I have been reporting to you about this particular scam preying upon home buyers for six years, however since the start of the Coronavirus pandemic this scam has gotten worse. Scammers have been quick to take advantage of so much of home buying and selling being done virtually with Zoom meetings replacing in person meetings, online home tours and digital signing of documents with states allowing notarizations to be done online.
Three years ago, the Consumer Financial Protection Bureau (CFPB) issued a warning about the scam and its dramatic increase. The scam targets people involved in the purchase and sales of residential real estate. The scam begins with the hacking into the email accounts of any of the various people involved in the sale. This can be either the buyer, seller, lawyers, title company, real estate agent or mortgage banker. Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do. The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right, generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email. Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then launder the money by moving the funds from account to account to make it difficult to trace the funds.
TIPS
Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked. This means having a strong password and security question. You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.” Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your cellphone and keep your security software up to date with the latest security patches as soon as they are made available. Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices.
Also, enterprising hackers are able to change passwords of their intended victims by answering a security question and then being able to change the victim’s password and take over the account. This was what happened years ago to Sarah Palin when a hacker answered the security question for her email account and was able to change the password and take over the account. Her question was where did she meet her husband and the answer was Wasilla High School which was found by the hacker by going to Sarah Palin’s Wikipedia page.
You may think that you are not famous and that information to answer your security question is not readily available, but you might be surprised by both how much personal information you and others post about you on social media that could be used to provide the answers to you security questions as well as the wide array of information about you that is available online such as your mother’s maiden name which is a common security question. The solution to this problem is simple. When you initially set up your security question, use a nonsensical answer. Thus the answer to your mother’s maiden name question could be “firetruck.” It is silly enough for you to remember and no hacker will ever be able to guess it. You should also use dual factor authentication whenever possible to provide a much greater level of protection even if your password is compromised, such as through a data breach.
Don’t use public WiFi for any financial or business purposes. Use a virtual private network to encrypt your data when using your electronic devices in public. Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.
Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate. Appearances can be deceiving so always confirm. It may seem a bit paranoid, but remember, even paranoids have enemies.
We would also like to take this opportunity to ask you a favor. This year we are celebrating 10 years of Scamicide. During that time we have published almost 4,000 Scams of the day and been among the earliest to recognize and make you aware of a wide range of scams and identity theft threats including ransomware and SIM swapping. Scamicide has received much national recognition including being names by the NY Times as one of the three best sources for information about Coronarivus related scams. Scamicide is free and our goal is to help as many people avoid being scammed as possible and that is where the favor comes in. We would like each of you to consider asking three friends or family to subscribe to Scamicide. It is easy to do as indicated above and the more people who subscribe, the more people we can help. Thanks.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/