEAR PHISHING
No, it’s not a misspelling.
As known in the real estate industry, spear phishing is a form of cyber attack that seeks unauthorized access to user information. These attacks are done mostly for malicious purposes such as for financial gain or to install malware to a remote computer, among others.
How does it work?
Hackers may target individuals or businesses. They infiltrate a buyer or a real estate agent’s email account to get information about real estate closing dates. After they extract the needed information, they send an email to the buyer, posing as the agent or the lender to ask for the down payment money.
Usually, the email would tell the buyer that there’s been a last-minute change in the wiring information and that they should follow the instructions explained in an attachment.
WHAT COULD YOU LOSE?
Aside from your money – which could be worth years in savings, there’s your sensitive personal data and financial information, and of course, the house.
In a recent attack, a couple was tricked by a phisher into wiring their money worth more than $50,000 to a hacker’s account. They were just lucky to recover the amount after the local police department helped with the case and the timing was enough for them to stop completing the transaction.
Unfortunately, a lot of past victims didn’t share the same luck.
HOW CAN YOU TELL?
Of course, everything would seem to go fine in the beginning. The phishersusually only launch their attack when the closing date of your buying transaction nears. So if you get an email from your realtor during these crucial days, that would be immediate ground for suspicion – especially when it concerns money.
Posing as your agent, the email would inform you that the wiring information has changed in the last minute and that a new account is set up to receive your payment.
The best way to do when this happens is to first confirm with your agent if the email is really from them. Legit real estate agents know better than to let you risk your finances online.
Usually, if there’s been a change in your closing, all parties involved in the sale are informed. These are also mostly channeled through the people handling the closing and mostly the buyer is given enough heads up time.
Beware of downloading any attachment as they can install a malware in your system and cause more headache to vulnerable, ill-secured computers.
The Federal Trade Commission(FTC) has issued warnings to home buyers and realtors about these rapidly popularizing real estate phishing scams.
- If you are buying a home or have signed a contract and are on your way to closing, you are encouraged to never disclose financial information via emails.
- If you really had to put sensitive information online, make sure the site you are visiting is secure. Experts advise that secure sites usually begin with an HTTPS instead of just HTTP, although this may not always be the case as some persistent phishers have purchased security certificates for their sites as well.
- Do not click on links to visit a recommended site. Instead, type the address in the address bar yourself.
- And always update your operating system, your browser, and security software.
As long as there are loopholes to exploit, any determined hacker can penetrate a computer system. And while some systems are harder to penetrate than others, you can only be too careful.
The best thing you can do is to ensure your security online, keep sensitive information sharing to as minimal as possible, and exercise precaution when doing sensitive transactions via the web.