Cyber-Security in Real Estate
Types of Cyber Fraud
FBI Internet Crime Complaint Center Background on Business Email Compromise
•Targets businesses that regularly perform wire transfers
•Uses social engineering and computer intrusion to conduct unauthorized wire transfers
•Transfers can begin in U.S. but are usually quickly transferred many times overseas and then disbursed
•Unwitting “money mules” in the U.S. are recruited to receive funds in their personal accounts and then directed to quickly transfer them to accounts overseas
•Mules are sometimes directed to open fictitious business accounts or fake corporations in the true name of the Mule
Two Options
•If malware is not stopped or contained by anti-virus software it could allow direct unlimited access to data, passwords, bank account information, your camera or microphone on your PC. It could download key logging software to record your keystrokes.
•More likely the phishing attempt will try to redirect you to their fake site and have you voluntarily give them your logon password to your email account.
Spoofed Email
•After gaining your email access your email will be monitored
•Sometimes for great lengths of time
•At the right “time” a spoofed fraudulent email will be sent out to person who is in control of disbursing funds (wire in most cases)
OR to a person that will pass on wire instructions to the disbursing entity
If acted upon, the funds are wired to fraudster’s (or Mule’s) bank account
Basic Scenarios
Listing agent’s email is compromised
•Listing agent imposter attempts to divert seller proceeds
•Relies on escrow holder (Title company or Settlement Agent) to act on fraudulent instructions
Buyers agent’s email is compromised
•Buyer’s agent imposter attempts to divert buyer funds
•Relies on buyer to act on fraudulent instructions
Identifying Cyber Fraud
Phishing Red Flags
•UNSOLICITED email from someone you don’t know
•UNSOLICITED attachments/links from known contacts ( could be imposter)
•Overly formal language (doesn’t match tone), bad grammar, misspelled words, bad syntax
•Incorrect facts in an email
•Pressure/sense of urgency
Identifying Business Email Compromise
•Look for email asking you to take important action (like wiring to a different account) and requesting you to confirm via email (not phone)
•Emails from same recipient with significant changes in grammar, sentence structure, and spelling when comparted to previous emails
•Change in method (swap check for wire)
•“Corrected” wire instruction
•Timing – email arriving or requesting your response at odd “business” times – times that a legitimate owner would not access their account
∙Commuting time (gives fraudster time to send, receive, and delete correspondence)
∙At end of week or day, or holiday (allows more time to divert funds)
Incorrect Grammar
•“I will forward you the new account details, tomorrow, please confirm to me when you receive it before wire.”
•“Kindly confirm to me if wire has not been done yet.”
•“The sellers forwarded this new details for the funding to me this morning. I can ask seller to write a letter of direction to me and I will forward it to you. Is that okay?”
•“I will be awaiting for the confirmation”.
Spoofed Email Addresses
•Real email address is “” but one sees:
–jonathan.doe@fidelitytit1e.com the number “1” is suspect
–jonathan.doe@fidelitytitlee.com the extra “e” is suspect
–jonathan.doe@fidelityttle.com the missing “i” is suspect
–Real email address is “ but one sees:
–where is suspect
where the “a” is suspect
Preventing Cyber Fraud
Online Best Practices
•Install a dedicated actively managed firewall
•Don’t use online portal passwords for non-related websites you access
•DON’T SHARE PASSWORDS (with customers, vendors)
•Consider a password locker
•Restrict work computers from accessing personal email accounts (by extension, don’t access work email from home networks, or do so in a secured way)
•Conduct online banking from a standalone computer (no email or web browsing on it)
•DON’T CLICK Avoid clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine.
•Avoid public computers, shared, internet café, or public wifi when accessing financial services
•Install antivirus software and spyware detection programs and DESKTOP firewall software on ALL computer systems and Update them regularly. Use auto updates on software.
•Register all company domains that are close to actual domain
•FORWARD email back to sender using your known contact information instead of replying
•Don’t respond to unsolicited email. If interested in message or subject go to known site and initiate contact independently on suspicious file attachments or web links
Protect Your Personal Information
- Secure your accounts
- Make passwords long and strong
- Unique account, unique password
- Write it down and keep it safe
- Own your online presence
Be a Good Online Citizen
•Safer for me more secure for all
•Post only about others as you have them post about you
•Help the authorities fight cyber crime:Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center( and to your local law enforcement or state attorney general as appropriate.
For more information, visit
Be familiar with your business routine
•Understand what you expect someone to ask or request
•Know habits of customers
•Don’t ignore odd requests or out of the ordinary business cadence requests
•Trust you intuition and ask questions
•If someone doesn’t make sense stop all communication and CALL the phone number you have on record for them or their associate, not one they might provide in an email
•Don’t open attachments/links form unknown sources but also known sources when they are not expected CALL TO CONFIRM !
•Keep in active communication with your customers throughout a transaction (use the phone when you can)
After Cyber Fraud Occurs
Breach Plan
•STOP ALL EMAIL COMMUNICATION (Assume it is being monitored)
•CALL THE BANK that SENT the wire to the fraudster
•Have them try to RECALL the wire
–If this is an OUTGOING (example seller proceeds or commission) wire your escrow agent and/or their accounting department will do this for you.
•Give them any information they ask for and your 24/7 phone contact number(s)
–IF this was an INCOMING WIRE and you are the buyer’s attorney, call the buyer (if they are not already calling you) and help them recall the wire from their bank.
–Be prepared with the fraudulent wire instructions if you have them.
–All banks have slightly different protocol, so please follow their instructions
•CALL THE RECEIVING BANK (it’s on the fraudulent wire)
•ASK for the FRAUD department (if they have a dedicated one)
•TELL them that an erroneous FRAUDULENT WIRE TRANSFER was made to them
•ASK THEM WHAT YOU NEED TO DO TO RECALL IT
–They might need to have the sending bank contact them directly
–If they don’t return the wire immediately, they will most likely send your client and/or the sending bank indemnification forms to sign
•Their customer received money from an “alleged” Fraudulent Wire Transfer
•The BANK will conduct it’s own investigation. If and when they are comfortable with returning the funds, they will do so
•They indemnify themselves of their own wrongdoings while holding these funds
•They can take up to 90 days to return funds
•Consider a TEMPORARY RESTRAINING ORDER (TRO) to legally FREEZE funds
E&O is not enough
•E&O policies are being updated specifically to exclude cyber events
•Review the specifics of your policy and cyber liability policies
–Many have required preventative actions and have exclusions
–Some require a 3rd party suit to activate
–Review endorsements, some are a stop gap measure, false sense of security
–Look at details like mobile protection
–Social Engineering fraud policy
–Include costs for Forensic consultants ($300/hr.), credit monitoring, cyber extortion, Business interruption, (data) system restoration
–Cost of Regulatory actions/penalties
Fidelity National Title – Tampa District FidelityTampaDistrict.com