If you’re planning to buy a house anytime soon, here’s some information you can’t afford to ignore. Buying a home should be a happy moment in your life. It can also expose you to a crime that can wipe you out financially. Remember the foreign prince who needed your help to get millions of dollars out of his country? That guy was a fluffy bunny compared to what we face now — people who do phishing, whaling and other forms of online attacks.
The names, targets and methods vary but they all have one thing in common: Whether you’re a Fortune 500 company, a mom-and-pop bodega or an individual, they want your personal information, and you’ll suffer if they get it.
Maybe you’re wondering why a real estate professional is telling you this. Why not a computer security person? The sad fact is that phishing attacks have now intruded into the closing process of many real estate transactions. That hurts me, my customers, and my community.
Phishers aren’t stupid, and they do their homework. Lately, they’ve been hacking into the email accounts of homebuyers and the professionals they’re working with, to learn when the closing is scheduled. Then they send an alert telling the buyer to wire the closing money to an “updated” account.
The new account is the phisher’s. If you do as asked, the only real thing is your money, flying away. According to a new warning from the Federal Trade Commission, your entire account can be emptied almost immediately. Chances of recovering your money are slim. Phishers exploit human weaknesses, if you want to call them that. Things like trusting others, being in a hurry and respecting the authority of the boss. They use these natural traits to get people to reveal information — or even just reply to an email or open an attachment — that can be used for criminal purposes.
Vigilance is your best defense. Be suspicious, especially of unsolicited communications. Take the time to understand what’s being requested, and why — particularly if it’s personal or financial information. And question authority. I promise, you won’t get in hot water for asking why the CEO needs the Social Security numbers of everyone in the company. The request is almost certainly a phishing expedition.
Here are a few other tips to keep in mind
- Never send financial information by email, text message or social media. They’re not secure. Period.
- Don’t respond directly to a website that’s asking you to do something. Instead, go to the organization’s website, copy the address at the top of the page, and paste it into your browser. Then go there. Spoof websites can look disarmingly authentic.
- Look for “https:” in the address of the site. The letter “s” stands for “secure.” Spoof sites can’t use the “s,” because they’re fakes. Virtually all big companies and financial institutions have secure sites. If you don’t see an “s” after “http,” don’t respond to the site.
Finally, understand that most real estate agents, and the companies they represent, are trained to never ask you by email to transfer money or provide nonpublic personal information. Such requests must come directly from your escrow officer. Make sure your agent knows this.
It’s terrible that we have to think this way. The Internet is a revolutionary tool for bringing us together, sharing information, and building communities. Its power is unique in human experience. Unfortunately, hackers and phishers often seem to be better — or at least more active — communicators than the people we know and trust. And why wouldn’t they be? They’re in it for the money. Don’t let them get yours.