Cyber Pirates Find Silver in Real Estate and Gold in Tech Invoicing

Cyber Pirates Find Silver in Real Estate and Gold in Tech Invoicing

May 16, 2017 / in Blog, Encryption/Security / by Zafar Khan, RPost CEO

Cyber pirates have found easy prey in real estate brokers, title agents and estate attorneys. Their emails are a treasure trove of information about pending transactions involving large wire transfers. Real estate buyers, eager to close the deal, blindly trust the email they receive and the advisors with whom they correspond.

There are countless reports of home buyers who have wired their downpayment funds to cybercriminals posing as settlement agents, only to have the funds lost forever in the criminals’ offshore accounts.

Just one such example: earlier this year, in Montgomery County, Maryland, hackers stole between $100,000 and $200,000 from real estate buyers who were tricked into wiring payments to a hacker’s account. False wiring instructions were sent from what appeared to be the real estate professional’s email account.

In other cases, Internet criminals intercept unencrypted email messages to learn and change wiring instructions, phone numbers and other contact details. Once they access a real estate buyer’s information, they simply pose as an agent’s representative, call, and verbally provide new wiring instructions.

Easy cyber pirate silver. Hundreds of thousands of dollars per bounty.

But the real gold may be in recurring tech company invoices.

Many tech companies have long-term trusted suppliers who might not have all of the payment and audit controls in place. With a little research, a few spoofed (faked) emails, and some PDF editor skills, cyber criminals are finding gold by sending fake invoices to tech companies that set up recurring payments that in fact go to Internet criminal accounts. These work – for a period of time.

Recently, the US Justice Department charged a Lithuanian man with stealing $100 million from Facebook and Google by using a simple process of creating fake invoices and sending them to the payments team from an email that appeared to be coming from the tech giants’ suppliers.

Facebook and Google may have enough money that they don’t notice when $100 million goes missing for over a year….But for most of us, losing tens of thousands of dollars from fake invoices, or hundreds of thousands of dollars and a new home from fake wiring instructions has serious consequences.

Small and medium-sized real estate firms and other businesses need protection from the recent wave of business email compromise (BEC) or “spear phishing” attacks involving “imposter emails” that lure real estate and accounting professionals into wiring funds to fraudsters. RPost’s 2017 end user survey reports 22% of respondents know someone who had been a victim of BEC imposter email. According to the FBI’s Internet Crime Complaint Center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.”

Certainly in some industry sectors such as real estate, estate law, accounting, financial advisory – or in some job functions such as billing, finance and HR, simple tools to encrypt email, or to detect imposter email seem reasonable to have.

Among RMail users in the real estate, title insurance, and mortgage sectors, 75% are actively using RMail encryption. Many are upgrading to add RMail “anti-whaling” imposter email protection. RMail services enable thousands of real estate professionals to streamline real estate transactions, eliminate significant closing costs associated with paper-based delivery, speed closing, and protect against compliance penalties and cyberfraud.

RMail is now endorsed by the Real Estate Service Providers Council (RESPRO) as the Association’s “Top Choice for Cybersecurity and Compliance” in the real estate industry.