NAR provides members tips to prevent cyberfraud

Bigstock image

The Legal Affairs Department for the National Association of REALTORS® offers numerous best practices for preventing scams, hacks and loss of data as well as recovery if members and their clients fall victim to one of these situations.

REALTORS® can login and get the NAR Data Security and Privacy Toolkit for best practices regarding emails, transactions, business procedures and damage control. Some suggestions from the toolkit include:

  • Use encrypted email;
  • Never trust contact information from unverified emails;
  • Use strong passwords and change them frequently;
  • Make sure all parties use secure email procedures for transactions;
  • If wiring money, call intended recipients immediately prior to verify wiring instructions;
  • Develop and enforce policies for ensuring data security; and
  • Avoid storing clients’ personally identifiable information any longer than necessary.

The toolkit also provides a link to the Federal Bureau of Investigation’s Internet Crime Complaint Center.

Homeland Security offers 5 ways to enhance your cyber security

Mobile devices

The Department of Homeland Security suggests five best practices to safeguard important work and personal information from others as part of its “Stop. Think. Connect.” campaign. Since October is National Cyber Security Awareness Month, the department recommends:

When in doubt, throw it out – Cyber criminals can use email, instant messages and online posts to access information they want through your computer, so don’t open attachments or links from people you don’t know.

Back it up – Viruses, malware, computer malfunctions and theft can destroy your work, so make electronic or physical backups.

Guard your devices – Prevent theft by locking your laptop or mobile device when they are not in use, and never leave them unattended in a public place.

Secure your accounts – Use passwords that are at least eight characters long, with a mix of numbers, letters and special characters. Don’t share user names with colleagues. When possible, use stronger authentication for security above and beyond a password.

Report anything suspicious – Notify your tech department if you experience unusual problems with your computer or mobile device.

For more helpful information, see the Stop. Think. Connect. Toolkit and visit


Did you get the October magazine yet?


Check your mail this week for the October Illinois REALTOR® magazine, which includes a message from incoming president Doug Carpenter and a cover story “Celebrating our past; looking to the future” about the future of our association.

Other feature stories include:

  • The opportunities for REALTORS® through the growth of the Consulate General Liaison Program;
  • Advice on protecting your office and your clients from cybercrime;
  • How the Real Property Alliance is helping Chicago taxpayers file tax appeals; and
  • All the regular columns written by Illinois REALTORS® staff members.

I can’t wait

Read it online now!

Fraud alert: Scammers using hacked email accounts to hijack wire transfers

Bigstock image

Bigstock image

Illinois REALTORS® and their clients are being victimized by sophisticated wire fraud schemes rooted in hacked email accounts.

Example: Hackers who have already gained access to email accounts of sellers, buyers, real estate brokers or attorneys watch messages for words or phrases that indicate imminent real estate transactions. When closings are near, they intercept real messages and send counterfeit messages to the intended targets with instructions to wire funds to fraudulent accounts. If the victims send money to the accounts before they are discovered as fraudulent, the money may not be retrievable.

There are ways to try and make sure you and your clients aren’t victimized by schemes like this. IAR Legal Hotline Attorney Betsy Urbance and IAR Director of Information Technology Matt Brewer offer the following tips.

  1. If your office has its own information security policy, make sure you understand it and follow it. A security policy can contain rules concerning: acceptable use, email, password construction, security response and a clean desk policy discouraging employees from leaving confidential or proprietary information where anyone can see it.
  2. If your brokerage doesn’t supply you with encrypted email of its own, consider a free email system with built-in protections, such as Gmail, Hotmail or Yahoo.
  3. Don’t do business through public WiFi, but if you feel you must access email through WiFi, give it added protection by logging in to a Virtual Private Network (VPN) before logging in to your email account. A VPN creates a secure, encrypted connection between you (at a hotel) and the VPN provider (your business). It prevents someone from hacking into your messages from another room at the hotel.
  4. Use strong passwords (16 characters, at least one number, one uppercase letter, one lowercase number and one special symbol) on all your accounts and change them frequently. Use
  5. Promptly return phone messages to clients, especially if they are being asked to send a wire transfer to a third party, independently verifying your clients’ phone numbers.
  6. Verify email requests for money or payments by calling the person who sent the request or talking to him or her in person before completing the transaction. Do this even if you know the person so that you prevent a hacker from impersonating a trusted business associate. Be skeptical of any email request for payment or money and double-check these requests by another method.
  7. Use two-step verification to protect your email from being hacked. Brewer says if you have two-step verification enabled, a text message is sent to your mobile phone whenever anyone attempts to open your email account from a device that hasn’t been used in the last 30 days. A code in the text message must be used to gain access to the email account. If you receive the text alert and you’re trying to access the account, you follow the instructions and go about your business. If someone else is trying to use your account, they will be unable to do so without the text message, and you will know something illegal is happening.
  8. Don’t trust anyone.

Managing Brokers and local association leaders – particularly individuals with information technology, financial or chief executive officer responsibilities – should be particularly vigilant, says Brewer, because cyber criminals will target their email accounts for use in scams.

Urbance says educate yourself about the methods criminals use, and implement best practices to protect confidential client information as well as company information.

For example, criminals may try to hack into email accounts to learn passwords, steal identities and later trick clients or business associates into sharing key information or inadvertently diverting payments into fraudulent accounts.

Controlling the damage

The National Association of REALTORS® suggests members consider cyber insurance through a specialist in advance of any problems. Also, NAR has recommendations in case of the theft of a money (wire) transfer. They include:

  • Call banks immediately to stop transfer.
  • Contact all other parties to the transaction.
  • Contact police.
  • Change all passwords.
  • Report incident to the FBI Internet Crime Complaint Center:
  • File report with REALTOR® associations.
  • Call the Attorney General.

7-minute NAR video can help protect you from disaster during closings

Have you ever heard of a broker whose client’s money was stolen during a closing?

In the NAR’s latest edition of “Window to the Law,” that’s just one of the real-life scenarios you can learn to protect yourself from. In “Cyberscams and the Real Estate Professional,” NAR Associate Counsel Jessica Edgerton says hackers interested in stealing large amounts of money during closings will gain access to a broker’s computer well in advance of the transaction and surreptitiously collect enough details to allow them to impersonate one of the parties.

They may send an email to a broker, pretending to be one of the parties involved in the transaction, hoping to get the buyer to transfer money electronically into a phony account.

She says steps can be taken to prevent this from happening. Check out the video now. Or you can refer to a copy of the slides from the video to do some valuable research.