A security company has issued a warning to real estate professionals about a growing scheme in which
criminals are hacking into their emails and sending messages to their clients to wire down payment funds to fraudulent accounts.
Information security firm SANS cites an example of the "business email compromise" scheme from an email an agent recently forwarded to the company. The email was a seemingly typical exchange with a potential buyer who expressed interest in purchasing a home and asked the agent to represent him. The agent requested that the buyer be preapproved for a mortgage, and the buyer responded with a link to the supposed approval letter. The link, however, went to a phishing site, which has since been taken down, prompting the agent to login with his email credentials.
By doing so, the agent's information would have been passed on to scammers, who could log into his email account and manipulate his messages. If an email came to the agent's inbox asking for bank details to wire funds, the scammer could step in and reply with his information. The true buyer then could unknowingly transfer money to the wrong account.
These types of wire transfers are rarely reversible, SANS warns. The money typically gets forwarded on quickly to a foreign account, where the electronic trail then gets lost. And your email account may be particularly vulnerable to such scams. Real estate pros' email addresses are easy to find online and "many work more or less on their own and do not benefit from a corporate IT department with security monitoring,"
the SANS alert reads. "Instead, they use public webmail systems and heavily rely on cloud-based file sharing systems and email attachments to exchange documents.”
Source: SANS ISC InfoSec Forums