In the real estate settlement industry, risk is a constant battle we face every day. Financial risk, reputational risk, regulatory risk, compliance risk and more are a threat to our livelihood. In the face of all this risk, we believe our greatest responsibility lies within measures, processes, an protections put in place to ensure those we serve never face the reality of those risks. It is our duty to protect the deposit and purchase interest of the buyer, the clean title transfer and protection of the contract terms for our sellers, and the lien position and transactional integrity for the lenders we represent.
Thanks to the fast paced evolution of technology within the real estate industry, the risk in today’s market are more complex than ever. While common title and closing risks that have faced our industry for decades continue to exist as potential pitfalls, our adaption to electronic transactions have intensified new and potentially destructive risks: Third party online threats.
As they say, “The greater the risk, the greater the reward.” For home buyers that phrase can be inverted, “The greater the reward (the American dream of home ownership) the greater the risk,” which is their financial and emotional investment in the home. Currently the greatest risk to that reward is wire fraud. With our ever increasing dependence upon electronic transactions and communication comes third party thieves jumping into the deal without anyone knowing and leaving with client’s money. One mistake makes for a big pay day for these thieves, as proven in 2018 where nearly $2 billion in real estate funds were targeted by hackers.
How do they do it? The most common method is through a phishing scheme where the thief spoofs a vulnerable email address of one of the parties in the transaction, often times either a real estate agent or attorney/settlement agent. From there they create a nearly identical email from that “party” to the buyer with new wiring instructions for the closing proceeds. The unsuspecting buyer trusts this email, wires the money, and it is gone before anyone notices.
As this approach has been more common, a new scheme has been occurring lately targeting mortgage payoffs. Once again, the hacker will send fraudulent information, this time in the form of a fake mortgage payoff statement with wiring instructions to the listing agent, sellers attorney, or settlement agent expecting the payoff to be wired to them. Much like the buyers above, most parties don’t realize something is wrong until it is far too late.
These emails can be sophisticated and appear authentic upon first review, leaving victims to wonder what more could have been done. The good news is there are measures we can take to prevent such risk from becoming a reality.
The responsibility falls upon all parties in the transaction to act with diligence and for the settlement providers to back up that diligence with security measures. As we say at Silva Law/QuickSilva Title, “Stay suspicious my friends” and follow these steps to protect against fraud:
• “Is this email real?” Review the details, especially the sender address, as often it’s similar but not exactly the same as the real sender’s email address. Ask yourself, “Why is a last minute change taking place?”
• If you get new wiring instructions or a change in expectations from anyone, pick up the phone and call a publicly listed number (NOT a number on the email, hackers will likely change that so you call them). Verify the email originated from that trusted party.
• Avoid sharing any personal information via email, especially over an unsecure network.
In addition, buyers, sellers, lenders, and realtors should hold their settlement agents accountable for protecting against risk as well. Ask and verify:
• What are your email and system security settings and encryption policies?
• What is your procedural protocol when it comes to verifying wiring instructions?
• Do you have a separate cyber security insurance policy in addition to your E&O insurance?
• Are your systems and processes audited on an annual basis for testing and assurance?
The bottom line is all parties share the risk in any transaction, and we all share responsibility to protect our clients and ourselves from falling victim to these schemes.
At Silva Law/QuickSilva Title, we take pride in having the highest levels of network security, a thorough and diligent process for all wire verifications, regular procedural updates for all employees, annual on-site audits to test our security measures, and enhanced E&O and cyber insurance policies in place to protect those we serve.
The risk is real, but we can fight it by doing our part and remembering to “stay suspicious my friends.”
Eric Stevens is sales and marketing director at Silva Law/QuickSilva Title, Waltham, Mass.