In real estate, you need to be prepared for fraud attempts. In this article, we explain the steps you can take to prevent wire fraud in your company.
In real estate, you need to be prepared for fraud attempts. In this article, we explain the steps you can take to prevent wire fraud in your company.
Tom Cronkright
6 mins
Fraud Prevention
Mar 21, 2022
In the previous posts in this series, we spoke about why real estate is an easy target for wire fraud. We also discussed the different methods fraudsters utilize. In this post, we’ll use that information to explain how you can stop your company from becoming an easy target for wire fraud.
Preventing wire fraud essentially comes down to three things:
A commitment to education and the adoption of preventative measures will lower your risk profile and protect yourself and your customers from fraud.
Here are some steps to consider to prevent fraud:
While no two scams are the same, there are common patterns that cybercriminals follow when running wire fraud schemes. Fraud prevention begins with an awareness of how scams start. Here’s a dissection of the most common fraud elements:
An important step in wire fraud prevention is to stop fraudsters from gaining access to transaction-level information required to run a scam. Here are some strategies to consider.
Running a business requires that certain information be shared about your company. However, there are things you can do to protect some of the more sensitive data about your organization and employees including:
Start to train your employees and yourself to think like a hacker and minimize the ammunition you give them.
Preventing phishing emails being seen is the best way to stop employees from falling for them. A strong email filter is one of the best ways to do this. Products like MimeCast and SpamBully provide solutions that block and filter phishing emails.
If criminals can’t get their emails in front of your employees, then it will be far harder for them to steal account details and, ultimately, hit someone in your organization with wire fraud.
Spam filters aren’t always enough. This is why many forward-thinking businesses are hiring third-party companies to perform phishing testing on their employees.
They simply create a phishing email, send it to your staff, and then see who falls for it and what credentials are given. This provides a starting point for training and awareness and gives them the education needed to avoid making the same mistake in the future.
It is possible to use software platforms to perform your own tests. Products like CoFense and Sophos imitate real phishing attacks and provide advanced analytics and reporting so you can see where your organization’s weaknesses are.
There are also free solutions you can try out. We recommend taking advantage of Google‘s phishing test. It provides a great set of emails meant to educate you and your employees on how to identify phishing versus legitimate emails.
Perimeter security helps keep your organization's entire network threat-free. It utilizes features such as a firewall, web-content filtering, malware protection, and geolocation blocking to keep your network safe in real time.
By monitoring all web activity that enters and exits the network, perimeter security is able to identify unusual patterns or abnormal behavior on your network that could be a sign you are under attack and take action to stop it.
Another step you can take is to secure accounts with two-factor authentication (2FA). Accounts that use 2FA require an extra piece of information on top of a username and password to log in.
This additional bit of information is something that only the account owner has access to and it usually has a physical element. For example, it could be a code, sent to an app on the user’s phone, virtual private networks that are tethered to each company device, or a physical key like Yubi Keys. It could even be an SMS message or an actual key.
Essentially, it means that even if a hacker knows an account’s username and password, they will be unable to log into the account without also having access to the third authentication detail.
Most social networks and email providers already make it easy for you to turn on 2FA. Here is a look at what some of the most popular services offer:
One final thing you can do regarding 2FA is to educate your customers and referral partners about the benefits of turning it on.
Last year, a Google engineer revealed that, at the time, over 90 percent of active Gmail accounts didn’t use two-factor authentication. We’ve mentioned before, it only takes one weak link to give fraudsters a window into a transaction that could allow them to commit wire fraud.
If everyone involved has 2FA turned on, the chances of a hacker being able to access an account is drastically reduced.
Wire fraud is a symptom of the lack of proper identity verification at critical points in a transaction.
The success rate of wire fraud scams is due to the exploitation of a trusted relationship between two parties. If identities are confirmed properly, that trust is never breached.
By contrast, when a party is tricked into believing they’re communicating with a trusted person and follows fraudulent instructions, the absence of identity verification guarantees fraud losses.
Here are some practical ways you can confirm identity and educate your employees, referral partners, and customers about the need to stay diligent and alert. Don’t allow fraudsters to infiltrate the communication stream and make someone a victim.
Title companies, escrow providers, lenders, attorneys and real estate agents need to work together to securely gather and share identity information of transaction participants. The earlier this takes place in the transaction process, the better-protected buyers and sellers will be in the end.
For example, when a real estate agent sits down to sign a listing agreement, it would be important to get the full names, current address, email, and cell phone numbers of the sellers. The agent can then give that information to the title company, escrow provider or attorney to assist them with the closing process.
The same is true for buyers. When signing a buyer representation agreement, the selling agent should gather the contact information of the buyers and share it with the lender, title company, and escrow provider that would be working with the buyer to close the transaction.
This allows the agents to securely store the proper contact information and start educating the buyers on the risk of wire fraud.
The earlier in the process that this information is gathered and shared with others in the transaction, the more trusted the information becomes. Gathering data early also gives extra time to create trusted communication pathways well before the date of closing.
The transaction participants that are hired to protect buyers and sellers are aware of the risks facing buyers and sellers. They have a duty to properly inform and educate them so they don’t become victims.
A well-defined, documented and measured process for receiving incoming wires and sending funds by way of wire transfer during the disbursement process provides consistency within an organization. This allows its employees to spot anomalous behavior that could be fraud.
As a group, consumers are unaware of the intricacies of sending funds by way of wire transfer. In most cases, a real estate transaction is the only time that they will be requested to wire funds. Fraudsters know this and prey on their lack of understanding.
Educate your customers on the portion of your wire transfer procedure that directly affects them.
Special notices should be sent to them outlining how you will share your instructions for incoming wires. Emphasize that they will never change and you will not deviate from the process. Early education and alignment could save the life savings of buyers and sellers.
Additionally, ensure the customer knows who is authorized to give out wiring details. Fraudsters are now able to use vishing (voice phishing) techniques over the phone to trick customers into wiring money to the wrong account.
However, if they know who in your organization is authorized to give out wiring details, they will be less likely to fall for a scam.
It’s proven that wire fraud scams are convincing. However, that doesn’t mean there aren’t signs you can watch for. Ensure that everyone in your organization (and your customers) know the telltale signs of cybercrime and what to do if they think they are being targeted.
Here are some quick examples:
People who know the techniques fraudsters use are more aware of what to look for and less likely to be tricked.
Whether you validate your transfers over the phone, in person, or using software like CertifID, it is important that you have a proven way to authenticate wiring details before making a transaction. Not only that, but you also need to verify the identity of the person the details belong to.
If you do this, it doesn’t matter if a fraudster has been successful in the scam up to the point of transfer. When it comes to wiring money, the scam will still be stopped.
By taking the steps above, your organization will make it far more difficult for fraudsters to run a scam. This is essential for protecting both your business and customers.
Having said that, cybercrime happens. In our next article, we will explore the steps you must take if you do fall victim to wire fraud.
Co-founder & Executive Chairman
Tom is an accomplished entrepreneur and licensed attorney. He has founded and led award-winning businesses to receive honorable recognition in their respective fields. Tom is also a highly sought-after speaker who lends his expertise to the world of real estate, fraud, and security-related topics across the country.