Image being scammed out of a downpayment on a home, which often represents a person’s or couple’s life savings. That’s what can happen to prospective homebuyers if they fall victim to an email phishing hack that is timed to coincide with a home closing, when the transfer of funds to cover a downpayment takes place.
If a home sells for $200,000, for example, a 20 percent down payment would be $40,000.
If the online thief is successful, he can trick buyers into sending the downpayment funds to an offshore account after impersonating a real estate professional or a title company representative.
The National Association of Realtors (NAR), the U.S. trade association for the real estate industry, first cautioned their members about this type of scam in May of 2015 and has continued to advise members on protective measures. The Federal Trade Commission has also addressed the scam, providing a detailed explanation to consumers on how they work:
The FTC: “After figuring out the closing dates, the hacker sends an email to the buyer, posing as the real estate professional or title company. The bogus email says there has been a last minute change to the wiring instructions, and tells the buyer to wire closing costs to a different account. But it’s the scammer’s account. If the buyer takes the bait, their bank account could be cleared out in a matter of minutes. Often, that’s money the buyer will never see again.”
Both consumers and Realtors could fall victim to this scam. “Email is not a secure way to send financial information, and your real estate professional or title company should know that,” the FTC says. The FTC provides the following tips for avoiding phishing strategies that can apply to the downpayment email scams:
- Don’t email financial information. It’s not secure.
- If you’re giving your financial information on the web, make sure the site is secure. Look for a URL that begins with https (the “s” stands for secure). And, instead of clicking a link in an email to go to an organization’s site, look up the real URL and type in the web address yourself.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain malware that can weaken your computer’s security.
- Keep your operating system, browser, and security software up to date.