I received a panicked call ten days ago. The agent who listed the home my client was buying told me he needed to talk with me right away.
My client had signed his closing documents the day before and we were just waiting for the lender to transfer money to the title company and close the sale of the house. What could go wrong at this stage of the transaction?
The listing agent, Mike, told me that two hours after the sellers signed their closing documents, the title company received an email from him asking them to change the account where they were to send the seller proceeds. (The amount was approximately $200,000). The email was from Mike’s email address, had his exact signature block and even referenced the file number. Because Mike had a long relationship with the title company, and it was unusual to receive such a request, the escrow officer called Mike to confirm. Sure enough, someone had hacked into Mike’s email account and sent that email to the escrow officer. Mike and I both breathed a sigh of relief that the experienced escrow officer thwarted the criminal activity.
What would have happened if the proceeds had gone into a mysterious bank account instead of the sellers’ account? Would my buyer still owe a 30-year mortgage and have no house to live in? The ramifications were frightening to Mike and me. My client has no idea about this close call.
Exactly one week later, on October 12th, my gmail account was hacked. Hundreds of people received an email from me asking them to open a document. Every one of my saved emails was gone. It felt like someone had robbed my house. Fortunately, I learned of the hack 10 minutes after the fake email was sent and I was able to change my password and add 2-step verification to secure my account. I received tons of emails the day of the hack and the next day from people asking me if I had sent them the email, informing me I was hacked, etc. To say this was a distraction is an understatement.
So, what can we all learn from this?
- I’m no longer saving emails in my gmail account. It is not a safe place.
- Although my brokerage requires buyers and sellers to sign a “wire fraud” disclosure, I am having a verbal discussion with each client about the danger of wire fraud. Under no circumstances should clients wire money unless there is a verbal confirmation.
- I will coordinate very closely with the escrow officers involved in my transactions to ensure they understand that they should not wire proceeds without a verbal confirmation from the client. Generally the seller provides a hard copy of wiring instructions either in person or as part of a Fed Ex pack. Any instructions sent via email should always be confirmed verbally. Financial services companies have followed this protocol for years.
Cyber crime is here to stay. If a candidate running for President of the United States can be hacked, so can you. Take steps to secure your email account and verify all wire transfers to ensure you are not a victim of cybercrime.
Has your email ever been hacked or have you been a victim of cyber crime? Please comment.
7 Comments
Well, Nancy, even though those emails were a “distraction” regarding your email account being hacked, at least it looks like a lot of people “had your back” and were letting you know that there might be a problem. Same thing happened to me last year and I, too, had folks sending me emails regarding the message they had supposedly received from me. I think people are a lot more careful these days about opening any attachments that come with odd requests, even if they are from a known email account. But, as the saying goes, you can’t ever be too careful. My advise is that if you don’t have any business going on with someone whose email you recognize but that is asking you to open an attachment, just delete it and on a separate email let the “real” owner of the email account know that they might have been hacked. Appreciation goes all the way from account holder to receiver.
Maria, thanks for your comment. Good advice.
That is so frightening. I have a great relationship with my escrow officer and lenders, so I hope it would be caught. Reading about this has made me anxious to put some safeguards into place so that it will never happen to my clients.
Where are you archiving your emails?
Wendy, thanks for your comment. I am “printing to pdf” and archiving on my hard drive, which is secure and backed up.
If not saving email in the Gmail account, where are you saving them?
If the email contains important information, I’m either printing and saving a hard copy, or printing to PDF and saving on my hard drive, which I back up
Nancy, Sorry for the delay in getting back to you on this and the trouble this has caused. You’re a significant target due to your role in the Park CIty real estate market. You have access to significant personal data and deal with large financial transactions. There is a ton of good information available online and you’ve already taken one key step which is to use two factor authentication offered by Gmail and most email providers. Here are my top three suggestions:
1) Change your password to something long and complex. Do not use the same password for anything else. The same rule goes for your online banking, credit card, or other financial sites you utilize. Hackers will compromise websites with less than stellar security, harvest user id/password combinations, and then attempt those combinations on other websites such as gmail, Chase, etc. to see if they get a hit.
2) Make sure you have Anti-Virus and Malware protection that is up to date.
3) Be very suspicious of an email from someone you don’t know or don’t expect. Do not click on links or attachments. Always hover above the URL to see if it’s taking you to the site it appears to be.
I suspect you or Mike were targeted by a Phishing email. It’s the easiest way to compromise a persons machine and it happens a lot more often than people think. Give me a call if you want to talk more!