TV Report Blames Agents – Take Steps to Prevent Wire Fraud
An NBC news report claims that “realtors’” negligent use of free email accounts create the risk of wire fraud. The scenario is simple: A thief fooled a buyer into following phony wiring instructions by using an agent’s spoofed email address.
Here are the real and fake emails side by side:
Not spotting the difference (a single “r”), and believing the email was sent from her agent, the buyer followed the fake instructions and wired $85,000 to the criminal.
The news report quotes from anFBI Alertfrom 2017 that advised businesses to avoid free web-based e-mail accounts. The Alert recommended establishing a company domain name and using it to create company e-mail accounts in lieu of free, web-based accounts.
What could have prevented the scam?
Following the advice in the Wire Fraud Advisory form (C.A.R. form WFA) would have almost certainly thwarted this scam. The WFA advises the client to:
1. Obtain phone numbers and account numbers only from Escrow Officers at the beginning of the transaction. 2. Do not ever wire funds unless you have called to confirm the instructions with the phone numbers you were provided with at the beginning of the transaction. 3. Orally confirm that the wiring instructions are legitimate. 4. Avoid sending personal information in emails or texts. Provide that information over the telephone directly to the escrow officer. 5. Take steps to secure email systems such as passwords, secure WiFi and not using free services.
Furthermore, although you should avoid sending personal information by email or text, using zipCommunity™ to communicate sensitive data with a client provides much greater security than the use of a free web-based e-mail account. This efficient and secure member benefit can be launched from zipForm® Plus at any time by clicking on the SHARE button.
Cyber-security requires more than a single prevention technique.
Even though this news report highlighted the role of free web-based e-mail accounts, agents and brokers should understand that there is no single prevention technique and that avoiding use of free email accounts is only one of many suggested cyber-security precautions. Indeed, the FBI Alert listed 14 bulleted self-protection strategies including:
• Be suspicious of requests for secrecy or pressure to take action quickly. • Consider implementing two-factor authentication for corporate e-mail accounts. Two-factor authentication mitigates the threat of a subject gaining access to an employee’s e-mail account through a compromised password by requiring two pieces of information to log in: (1) something you know (a password) and (2) something you have (such as a dynamic PIN or code). • Register all company domains that are slightly different than the actual company domain. • Know the habits of your customers, including the details of, reasons behind, and amount of payments. • Carefully scrutinize all e-mail requests for transfers of funds to determine if the requests are out of the ordinary.