RE Scams: Clever, Easy to Fall For

First, let’s talk about the emails you may receive with attachments that seem totally legit for real estate – from other brokerages, lenders, or friends in your address book.   Just recently, a Berkshire REALTOR received an email message from another realty company with the subject “Closing” and the attachment was titled “Contract Addendum.”  The message?  

“Hi All, Please find attached the addendum ext. The closing date has been moved to 27th July. Thanks, Carol”

Wow that seems legit.  And yet, it’s not.  The tip off?  The attachment is a ZIP file.  NEVER, EVER EVER open a .zip file unless you know exactly where it is coming from, confirm that you are supposed to receive it and trust your entire computer contents to the sender of the file.  Otherwise, DO NOT OPEN A .zip FILE.  This REALTOR recognized that they didn’t have a current deal going with that agency and looked harder before opening.  Heed this lesson that will protect you from many email threats today….



A Realtor from Michigan reported a horrible real estate scam…  Her buyer was 2 days from closing on a new house when the buyer received an email, spoofing (pretending to be) his REALTOR.  The email explained that the pdf attachment was the closing statement.  This attachment was NOT a zip file, and in fact did have a .pdf document attachment  with [brace yourself] all of the correct numbers and figures the buyer was paying for the house, down to the last penny.  And… included wire instructions to send $48,000 to an escrow account to prepare for the closing.  The buyer said after that he had no reason to question the message since he normally communicated with his Realtor via email, and the figures were exactly right.  But when he told the Realtor he wired the money, the Realtor replied….WHAT MONEY?? And the buyer knew in that instant, with a horrible sinking feeling, that he may have ruined his family’s future with one click of a button.   Can you even imagine? Fortunately, someone on the other end of the wire in Laredo, Texas was suspicious and stopped the money from going through.   This scam has happened in Florida as well and not every victim was lucky – many lost their money entirely, failed to close on the house and lost their deposit in addition to the wired funds.  So sad… dreams ruined.

So how did the scammer know this confidential information?  They had hacked the REALTOR’s computer.  When a computer is hacked, it doesn’t always leave a visible trace.

The scariest of all hacking is invisible and happens with “malware” or installed files that  track every button you push on your keyboard, sends this information to a hacker and gives him/her the opportunity to log in to all of your accounts as YOU.  

You can help your clients and family protect themselves from this horrible fate.  Please take a few minutes to read AND implement these 10 steps.  If you don’t know how – hire some whiz bang techie to help.  It is the best money you’ll ever spend for peace of mind!

    1. Talk about it:  1st thing – tell your clients that, other than the link to new listings, you will never send them an attachment without calling/texting or communicating with them in advance.  And then keep that promise.  You might want to tell them you expect the same in return… and explain why it’s for their own safety.  Share the $48K story and you’ll be a hero.
    2. Update Everything:  You need to make sure you have a firewall turned on (one comes with windows), antivirus software installed and updating daily, spyware and malware protection engaged, and that your computer is current with Windows updates. (Macs are much less vulnerable, but the same applies)  In windows, go to the start button (that wavy square graphic) and click control panel and then System Security.  There you can make sure Windows software is up-to-date, that your firewall is turned on and that your antivirus software is turned on and performing daily scans.  Norton and McAfee are two of the most recognized paid protection programs, but AVG and Avira are two top rated free programs.  Those programs include anti-virus, malware and spyware protection – if you use other services, please verify that it offers all three levels of protection.
    3. Pop-Up Blockers are good!  Have a pop-up blocker installed and turned on when you’re surfing the web.  We use AdBlockPlus at the office, but there are many great ones… just make sure you’re using one!
    4. Don’t Fall for It:  Don’t open any files you do not know, with 100% certainty, you should be receiving.  This includes links to dropbox files, google-docs or anything attached to e-mail.  Definitely never open a .zip file.  If someone needs to send a super large file that needs to be compressed you CAN use dropbox but it should be clear to the sender and receiver when it is sent.  Over the phone or in person. Human to human.  Catch my drift?  Oh, and how about being a good steward and not SENDING any files without communicating first.  That’s helpful too, and “trains” the people you do business with to handle things with this level of care.
    5. Care About Passwords: Make sure your passwords are all different for different sites, account logins, etc.  Develop a naming mechanism that includes 4-8 characters, 1 cap, 1 number and one weird symbol and you should be safe.  And don’t use your birthday.  Some people swear by using the dollar sign symbol $ instead of the letter S or ! instead of I.  Get clever – the more clever you are, the less vulnerable.  Need more tips, call me (Sandy 413-442-8049) in person and I’ll share how I do it… and even then you won’t be able to hack me 😉 Or look into a paid service encrypted password service, such as LastPass or Dashlane. And make sure your laptop, phone / tablets all require passwords to access them.
    6. Cautious with Public Computers:  Be cautious when using public computers to check e-mail or financial accounts; there’s virtually no way to know if they are infected with malware accidentally, or have keystroke-logging spyware installed intentionally. Many experts advise that you should never type a password on a computer/phone/tablet that you don’t own – good tip!
    7. Understand Wifi Hazards:  Be cautious when using any wifi network, free or paid.  If you’re at a friends house, you’re as safe as far as you’d trust your friend.  But the coffee shop? Airport?  Nope! When connected to a wifi network that doesn’t require a password, outsiders can easily observe and capture any websites you visit, any e-mail you access, and any file transfers you make (unless encrypted).  Did you know that if you join a wifi network on your phone and your email auto sends and receives you’ve made yourself vulnerable.  Yep.  Scary stuff all that “free” bandwidth. Did you ever notice how advertisements suddenly change based on searches you’ve done online, places you’ve physically been or things you’ve clicked on or liked on facebook.  Some is from tracking online, others from marketing companies that use your wifi data to identify trends to modify ads to catch your eye.  Intrusive and dangerous wifi.  Make sure you are using encrpted sites only or stay away.
    8. Learn Some Surfing Protection: Zip up your virtual wet suit, you need some surfing protection.  A little knowledge of how the internet works can help make you informed and knowledgeable about safe links and browsing online.  You should know how to recognize legitimate or fraudulent sites.  Some things you should know?
      (1) identifying  a website’s proper address
      (2) understanding page tabs, new windows and new browsers
      (3) how to recognize legitimate ads that are embedded into pages or when you’re infected with adware
      (4) how to “read” website pages and links for validity.
      (5) knowing when the site you were browsing redirects to another location.
      (6) where to locate the HTTPS, the lock symbol, and other signs that your data is properly encrypted.
    9. Free is Just a Trap:  Mama said you don’t get somethin’ for nothin’.  Well, someone’s Mama did, but the premise holds true.  Don’t fall for the lure free stuff.  Don’t click links that promise free prizes or gifts. Hackers know psychologogy – and make a ton of money playing on our greed.  Be incredibly careful if you’re downloading free software, movies, smiley icons, screen savers and coupon-printing software. They are a hotbed of malware.  For the price of “free” you can unleash a destructive agent in your computer.
    10. Don’t randomly click links in your friends/colleagues emails either.  Normally, if you send me a link that says nothing, I DO nothing.  But also use your common sense… I know of one Berkshire REALTOR that randomly sends me interesting news articles to read without any message… in that one instance, using my common sense, I suspect those messages might be legitimate.  (note that all emails are guilty until proven innocent)  But before I click anything, I look at the link closely… does it link to a well known news source? Does it look like an article that a REALTOR would think I would be interested in?  Staying safe.  It’s priceless (and so is sending a quick sentence to verify the source…. like, “This article is a perfect example of our conversation at the committee meeting yesterday.”  Yep, I’d click that link much quicker!

Anything we can do to help – please let us know.  That includes a staff class or general guidance.  Here is a legit link… click here to email me (Sandy) if you’d like this to be a topic of the next Tech Tuesday class.  This is important for you and your clients, we’re happy to assist!  We’re also working on a follow-up piece for Brokers when acting as escrow agents.