Learning how to protet yourself from cybecrime when buying a home is an afterthougth for most buyers and agents alike. But, real estate buyers, sellers an the professionals working in the business, agents included, are currently a favorite target for cybercriminals. And the target is getting bigger very quickly.
What can happen in real estate, you may ask?
- Theft of wire transfer funds
- Identity theft and impersonation
- Compromised bank accounts
- Threat of litigation over stolen data
- Unauthorized account creation
- Credit theft and damage
- Much, much more…
And these are but a few of the risks to all parties involved.
I built the first part of my career around cybersecurity and, in the last year alone, I’ve been asked to consult on more than one situation where real estate brokerages have been the victim of long-term data and financial theft. And it doesn’t just affect the brokerage and agents, but their clients too.
In reality, if most people knew exactly how much invisible risk and ever-present vulnerability they could be subjecting themselves to when buying and selling real estate, they might just decided to stay put.
But cybercrime and cyber insecurity is everywhere and we can’t allow it to prevent us from living our lives.
To make buying and selling a home safer, follow these few simple, practical steps to make your transaction safer.
Ask your real estate agent what safeguards they use to protect your personal data
If they have trouble answering or they can’t answer, beware. Identity theft and financial impact to home buyers and sellers often comes from criminals stealing personally identifiable information (or “PII”) that was inadvertently left lying around in hard copy form. It ends up in the trash, mailed out inappropriately, lying around the office on desks, accessible on unlocked computers, or outright stolen easily by organized cyber criminals.
Verify any emails that come from your agent and never send sensitive info via email
In its 2016 Internet Security Threat Report, Symantec says fake emails, a.k.a. “Phishing” or “Spear-phishing” as it’s called, is the number one cyber threat to consumer industries such as real estate. What can happen? Well all your settlement money can be stolen by having you inadvertently redirect new wire instructions to a new settlement company because you thought your agent asked you to do so in an email. It’s happening every month now. Always confirm by phone any email asking for ANY kind of PII or banking info.
Don’t email sensitive info via email or submit info using insecure websites
Over 90% of Realtor websites are not SSL-enabled. What’s SSL? It stands for “Secure Socket Layer” and it basically means that when you hit send to register, sign in or submit a form on a website that the information being transmitted is encrypted so it’s hard (in fact, nearly impossible) to break and use. If you’re on a real estate website and you don’t see this in top left of your browser’s URL bar, leave quickly (and don’t ever submit any forms!):
Beware of sending or opening PDFs
An increasingly popular way cybercriminals get you to unknowingly give them your PII? They have you install malware without your knowledge. What’s the #1 way they do that? Infected PDF files. Cybercriminals often use phishing to get members of a real estate office to click and install malware by sending emails that look real, but aren’t. When they do, they unwittingly install corrupt files designed to infect others, steal data and send it back to the cybercriminal’s servers. That means the whole office gets infected, then you get infected when you get a PDF from their office. Then PDFs you send are infected and, well, you get the idea.
Don’t ever send sensitive info in email without encryption
For most email users, it never crosses their minds to check whether what they’re sending is secure. The fact is, email interception and theft is very, very easy, but it’s hard for cybercriminals to get any value out of it if the information is encrypted. If your Realtor is using a secure and reliable service such as Docusign, you can feel a bit safer, but NEVER, ever send sensitive personal info like socials or bank account info via email that is not encrypted. Tell your real estate agent it’s a must that both of you communicate via free and easy encrypted email services like Virtru that plug right into your Gmail. Get lazy and you could pay, big-time.
A few more good things to do? See the list below…
- Find out if you’ve already been a victim of data theft
- Tools to find out if a PDF has malware or is infected
- Get a private email account for business transactions
- Use Google’s Chrome secure browser
- Install Web of Trust and find out if your Realtor’s site is insecure
If you don’t, you could be very sorry you didn’t.