1. A hacker obtains a REALTOR®’s transaction management/e-signature system login credentials by using a phishing email that looks like it’s from the transaction management system.
a. The user first types their credentials into the fake transaction management website, then are forwarded to the real one where their credentials work. They never even notice they’ve been phished. They just think they mistyped a password the first time.
2. The hacker logs into the transaction system to identify target transactions and collect information to fool participants.
3. If the agent uses the same credentials for both email and the transaction system, the hacker now has access to the agent’s email.
a. The hacker may set up an email-filtering rule so emails from the client “skip the inbox” and go right to the hacker.
b. Emails to clients can now be sent from the agent’s real email address. It’s not a spoofed email (which only looks like it’s from the agent’s account).
c. Changing their email password may help, but at this point, the hacker only needs to spoof future emails—and unless the agent notices the filtering rule, the hacker still has access to those email conversations.
4. Because the hacker has information about the mortgage and title company from the transaction system, they can spoof an email from those parties, too. When a client receives a (spoofed) email from multiple parties that confirm each other’s message, they’re more likely to trust each of those emails.
5. From that point, it’s a typical wire fraud scenario: At the appropriate time, the client is told to wire funds to an account the hacker has access to.
This is only one variation of many that Clareity has seen “in the wild.”
Clareity Consulting has written a paper that more thoroughly explains the wire fraud issue and provides concrete guidance on how to reduce the risk. It includes examples of steps taken by franchises, brokers, title companies and attorneys, as well as a draft company policy focusing on wire fraud. Download the paper by visiting clareity.com/reducing-the-risk-of-real-estate-wire-fraud.
Matt Cohen is chief technology officer at Clareity Consulting.
For more information, please visit www.clareity.com.
For the latest real estate news and trends, bookmark RISMedia.com.