What is the worst thing that could happen to a home buyer in the home buying process?  In my opinion, losing your downpayment and your closing costs completely due to wire fraud.  This could mean losing years of savings for many of us.

Every year, there are innocent online users who lose about $1 billion dollars due to cyber security breaches.  Out of that, $200 – 300 million dollars are lost in real estate transactions in the US.  Anywhere between 10,000 to 15,000 innocent buyers become the victims, lose their money and are not able to buy their homes.  I just can’t imagine what those buyers would be going through…

How hackers do this:

The hackers use spoofing and/or phishing.  They might even have the email login information of the people who are involved in the transactions.  Escrow officer, attorney, realtor, loan officer and the buyer.  Hackers intercept the fund wiring information email and replace the escrow bank account with their own bank account.  Or, sending emails from accounts that look just like the escrow’s email address.  It can be really hard to tell.

How to prevent these attack to home buyers:

  1. Use cashier’s check.  Go to the bank, cut a cashier’s check and deliver it to the escrow office in person.  This way, there’s No Entry Point for the hackers.
  2. If you have to wire, pick up printed wiring information from your escrow office when you go to deposit the earnest money.  Again, no Entry Point.  Paper copy wins here again.
  3. If you can’t visit the escrow office (out of town, etc), then call the escrow office.  Talk to the escrow officer to verify the account info.  The key here is to make the outbound call, not inbound call which can be faked by hackers.  I suppose this could be unsafe if hackers are routing calls, Mission Impossible style.  Let’s hope that they are not there yet, but let’s not risk it.
  4. Use end-to-end encrypted texting apps like Signal if you have to text.  Regular texts can be easily hacked.
  5. Use DRM technique (“Don’t Rush Me” from a tennis book by Brad Gilbert).  A hacker’s message will likely add high urgency like, “to avoid delay of closing, send the wiring by the end of today…”  Delaying the closing is better than losing the funds.  Listen to your gut and be early and/or delay the closing by extending the closing date, so no hackers can rush you.

Here are some day-to-day cyber security practices:

  1. Don’t use public wi-fi at places like Starbucks or hotels.  You will be giving Entry Points to hackers.  Some viruses can read your every key stroke, including your passwords.  If you have to use public wi-fi, use VPN (Virtual Private Network) made by reputable companies.
  2. Change passwords often on your email and website login at least several times a year, with phrase-like long passwords with a mix of capital and lower case letters and special characters. Don’t save the passwords on the computer files.  Turn on 2-step verifications while you’re at it.
  3. Don’t pick up phone calls from unknown numbers.
  4. Don’t click any links from unknown number texts.

For realtors, do not get involved in forwarding any wiring info.  Your email could be the Entry Point for the hackers.  Also, do everything listed above and more to protect the buyers.

Lastly, hackers will use more advanced tricks in the future, so always educate yourself with a No-Entry-Point approach to your online living.

For the hackers, do something better with your life.