Cyber-criminals are out there — don't be a victim.
Chances are you've heard of recent cyber-crimes targeting our industry. Wire fraud and theft involving real estate transactions are on the rise. It is important that everyone involved in the settlement process — realtors, lenders, buyers and sellers — are aware of this threat and take steps to insure transactions are secure.
Ekko Title has extensive security measures in place to protect our clients from fraud. However, settlement fraud is rarely the result of bank or title company servers being hacked. Cyber-criminals look for the weakest link in the communications chain, which is often the client's own email account.
Do you keep the same account passwords for years on end, or use a free email service? Have you ever logged into your email account using public wifi? If you have, you could be vulnerable to criminals scanning your email communications, searching for keywords that signal upcoming financial transactions. This does not require the presence of malware or viruses on your computer or smart phone, and leaves virtually no evidence that your messages are compromised.
Once a criminal has targeted your transaction, a common tactic is to send an email message instructing you to wire funds required for your settlement. The email may look exactly like other messages you have received from your lender, realtor, or settlement firm. It may include links that appear to go to a known or trusted financial institution, but these are easily modified to direct you to the scammers own bank. There may even be a warning to alert you to the very type of crime they are perpetrating.
We can't do away with email, wire transfers, or other electronic transactions in use today, but you can take steps to avoid falling into the scammers traps. Here are some tips to help you recognize scams and avoid becoming a victim of cyber-crime.
- Never rely on emails purporting to change wire instructions. Parties to a transaction rarely change wire instructions in the course of a transaction.
- Keep your computer, phone, or tablet operating system, email, browser, and virus protection software up to date.
- Regularly change all passwords used for your email or online banking accounts. The most secure passwords consist of a string of random characters, are at least 8 characters in length, contain a combination of upper and lower case letters, digits and symbols, and are not actual words or phrases. Never use your birthdate, mother's maiden name, pet's name, street address or other easily compromised information as part of your passwords. And, of course, never disclose your passwords to anyone.
- Never use the same password for more than one purpose.
- Never send your bank routing and account number, social security number, or other confidential information by email.
- Avoid clicking on links contained in an email. Type the website address directly into your browser instead.
- Avoid clicking links embedded in email message text (like this: click here), instead of the url being written out (like this: https://yoursettlementfirm.com).
- Pay attention to the website you are directed to. A link that appears to go to https://bankofamerica.com may actually direct you to https://2bankofamerica.com.
- Use a secure website (https:// and a security "lock" icon) when submitting financial or other sensitive information online.
- Never use public wifi for banking, shopping, logging into email accounts, or entering personal information online, even if the website is secure. When in doubt, your 3/4G or LTE connection is always safer than using public wifi.
- Call your bank before completing any transfer of funds to ensure the receiving bank's routing number and account are owned by the business that is handling your transaction.
- Double-clicking the "lock" icon on a website will display the security certificate for the website. If the certificate isn't displayed, or you get a warning message that the address of the website does not match the certificate, do not continue.
- Never submit confidential information via forms embedded in an email message.
- When contacting your settlement agent or bank, do not use phone numbers included an email message. Instead refer to your contract or other trusted document related to your transaction.
- Request that your settlement company send wiring instructions or other sensitive documents via overnight delivery, rather than by email or through a password protected web portal.
For more information on wire fraud scams or to report an incident, please refer to the following links:
Federal Bureau of Investigation: http://www.fbi.gov
Internet Crime Complaint Center: http://www.ic3.gov