This article was featured in the November/December 2016 issue of Austin REALTOR®. Read the full article here.
With the significant rise in cybercrime the past few years, you probably know someone who has been affected by online crime, or you have been a victim yourself. As a REALTOR®, you are an easy target to online crimes since much of your work is done virtually, through emails and websites. Online criminals are targeting the real estate industry, knowing that there are large sums of money at stake from potential inattentive homebuyers. You may have client bank numbers, addresses, and other personal information of theirs that you don’t want in the wrong hands.
Unfortunately, hackers are more prevalent than ever before. Robberies in the United States have gone down by almost 50% because criminals no longer need to break-in homes or establishments to commit these acts—they can rob and steal from the comfort of their own home. The worst part is, when individuals find out their personal or financial information has been compromised, it’s usually too late.
As a REALTOR®, you work hard to connect potential homeowners to the right home and a community. Through your work, situations may arise where there is a time crunch to closing a transaction, prompting you to overlook some precautions. In the real estate industry, transactions are usually funded through check and wire transfers via unencrypted emails, which Tom Moreno, Executive Vice President of The Bank of San Antonio says is “equivalent to leaving your front door unlocked.”
Experts have expected this rise in cybercrime. Norton™ reports that in 2014, 348 million identities were exposed. Between October 2013 and June 2015 alone, the FBI has reported $1 billion dollars in losses for businesses through email compromise, showing that organizations have not taken the necessary steps to protect their business, employees, or reputation.
Chris Gerriz, CEO and Co-founder of Infocyte, an Austin based organization focused on malware and threat hunting, says that the most common threat that individuals and businesses should be aware of is ransomware.
“Ransomware is malicious software that automatically locks up all of your most important files and demands payments to unlock them,” says Gerritz. “They lock up files by encrypting them with a key only the criminal has. The majority of cases come from malicious emails from other hacked accounts or accounts that are made to look legitimate.”
Ransomware isn’t the only attack that businesses and individuals encounter—phishing, hacked transactions, password attacks, and website takeovers are common threats that individuals fall victim to—
Phishing is a scam tactic to lure you into entering personal information such as a password or credit card numbers. The National Association of REALTORS® describes in a June 2015 blog post that real estate professionals have reported an upswing in this particular wire scam. These scams are usually in the form of an ad or email that appears to be legitimate or familiar to you. With phishing being a more direct form of hacking, attackers may go to great lengths to make the email or advertising seem authentic.
A hacked transaction is used by scammers to hack into the email of someone involved in a transaction such as an agent or lender. In many cases, scammers hack into email accounts and discover a conversation that deals with an upcoming transaction, such as a closing date. Near the closing date, the scammer goes through the agent or lender’s email address to send the recipient some last minute wiring instructions. Not knowing that the agent has been hacked, the buyer completes the directions, resulting in the allotted money depositing in the hacker’s account and vanishing. This is a specific type of online attack that is unfortunately prevalent in the real estate community due to real estate professionals dealing with such transactions regularly.
Password attacks consist of a scammer gaining access to a system, software, or database by successfully cracking a victim’s password. This is an easy mission for scammers to fulfill when the victim has a simple one containing your name, numerical sequences, or something related to your lifestyle that is obvious to the public eye. Most of us are failing the most basic requirement when it comes to online security: Passwords 101. Norton™ reports that one in three people do not have a password on their smartphone or desktop computers at all.
Website Take-Overs: In 2015, over 9 million websites were hacked or infected. Tony Perez, Co-founder and CEO at Sucuri, a program that provides antivirus for websites, believes that websites get hacked because of three things: access control, software vulnerabilities, and third-party integrations.
Access control revolves around how you log into your hosting panel, server, and social media forums. An attacker will try to exploit access control in many ways such as brute force attack, in which the attacker attempts to guess the username and password to gain access to the server. Another method scammers use is the “Man in the Middle Attack”, which Sucuri defines as where the attacker intercepts your username and password while working via insecure networks and your credentials are transferred between one point to another, via plain text.
Software vulnerability and third party integrations go hand in hand. Third party integrations are becoming a problem due to ads and attacks. Usually when a third party has control, it is beyond the website owner’s ability to control, making the software vulnerable to more attacks in the future.
Protect Your Credentials
Gerrtiz suggests that while protecting banking and personally identifiable information for clients is necessary, the most important thing to protect is your REALTOR® email credentials.
“The value of the email is much higher than individual pieces of information because it can be monitored in real time without your knowledge and is connected to so many other accounts,” says Gerritz. “If an attacker takes over your email, they can submit password resets to your bank and other important accounts and those institutions will respond to your email address for approval, which attackers have access to.”
Potential online criminals can download programs or even “Google” instructions to prepare and train on hacking skills.
“There are computer programs out there that can guess every single password combination for an 8-digit password in a number of hours, says Risk Manager and CEO of Preferred Guardian Insurance, Barney Schwartz. “Potential hackers can even Google how to unlock, passcodes making it so easy to hack.”
When it comes to password management, here are some best practices to keep your passwords safe—
- It is critical to have a unique and lengthy password for each of your visited websites and applications. Having the same or similar password across numerous accounts runs the risk of hackers not only hacking into one of your devices, but all.
- Passwords should be complex in nature but rather than having a long password with mixed letters and symbols, using a sentence as your password proves to be more beneficial. Brian Krebs, well-known cybersecurity-focused journalist and author of the blog “KrebsonSecurity” suggests using a phrase or sentence from your favorite novel or the opening line to a good joke since the key is length over complexity.
Protecting your website can seem overwhelming, but a few key steps can make the world of a difference. Be sure to place strong importance on how people access your website. Features such as two-factor authentication work great to ensure that the proper individuals know how to access your site. Sucuri suggests protecting yourself against the exploitation of software vulnerabilities through use of a website firewall and register your website with search engines such as Google to tell you the health of your website.
Beware of Public Wi-Fi
Many REALTORS® have the flexibility to conduct business in remote locations, such as coffee shops and libraries, most of which have unsecure, public internet networks or shared passwords. Sending information through such Wi-Fi networks can make your credentials accessible to a stranger. Rather than storing your password on a Microsoft Excel spreadsheet, Schwartz suggests storing your passwords in online cloud storage.
Luckily, there are some great resources to store your passwords for all accounts, such as LastPass. LastPass is an online unlimited storage vault where you can store your passwords for websites you use and it will cost you as low as $1 a month. With LastPass you can add, view, manage, and delete items that you’ve saved to LastPass. This resource even works as an extension on your window toolbar, so you can have easy access to all the tools you need. Even if you store your passwords through a cloud storage, Mark Lesswin, Senior VP of NAR®, suggests changing your personal passwords every 6 months.
Recent studies have shown that REALTOR® emails are typically hacked by people overseas, generally a “Yahoo!” or Gmail account. International hackers are looking for cash buyers and accompanying wiring instructions. Once the wiring instructions are read and completed, the money is dispersed into foreign accounts, making it incredibly difficult for banks to retrieve.
“When you notice this type of fraud, call bank officials immediately,” says Moreno. “Even though the money is gone and cannot be stopped, you should follow this step anyway. Reports should also be sent to the FBI and to your REALTOR® Association for legal stats to see how often this is happening.”
Hackers have become more sophisticated in nature making it almost impossible to distinguish a scam from a genuine ad or email. Be sure to use your gut and best judgement when it comes to clicking or opening suspicious links. Whether you work independently or part of a business, be sure to educate yourself, clients, and business associates on data security best practices. When it comes to fraud, the number one risk we face is reputation. Once your reputation is harmed, business cannot be conducted properly. While we cannot 100% prevent cybercrime, we can at least lessen our chances of falling victims to it.