Florida ARECs Blog

Attorney Members, Real Estate Professionals, Consumers

Florida ARECs is dedicated to providing the most up-to-date and relevant resources for its Attorney Members, as well as helping fellow Real Estate professionals and guiding consumers.

 

 

Your Email is Being Watched = Your Clients Victimized: The Hack Story

By: Richard Zaretsky, Esq., Richard P/ Zaretsky P.A. Attorneys at Law

There are people out there that are looking for your email address but they are neither buyers nor sellers. Their goal is for YOU to help them steal money from YOUR client. They are thieves, crooks, scoundrels, terrorists, and intentioned with the worst of motives. Why do I know about this - I just saw it happen!!

YOU ARE THE WEAK LINK -

Let’s say you are a real estate agent and you publish your email address on your website. Everyone knows your email address – essentially when I say everyone, I mean anyone looking for a real estate agent could find you and your email address. We all love for people to know our email addresses so they can email us and hopefully we snag a new buyer or seller. After all it is the way things work. This opens a tremendous door for you to be the accessory to a crime of major proportions.

HACKING IS A REAL THREAT TO YOU

The problem of email hacking of real estate agents is being well documented and the National Association of Realtors and probably your state and maybe local Realtor boards have articles published on the problem. See an excellent article of explanation at this link – Email Wire Fraud Hack Article. Notwithstanding, plenty of agents are still being used as the tool for theft. Essentially you are the key to unlock a treasure trove for their crooks – and you won’t know it until it is too late. This article gives you an example one occurring though our title company office just this week. The weak link in security was the real estate agent’s email account.

HERE IS HOW IT WORKS

A title company gets an order for a real estate transaction. The transaction needs to move through the typical processes of getting the initial contract deposit, working up the file and title for the closing, and then when it comes time to close, the balance of the funds get wired to the closing agent, which funds are then used for the transaction with the seller getting the proceeds after the closing expenses and real estate agents are paid.

SET-UP FOR DISASTER

Almost every real estate agent wants and needs to be part of the process. They are kept in the loop by getting status reports and often they are provided copies of the emails sent to the buyer or seller (their client) and those include the closing documents along with the buyer instructions to send the monies to the closing agent. This inevitably includes the wire instructions. Often the buyer’s real estate agent acts as the liaison and receives all this information on behalf of the buyer and then sends it on to the buyer.

So now this scenario probably seems pretty familiar to all real estate agents.

OK - YOU HAVE BEEN HACKED - SO WHAT?

What if you were the real estate agent and unknown to you, a thief had hacked into your email account and has been monitoring it for the past two or three months. That thief has been watching every email you send and receive - even your closest secrets. The thief sees that you are involved in a transaction that is scheduled to close shortly and they have every document you have received and sent on this very deal – from purchase contract to inspection report. Now you get the wire instructions and closing package as a courtesy copy from the title agent. Here is how the fraud now begins. [Note that all names and email addresses are made up for this article].

1. The monitored transaction shows that the title company is sending or has sent to the buyer the closing package including the wire instructions.

2. The thief sets up a new email account that looks very similar to the real email account but is different. For example, closing@firstam.com would be the real email address of the closing agent at First American Title. The thief sets up a new account – costing about $15 and taking all of 2 minutes – for closing@firstams.com. They just added an “s” to the end – hardly noticeable especially if you are using a smartphone or iphone for your email.

3. The thief now has already set up a real bank account, which could be in a USA bank or overseas. In the real life commercial transaction example it was set up at Chase Bank. Using that email address (with an “s” on the end) the thief sends to the Buyer this email (the blanks are redactions to protect privacy) the real message from the real closing agent but with substituted wire instructions:

-----Original Message-----
From: mm@landtitles.com>
To: cH ck77@aol.com>
Cc: jy1 J1@aol.com> (she is the seller’s agent)
Sent: Fri, Feb 19, 2016 4:16 pm
Subject: Closing at Land Title

Good afternoon Mr H and Jo

Attached please find the following documents for Mr. H to execute:

1. HUD Settlement Statement – initial the first two pages and sign the third page;

2. Utility, Maintenance and Open Permit Hold Harmless Agreement – sign where noted;

3. Privacy Notice;

4. Closing Statement Addendum – sign where noted;

5. Closing Affidavit – sign in the presence of a Notary;

Please forward all signed documents by email along with a COPY OF YOUR DRIVER LICENSE and mail the originals to my attention on my email.

 

Please wire the amount of $9x,xxx.25 to our account, I have attached wiring instructions. and please advise and send wire confirmation as soon wire has been initiated. Wire should be in our account 48hrs prior to closing.

Jo – I will need Addendum signed by Mr. H reducing the purchase price to $1xx,000.00

Thank you

Mary

Title Processor/Closer

Land Title

THE INFORMATION CONTAINED IN THIS TRANSMISSION IS CONFIDENTIAL INFORMATION INTENDED FOR THE USE OF THE INDIVIDUAL OR ENTITY NAMED ABOVE. IF THE READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE IMMEDIATELY NOTIFY ME BY TELEPHONE AND PERMANENTLY DELETE THE ORIGINAL AND ANY COPY OF THIS E-MAIL AND DESTROY ANY PRINTOUT THEREOF.

 

4. The thief now is in possession of the closing document package and wire instructions from the closing agent. But the Buyer is also in possession of the correct information from the closing agent. Here is where it gets creative. The thief now sends out an email to the Buyer and maybe the real estate agent from the phony but real new email address and it looks like this:

-----Original Message-----
From: Marymm@landtitles. com>
To:Patricia p@sl.com> (she is the buyer’s agent)
Cc: CHck77@AOL.COM>
Sent: Thu, Feb 25, 2016 10:36 am
Subject: Re: FW: Wire to Chase Bank

Hi Patricia & H

We have just been informed by our accounts department that all our escrow accounts are currently undergoing taxation audit. Here is our wiring instruction.

Please advise as soon as wire has been initiated.

Thanks

Mary

Title Processor/Closer

Title Company HOURS ARE 7:00 TO 3:30.

THE INFORMATION CONTAINED IN THIS TRANSMISSION IS CONFIDENTIAL INFORMATION INTENDED FOR THE USE OF THE INDIVIDUAL OR ENTITY NAMED ABOVE. IF THE READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE IMMEDIATELY NOTIFY ME BY TELEPHONE AND PERMANENTLY DELETE THE ORIGINAL AND ANY COPY OF THIS E-MAIL AND DESTROY ANY PRINTOUT THEREOF.

 

5. Now everyone is confused but it makes sense except if all the accounts were in audit, then what account is this new one? Isn’t it part of “all”? The buyer and the real estate agent now also probably “reply” using the phony email address so they are communicating directly with the thief – and by-passing the real closing agent. And in fact that is what occurred, leaving the real closing agent out of the loop and the fraud now going on directly between the Buyer and the thief and usually the real estate agent as well.

It looks like this:

-----Original Message-----
From: Mary mm@landtitles.com
To: CH ck77@aol.com>
Sent: Fri, Feb 26, 2016 9:07 am
Subject: Re: Wire to Chase Bank

On Fri, Feb 26, 2016 at 3:16 PM, C H > ck77@aol.com wrote:

We have been given three different wiring instructions and hope the last one is right. As it costs $20 each time we send plus the additional taxes accruing perhaps closing statement needs to be revised to reflect. I have never had this kind of trouble to close a deal

Sent from my iPhone

CH

Where is the Wire?

6. The real closing agent is looking for the wire and it does not show up. The buyer insists the wire was sent. A day later the buyer sends to the closing agent – the real one at the real email address because finally the Buyer picked up a telephone – where the wire was sent and the fraud is now discovered. In the meantime the wired funds, which were received by the thief’s bank, have been forwarded to an overseas account and are no longer recallable by the buyer’s bank.

The implications are huge. In some cases the buyer is only liable for $50 for the fraud and the buyer’s bank takes the loss – which can be staggering. But getting reimbursed could take longer than the seller is willing to wait – putting the buyer in breach of contract.

 

Best Practices-

“Best Practices” is a phrase that is bantered about in the real estate closing business. Sounds to me it’s more like “Lazy Practices”. This experience is an example of how even Best Practices can be compromised.

A solution – and one that we have implemented in our title company – is that wire instructions are only given by telephone or fax. And our introduction letter gives specific instruction as to our email address and that we will never change any instruction regarding our bank. We also use the most reasonably secure method of transmitting wire instructions to the person sending the wire.

But Best Practices? Our great technology seems to periodically turn into our worst nightmare. To protect our clients we are doing what our bank does – USE THE TELEPHONE! Emails make us lazy. In every one of the emails where the Buyer was questioning the wire instructions from the thief and communicating directly with the thief, never once was there a phone call made to the real closing agent – whose signature block in each of the thief’s emails was indeed correct as to the real telephone number! Thus the thieves are playing the odds that we and our clients are lazy. And the thieves are successful because they are right – WE ARE LAZY!

Real estate agents and closing agents should consider regularly changing their email password so if they have been hacked, the hacker needs to start again or abandon the “watch” once there is an interruption in access to the agent’s email account. Diligence by all the professionals involved should be the highest priority. AND REDISCOVER THE TELEPHONE!

-----------------------------------------

Copyright 2016 Richard P. Zaretsky

Be sure to contact your own attorney for your state laws, and always consult your own attorney on any legal decision you need to make. This article is for information purposes and is not specific advice to any one reader.

Richard Zaretsky, Esq., RICHARD P. ZARETSKY P.A. ATTORNEYS AT LAW, 1615 FORUM PLACE, WEST PALM BEACH, FLORIDA 33401, PHONE 561 689 6660 RPZ@ZARETSKYLAW.COM - FLORIDA BAR BOARD CERTIFIED IN REAL ESTATE LAW - www.ZARETSKYLAW.com.

The opinions of any particular author are not necessarily the opinions of Attorneys' Real Estate Councils of Florida any of the local Real Estate Councils or Attorneys’ Title Fund Services, LLC.