Intricate email scams targeting people involved in the sale of residential real estate have increased over the past year.
Here’s how the scam starts: A crook first hacks the email account of someone involved in a real estate transaction. This can be the buyer, seller, lawyers, real estate agents or bankers.
Then the hacker monitors the communications regarding the progress of the real estate sale. When the time is right, posing as one of the lawyers or the bank mortgage officer, the scammer will email the buyer, telling him or her to wire funds necessary to complete the sale to the phony lawyer’s or banker’s account provided in the email.
Everything appears normal, so the unsuspecting buyer wires the money to the thief, who then launders the funds by moving the money from account to account to make it difficult to trace.
In one instance last fall, a Rhode Island couple wired $13,000 after falling prey to the scam, according to a report on WJAR-TV in Providence:
“An agent at Keller Williams Realty of Newport said hackers got into his email account last week. They apparently monitored emails with clients, learning which ones were in the process of closing. Then, he said they created a fake email address to dupe those clients.
‘The email was written in the same font that the email normally is, along with their signature line,’ said (Keller Williams broker Connor) Dowd. ‘They also change the email address by 1 or 2 letters, so if someone didn’t really look at it, they would think it’s coming from their real estate agent.’
“He added, ‘It was specific to the property and the scary part was that the amounts that the hacker was requesting were the exact amounts that would have been put down on this transaction.'”
How can this happen?
Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do. Quite commonly they steal or guess the targeted person’s password or merely answer the security question in order to gain access to the password and the account.
It is the latter method that was used a few years ago by a hacker who took control of Sarah Palin’s email account by answering her security question of where she met her husband. The hacker went to Wikipedia and learned Palin met her future spouse at Wasilla High School in Alaska.
While most of us aren’t famous enough to have our own Wikipedia entry, you probably have put more personal information online — including through social media — than you realize.
What you can do
Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked. This means having a strong password and security question as well as changing your password on a regular basis.
When setting up a security question, you may wish to pick a nonsensical answer to the question so that, for instance, if the question asks where you went to high school, you can make the answer “grapefruit.” This is silly enough for you to remember, but no identity thief will ever find the answer to this question online.
Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.
Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed the request and the account to which you are being asked to wire the funds are legitimate.
Steve Weisman is a lawyer, a professor at Bentley University in Waltham, Massachusetts, author of “Identity Theft Alert” and editor of the blog Scamicide.com.