I received a panicked call ten days ago. The agent who listed the home my client was buying told me he needed to talk with me right away.
My client had signed his closing documents the day before and we were just waiting for the lender to transfer money to the title company and close the sale of the house. What could go wrong at this stage of the transaction?
The listing agent, Mike, told me that two hours after the sellers signed their closing documents, the title company received an email from him asking them to change the account where they were to send the seller proceeds. (The amount was approximately $200,000). The email was from Mike’s email address, had his exact signature block and even referenced the file number. Because Mike had a long relationship with the title company, and it was unusual to receive such a request, the escrow officer called Mike to confirm. Sure enough, someone had hacked into Mike’s email account and sent that email to the escrow officer. Mike and I both breathed a sigh of relief that the experienced escrow officer thwarted the criminal activity.
What would have happened if the proceeds had gone into a mysterious bank account instead of the sellers’ account? Would my buyer still owe a 30-year mortgage and have no house to live in? The ramifications were frightening to Mike and me. My client has no idea about this close call.
Exactly one week later, on October 12th, my gmail account was hacked. Hundreds of people received an email from me asking them to open a document. Every one of my saved emails was gone. It felt like someone had robbed my house. Fortunately, I learned of the hack 10 minutes after the fake email was sent and I was able to change my password and add 2-step verification to secure my account. I received tons of emails the day of the hack and the next day from people asking me if I had sent them the email, informing me I was hacked, etc. To say this was a distraction is an understatement.
So, what can we all learn from this?
- I’m no longer saving emails in my gmail account. It is not a safe place.
- Although my brokerage requires buyers and sellers to sign a “wire fraud” disclosure, I am having a verbal discussion with each client about the danger of wire fraud. Under no circumstances should clients wire money unless there is a verbal confirmation.
- I will coordinate very closely with the escrow officers involved in my transactions to ensure they understand that they should not wire proceeds without a verbal confirmation from the client. Generally the seller provides a hard copy of wiring instructions either in person or as part of a Fed Ex pack. Any instructions sent via email should always be confirmed verbally. Financial services companies have followed this protocol for years.
Cyber crime is here to stay. If a candidate running for President of the United States can be hacked, so can you. Take steps to secure your email account and verify all wire transfers to ensure you are not a victim of cybercrime.
Has your email ever been hacked or have you been a victim of cyber crime? Please comment.