In FBI surveillance video, a young man of about 18 sits at his computer in his room. His mother, donned in a white bathrobe, approaches with a plate of cookies, sets it on his desk, and walks away as he continues to stare intensely at his computer screen. He’s not immersed in a video game. This man—perhaps a recent high school grad still living at home with his parents—is a typical hacker. And he’s one of many who are increasingly disrupting real estate transactions with phishing scams and wire fraud schemes.
“Most are young and see a certain allure to the notion of being able to hack,” Martin Hellmer, who supervises the FBI’s Cyber Task Force in Phoenix, said during a cybersecurity webinar hosted by brokerage firm Realty Executive International on Friday. The webinar, “Wire Fraud: Educating Clients & Avoiding Scams in Real Estate,” also included a legal expert from the National Association of REALTORS®. Hellmer presented FBI footage of hackers, mostly young and unsophisticated online users, including teens and impostors posing as staff at a Chinese hotel who hacked a guest’s computer. “We typically think of hackers as these magnificent young minds doing things we don’t know how to do,” Hellmer said. “Some of them are—but most of them aren’t.”
Hackers have different motivations for attacking real estate brokerages and other entities, ranging from political causes to warfare. The FBI breaks it down as follows:
How Do They Do It?
“We are the weak point,” Hellmer said, referencing real estate professionals—and people in general—who do not employ enough safeguards to protect their networks from vulnerabilities. The number one way hackers infiltrate networks is by getting a user to click on a link in a phishing email, so “we are the ones giving bad guys access,” Hellmer said.
Weak passwords are also a prime avenue for hackers to gain access to networks. According to the FBI, these are the 20 most common (and weak) passwords:
Hackers are particularly focused on real estate transactions because of the large amount of money being transferred in a home purchase, said Finley Maxson, senior counsel for NAR. Wire fraud schemes, which are a growing problem in real estate, have accounted for $5 billion in financial losses to consumers since 2013, according to FBI statistics. Other common schemes in real estate include fake referral emails, “overpayment” scams, and fake DocuSign emails, Maxson said.
What Can You Do?
Do not ignore software updates or wait until later to install them because they usually contain security improvements to keep your computer safe, Maxson said. It’s also wise not to keep files containing personally identifiable information for you or your clients on a computer with access to the internet. Hackers can gain access to those files and expose sensitive information to other criminals.
Maxson also stressed the importance of brokers having policies to deal with hackings. Real estate companies can be sued for not having proper policies in place, such as document retention and destruction, cybersecurity and data security, and a process to notify clients of a breach. Brokers can also get in trouble with their state real estate commission for breach of fiduciary duty if they don’t follow policies intended to protect their clients. “You can even get sued by the [Federal Communications Commission] for not communicating cybersecurity problems to clients,” Maxson said. “They’ll audit you and make you file annual reports.”
The most important thing brokers can do is to educate their agents and clients about cybersecurity protocols. Agents should know not to click suspicious links, and clients should know to verify wire instructions with their agent if they get an email saying the instructions have changed. “Have an email footer that says wire instructions will never change, and if they do, call me before you do anything,” Maxson said. “And make sure your employees and contractors are vigilant not to click things that could expose your network.”