I have been reporting to you about this particular scam preying upon home buyers for seven years, however this scam has gotten worse in recent years. Scammers have been quick to take advantage of so much of home buying and selling being done virtually with Zoom meetings replacing in person meetings, online home tours and digital signing of documents with states even allowing notarizations to be done online.
Four years ago, the Consumer Financial Protection Bureau (CFPB) issued a warning about the scam and its dramatic increase. The scam targets people involved in the purchase and sales of residential real estate. The scam begins with the hacking into the email accounts of any of the various people involved in the sale. This can be either the buyer, seller, lawyers, title company, real estate agent or mortgage banker. Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do. The hackers then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right, generally posing as one of the lawyers, title company or bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s, title company’s or banker’s account provided in the email. Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then launder the money by moving the funds from account to account to make it difficult to trace the funds.
Recently in Colorado Phil Tamchina thought he was responding to his real estate agent who requested ten days before the scheduled closing that he wire the $730,000 for the purchase of his new home to the real estate agent. He did so, but the email didn’t come from his real estate agent, but came from a scammer. Fortunately, the bank where the funds were sent had put a hold on the account after red flags were raised and the funds were able to be sent back to Mr. Tamchina. Many other victims of this scam, however, haven’t been as lucky.
Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked. This means having a strong password and security question. You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.” Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your cellphone and keep your security software up to date with the latest security patches as soon as they are made available. Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices.
Also, enterprising hackers are able to change passwords of their intended victims by answering a security question and then being able to change the victim’s password and take over the account. This was what happened years ago to Sarah Palin when a hacker answered the security question for her email account and was able to change the password and take over the account. Her question was where did she meet her husband and the answer was Wasilla High School which was found by the hacker by going to Sarah Palin’s Wikipedia page.
You may think that you are not famous and that information to answer your security question is not readily available, but you might be surprised by both how much personal information you and others post about you on social media that could be used to provide the answers to you security questions as well as the wide array of information about you that is available online such as your mother’s maiden name which is a common security question. The solution to this problem is simple. When you initially set up your security question, use a nonsensical answer. Thus the answer to your mother’s maiden name question could be “firetruck.” It is silly enough for you to remember and no hacker will ever be able to guess it. You should also use dual factor authentication whenever possible to provide a much greater level of protection even if your password is compromised, such as through a data breach.
Don’t use public WiFi for any financial or business purposes. Use a virtual private network to encrypt your data when using your electronic devices in public. Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.
Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate. Appearances can be deceiving so always confirm. It may seem a bit paranoid, but remember, even paranoids have enemies.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/