Hackers Targeting Real Estate Transactions
We’ve known for quote some time that scammers have been targeting real estate transactions, such as this warning from CTMeContracts in July of this year of several attempts to deceive real-estate agents and title company employees into wiring earnest money and/or closing funds into a fraudulent account.
But now NAR is delivering warnings about the potential threat. According to panelists at the Risk Management and License Law Forum at the 2015 REALTORS® Conference & Expo, small real estate businesses, agents and their clients are fast becoming the targets of sophisticated cyber scammers.
Melanie Wyne, National Association of REALTOR®’s technology policy expert said that while we often hear in the news about large companies falling victim to hackers, small businesses, which often lack the vast technology and legal teams of larger businesses, actually account for the majority of attacks. “Small businesses need to pay just as much attention as large companies to possible cyber threats,” she said.
Darity Wesley, founder of the Lotus Law Center, said hackers are seeking personally identifiable information, data that could potentially identify a specific individual, such as credit card or bank account information, login credentials, employment details or a physical address, e-mail address, and phone or social security number.
“Most people don’t know the vast amount of data stored about them in a variety of systems,” said Wesley. “Identity thieves can do a lot of damage with this information; your credit and whole life could be ruined.”
Wyne said data breaches can impact real estate businesses in three main ways: businesses can suffer from financial harm from expenses resulting from the breach; legal risks from lawsuits from clients or others impacted by the hack; and reputational risks from having to publicly disclose the hack. She said commercial properties are also vulnerable from hacks into their automated or building control systems.
Currently, the majority of laws governing data security are at the state level, although NAR has been advocating federal law for years. Therefore, Wyne also said it’s important for agents to know the state laws regarding data security and privacy that affect their organization, especially since some states have enacted laws that require businesses to have proactive security programs in place.
All of the speakers recommended strong passwords and developing a data security program and implementing and maintaining safeguards to protect private data. A privacy policy disclosing some or all of the ways the business collects, shares, protects, and destroys personal client information is also a good business practice.