Harney: A hacked email can be costly

• Barely weeks ago, in Montgomery County, Md., hackers siphoned off “between $100,000 and $200,000” sent by buyers to what they believed was the correct bank for their home purchase, according to Todd Hylton, owner of Excalibur Title & Escrow LLC, whose firm was scheduled to handle the settlement. The money vanished. In late November last year, in Frederick County, Md., $300,000 was minutes away from being diverted to an account set up by hackers operating out of Nigeria when realty agent Bill Woodcock of Mackintosh Inc., Realtors noticed something amiss at the closing. Because of a bogus email sent to the buyer’s title agency, closing funds were about to be wired to an unknown bank account. It turned out that the cyber criminals had hacked into Woodcock’s email account and, posing convincingly as Woodcock himself, given erroneous last-minute instructions to the title agency.

Jessica Edgerton, associate counsel for the National Association of Realtors in Chicago, says versions of this scam have been surfacing with disturbing frequency, affecting “hundreds if not thousands” of home closings. Though many attempts are detected before the settlement funds are stolen, cyber criminals have been successful in “dozens” of cases, she said, often at massive financial costs to the victims. One near miss in the Chicago area reportedly involved more than $830,000.

To pull off their heists, hackers typically break into a realty agent’s email account and watch for references to forthcoming cash-rich closing transactions on homes. From their monitoring of the email traffic, they can learn the identities of buyers and sellers, the company names of title, escrow and settlement service providers and the timing of scheduled closings. Once inside the agent’s account, they can effectively take over the agent’s identity and provide credible instructions to clients. Unlike the cartoonish scammers of years past who couldn’t spell and mangled English, today’s artful bandits know the lingo and even pick up and mimic the conversational styles of agents exchanging emails with settlement officials and clients.

How to counter sophisticated settlement fund theft schemes? The FTC’s alert to consumers emphasized a key step all buyers can take: However convincing an email may appear, if it provides money-moving instructions for your closing, stop right there. “Email is not a secure way to send financial information, and your real estate professional or title company should know that,” said the FTC.

Fitzgerald, an immediate past president of the Massachusetts Association of Realtors, says she recommends that agents inform clients in writing early in the process that “I will never in an email ask you to move money.” If buyers understand and acknowledge this, cyber hijacking will be much tougher for the crooks. It’s a smart practice also to confirm all wiring instructions received by any means with a call to a verifiable phone contact number of the realty or settlement agent.

Then there’s the obvious advice for realty agents themselves: Toughen your email security measures. Change your passwords more frequently. If the pirates can’t penetrate and take over your system, they’re much less likely to be able to rip off your clients.

Kenneth R. Harney of the Washington Post Writers Group is a past member of the Federal Reserve Board’s Consumer Advisory Council and is currently on the board of directors of the National Association of Real Estate Editors. Reach him at KenHarney@earthlink.net.