Utah’s Department of Commerce released a statement on behalf of the Utah Division of Real Estate warning the public and industry professionals that hackers are targeting homebuyers. It’s the most recent reminder that an old scam can still find new targets.
In October of last year, the National Association of Realtors started throwing red flags, warning its members of the resurgence of a 2012 email scam preying on homebuyers nearing a closed deal. The industry was abuzz in the weeks to follow the initial announcement, but in the months since, many have forgotten the lingering threat.
“All parties in a real estate transaction should be wary of email communication especially if last minute changes are requested,” reminded Jonathan Stewart, head of Utah’s real estate division, in a statement. “If criminals have access to your email account, they can make anything sound legitimate.”
To protect yourself (and your clients) against the scam, the state’s Department of Commerce provided these tips for real estate professionals:
- Inform clients from day one about your email and communication practices, and alert them to the possibility of fraudulent activity. Explain that you will never send, or request that they send, sensitive information via email.
- Prior to wiring any funds, the wirer should contact the intended recipient via a verified telephone number and confirm that the wiring information is accurate. Do not rely on telephone numbers or website addresses provided within an unverified email, as fraudsters often provide their own contact information and set up convincing fake websites.
- If a situation arises in which you have no choice but to send information about a transaction via email, make sure to use encrypted email.
- Security experts often recommend “going with your gut.” Tell clients that if an email or a telephone call ever seems suspicious or “off,” that they should refrain from taking any action until the communication has been independently verified as legitimate. When it comes to safety and cybersecurity, always err on the side of being overly cautions.
- If you receive a suspicious email, do not open it. If you have already opened it, do not click on any links contained in the email. Do not open any attachments. Do not call any numbers listed in the email. Do not reply to the email.
- Clean out your email account on a regular basis. Your emails may establish patterns in your business practice over time that hackers can use against you. In addition, a longstanding backlog of email may contain sensitive information from months or years past. You can always save important emails in a secure location on your internal system or hard drive.
- Change your usernames and passwords on a regular basis, and make sure your employees and licensees do the same.
- Never use usernames or passwords that are easy to guess. Never, ever use the password “password.”
- Make sure to implement the most up-to-date firewall and anti-virus technologies in your business.