You finally found it: the two-story bungalow in the trendy part of town you’ve been eyeing for years – the one with the best coffee shop (hello, foamy latte) and favorite farmer’s market. You made your best offer (they accepted!) and now you’re about to close on your dream home.
Then just before closing, an email from your real estate agent pops up, claiming a last-minute change to the money-wiring instructions. You wire the funds. But the money never makes it to the bank. Turns out that email wasn’t from your agent – but a hacker. You got spoofed.
Unfortunately these days, enterprising hackers are busy tricking homeowners into sending them their hard-won down payment.
How? They access email accounts by snagging passwords through public Wi-Fi and via email solicitations that appear to be from senders you know.
The bad guys comb through the email accounts, searching for any information about home sales and upcoming closings. Once they’ve found what they need, they send consumers an email posing as their real estate pro, attorney, or escrow officer. The email includes wiring instructions linked to a fraudulent account.
Here’s how to prevent a hacker from running away with your home before you even have a chance to buy it:
1. Never, ever send personal info over email.
Personal info includes a bank account number and a Social Security number. Your agent shouldn’t be sending this stuff by email either.
2. Pick up the phone.
If you ever receive wiring instructions by email, call your agent or lender to confirm one of them sent it. Call the phone number you have on record for your agent, not the one listed in the suspect email.
3. Discuss the funds wiring process with your agent.
Early on in your relationship with your agent, ask about what you should expect, when, and from whom.
4. Change your passwords often.
Create a reminder on your phone or computer to update passwords monthly. Make them strong, something even your friends and family members wouldn’t be able to guess right away – you know, something other than password1 or your dog’s name.
5. Set up two-factor authentication.
Two-factor verification, which requires both a password and a code that’s sent to your phone or other device in order to log in, is more challenging to hackers than a single layer login. Make sure you set it up on your email and bank accounts.
6. Read up.
Get even more email security best practices.
Got spoofed? If you ever receive a suspicious email, report it to the FTC by forwarding it to firstname.lastname@example.org.