Buying, selling & refinancing a home requires submission of personal information to the lender which includes social security numbers, bank account numbers and credit/loan account numbers. Sadly, there are hackers out there looking for this personal information to steal.
Never trust wiring instructions sent by email, especially if there is a claim made that submitting a payment has changed and a new account is provided. The hackers are sending out sophisticated and convincing emails that look like they are coming from your Realtor. They often contain signatures, fonts, and logos that are an exact match to the original. Always confirm in person or by telephone to a verified and trusted phone number. Never wire money without double checking that the wiring instructions are correct.
How to avoid getting into this situation:
- Never send wire transfer information, or any type of sensitive information, via email. This includes all types of financial information, not just wire instructions.
- Never conduct business over unsecured WiFi
- Make sure you learn your Realtor/Lenders email and communication practices. For instance, do they expect to be sending you sensitive information through email?
- If wiring funds, first contact the recipient using a verified phone number to confirm that the wiring information is accurate. The phone number should be obtained from a reliable source.
- If email is the only method available for sending information about a transaction, make sure it is encrypted.
- Delete old emails regularly, as they may reveal information that hackers can use.
- Change usernames and passwords on a regular basis, and make sure that they’re difficult to guess.
- Make sure anti-virus technology is up to date, and that firewalls are installed and working.
- Never open suspicious emails. If the email has already been opened, never click on any links in the email, open any attachments or reply to the email.
Cyber threats in real estate are too incredibly common. We all need to be vigilant and have security practices in place. One mistake acted on by a fraudulent request, could result in the loss of hundreds of thousands of dollars or personal data loss.