Fraud has a long history.
In a recent blog in the Orchestrating Real Estate Series, New Things to Consider in Section 1031 after the Tax Cut and Jobs Act of 2017, I discussed how famous violin maker Jean-Phillipe Vuillaume started his career in a violin forger’s shop, only to become a violin maker whose work was so valued that it, ironically was forged by others.
Although Vuillaume turned away from forgery, in the early 20th century, a trio of luthier brothers, William, Charles and Alfred Voller, were less scrupulous. Although the Vollers are known to have created nearly perfect “copies” of a number of early Italian violins, it was their forgery of the Balfour Stradivari violin, which was so good that it was certified as a real Stradivari by a famous London violin dealer.
Violin fraud aside, real estate investors, title companies, and yes, real estate attorneys, are finding themselves to be the target of cyber fraud in real estate transactions and in connection with real estate closings. Last summer, inspired by a local story of an incredibly blatant real estate fraud, I wrote a blog post entitled When it looks like a Stradivari but Isn’t: Protecting Yourself from Wire Fraud in Real Estate Transactions. Little did I know that in just a few, short months, I would be put to the test to follow my own advice.
My previous blog post on fraud in real estate transactions focused on financial wire fraud in connection with the real estate settlement, where a hacker takes over a title company’s e-mail account and causes closing funds to be wired to the fraudster’s bank account. However, I experienced a different type of attempted fraud in connection with a real estate transaction.
My Close Encounter with a Real Estate Transaction Fraudster
A few weeks ago, out of the blue, I received an e-mail purporting to be from a real estate paralegal at a law firm with which I had been working on a real estate transaction several months before. The e-mail included a link, which appeared to be a legitimate link from a well-known electronic signature processor, asking me to securely download a document for electronic signature. In the course of a real estate closing, it would not be uncommon for me to receive such e-mails, mainly so my clients can securely sign documents.
However, this particular e-mail made me suspicious because I had no open real estate transactions with the law firm that sent me the link. I thought it was possible that the paralegal had sent the link to me in error, meaning to reach another Elizabeth. But it was also possible that it was an attempt at fraud, possibly to load a virus or ransomware onto my computer.
Remembering my own blog’s instructions about verifying information, I responded to the paralegal asking her two things 1) whether the e-mail was in fact intended for me, and 2) the real estate transaction to which it related. I had done only one real estate transaction with this particular law firm months before, and I thought it was unlikely that a fraudster would be able to identify the transaction accurately.
I then went one step further. I blindcopied a partner real estate attorney in the same law firm with whom I had worked and also asked that attorney also to confirm the e-mail was legitimate. By blind copying, if the e-mail from the paralegal was fraudulent, the fraudster would have no way of guessing I had sent the e-mail to someone else at the firm. Plus, if the paralegal’s account hand been compromised my e-mail to the attorney also would alert the law firm of the breach of security.
Almost immediately, I received a response from paralegal, confirming that the link was legitimate and in fact was intended for me – but not identifying the real estate transaction to which it related. I replied to the paralegal and asked her to please identify the transaction for additional security. She did not respond with the requested information, so I did not download the document. Apparently, my e-mail to the senior partner did its job, because less than an hour later, I received another e-mail from the law firm telling me that the original paralegal e-mail I received was in fact a virus and that I should delete it.
How to Protect Yourself from Cyber Fraud in Real Estate Transactions
Although I was not hurt by this attempt at real estate fraud, this experience has caused me realize how important it is to slow down and think before clicking on a link, downloading a document, or providing sensitive information. The fraudsters are always thinking up new ways to try to trick us, but with care, we can prevent them from getting the upper hand.
Having almost been the victim of real estate fraud, this seems a good time to reiterate and expand upon my previous advice to individuals involved in real estate transactions:
Verify all e-mailed wire transfer instructions or requests for personal information via a phone call. Do not use the phone number in the e-mail sending the request. Instead, go to the company’s website to obtain the phone number or obtain the phone number off of a business card or letterhead received in paper format.
Confirm that the sender really sent any e-mail that requests that you click on a link, even if no financial information is requested. As part of the confirmation, ask the sender to provide very specific information that a hacker would not know and could not easily obtain from a hacked e-mail account. When in doubt, make a phone call (again, not to the phone number on the e-mail) to confirm.
Encrypt e-mail messages containing sensitive data. If you enter sensitive information into a website, both confirm its authenticity and be sure that the data connection is secure. In popular browsers, this is typically indicated by a symbol (such as a padlock) next to the URL. In Chrome, a green padlock indicates a private, encrypted connection using https. I also have Internet security software which will open a special, secure browser upon request.
Maintain your software. Be sure that your operating system and application software is up-to-date, and be sure that you have reliable virus and malware protection installed.
Protect your laptop and portable devices by turning on a firewall on any public network. If you can avoid using a public network, do so. For instance, I have sufficient data in my mobile plan to enable me to use my own mobile hotspot when working with sensitive information in a public location.
Use Passwords for documents containing sensitive data, and keep passwords in an encrypted file. Use complex passwords containing a combination of capital and lower-case letters and numbers, and do not use the same password for every account. If others have access to your data through file sharing, require that they, also use complex passwords. Your data is only as secure as the weakest password that can be used to access it.
Use Double-Factor Identification where it is available. Yes, it is annoying to have to wait to receive a code on your cell phone before signing into a website, but that will prevent a hacker (who won’t have your cell phone with him/her) from gaining access to your account.
Use Less Common Security Questions for websites that require security questions, select questions for which the answer is not easily available online. If you have your high school on your public social media accounts, then the name of your high school or its mascot is not secure. If you cannot select the security questions, then consider intentionally including the wrong answer – for instance, use your mother’s first name instead of her maiden name as the response or the name of your college instead of your high school.
Inform parties with whom you do business if you believe that their account may have been hacked. Yes, you will be the bearer of bad news (like my post-holiday text), but knowledge of the hack will help for the victim to minimize the risk.
It took the Voller brothers years to create a forged violin, but a hacker can commit fraud in a matter of minutes. In our fast-paced world, it is important that we all slow down and take the time to verify authenticity of wire transfer instructions, embedded links, and requests for sensitive information, lest we become the victims of today’s cyber fraudsters in our real estate transactions.
This series draws from Elizabeth Whitman’s background in and passion for classical music to illustrate creative solutions for legal challenges experienced by businesses and real estate investors.