Consumers and Realtors® beware:
There’s a new hacking/phishing email scam that’s hitting the real estate market, according to information issued recently by the Federal Trade Commission and the National Association of Realtors®.
This isn’t your average run-of-the-mill email scam. This is a sophisticated scheme where hackers break into the email accounts of brokers, agents, attorneys, and title companies to gain information about their clients, including contact information and closing dates. Once obtained, they pose as the professional and send emails to the unsuspecting homebuyer. They’ll tell the client that the payment method has changed last-minute and to wire the transaction’s money, where it promptly disappears into the criminal’s hands.
Below are some tips for consumers and Realtors® to protect themselves from being victimized by this and other fraudulent activity:
- Establish early on with your Realtor® how payment will be completed and never wire money. If you receive anything that seems out of the ordinary, pick up the phone and call your Realtor® to ensure it’s a legitimate request.
- Never email your financial information – it’s not considered secure.
- Update your browser, operating system, and security software to ensure the latest security settings are on all your devices.
- Keep an eye on your email account and never click on links or files that look suspicious. Don’t click on links or files from your contacts if you’re not expecting them – reach out to see if they really sent the email.
- A common scam is to receive an email with a message like: “We suspect an unauthorized transaction on your account. Click the link below to ensure your account is not compromised and confirm your identity.” Never click! Instead, call the bank using the phone number on your credit card or financial statements to report the scam. Also report the phishing attempt to the FBI, the FTC, or to email@example.com.
- Before entering any financial information when you’re shopping online, check to see if the site is secure – it should have HTTPS at the beginning of the URL.
- If you suspect you’ve been a victim of identity theft, visit identitytheft.gov for resources and steps you should take to protect yourself.