Login | April 26, 2024
Real estate attorneys targeted in phishing scams
RICHARD WEINER
Technology for Lawyers
Published: April 8, 2016
This is a warning for real estate attorneys, agents, buyers, sellers, and other people involved in real estate transactions.
In both Britain and the U.S., and probably in other places, electronic communications containing details of real estate transactions are being specifically targeted by hackers.
Multiple millions of dollars have been reported stolen through these techniques, according to newspapers in both California and England.
The technique is called “spear phishing.” Where most phishing schemes invite an innocent email user to open a link, which then will cause the user to visit a poisonous website or download a virus, a “spear phishing” technique is pointed and direct.
In this case, attorney email accounts are being hacked and monitored by online criminals. This accounts are monitored, and all of those emails are being read, without the consent or knowledge of the attorneys (or real estate agents).
When details of a real estate transaction are transmitted via an email in one of those hacked accounts, the phishers go to work.
The hackers then place themselves in the middle of the transaction, emailing fake bank transfer information to the involved parties. If the parties fall for the hoax, money intended for the transactions is actually transferred to the hackers’ bank accounts.
There is no way to trace or retrieve that money once it is transferred into the fraudulent account, so the only way to deal with this spear phishing technique is to prevent it from the outset.
Experts recommend a few simple steps that should prevent this fraud.
The first, of course, is awareness, which is why I’m publishing this column. From now on, every party, agent and attorney involved in any real estate transaction should be notified of the potential for this kind of fraud, and be admonished to act accordingly.
It is probably better to make it a policy to not reveal banking details in any email in any transaction. But, if that has to be, the idea would be to double-check with the parties and banks to make sure that the transfer information is correct. This should be done by telephone or hard copy via snail mail (or in-person, if possible).
And, as you should know by now, encrypting all emails will also help prevent this kind of fraud.
So, be on the lookout!