Cybersecurity continues to be an escalating concern within our industry due to our daily handling of sensitive financial and legal information. We bear the responsibility of safeguarding this confidential data, and it is predominantly communicated through email. Unfortunately, this reliance on email also renders us as prime targets for email phishing attacks.
According to the 2022 FBI report, phishing is by far the most prevalent tactic used for wire fraud today, affecting over 300,000 victims. Falling prey to an email phishing scam can result in not only severe financial consequences but also the potential compromise of transaction integrity
We’ve put together some tips to prevent email phishing so you can protect your title company and clients.
What Is Email Phishing?
Email phishing is a widespread cyber tactic that involves deceptive emails crafted to appear as if they come from legitimate sources. These fraudulent emails often impersonate trusted entities, such as clients, financial institutions, or even fellow real estate professionals, to create a false sense of trust.
Email phishing frequently contains convincing links or attachments, which, when interacted with, can lead to malware installation or redirect individuals to counterfeit websites designed to steal sensitive information. It’s imperative for title professionals to be well-versed in recognizing and thwarting these sophisticated phishing attempts to protect themselves and their clients from the risks it poses.
Email phishing is closely related to wire fraud. Once a cybercriminal successfully infiltrates a victim’s email account through phishing, they may gain access to sensitive information, including information related to financial transactions. This information can be used to commit wire fraud. This could involve fraudulent wire transfer instructions that misdirect funds to the criminal’s account instead of the intended recipient.
Is Email Phishing the Same as Email Spoofing?
Email phishing and email spoofing are related but distinct cyber threats:
The primary objective of email phishing is to deceive individuals into taking certain actions or disclosing sensitive information like personal information, financial data, or computer systems. This typically involves clicking on malicious links, downloading infected attachments, or revealing confidential data like usernames and passwords.
Phishing emails often impersonate legitimate entities or trusted sources, such as banks, government agencies, or familiar individuals. The goal is to create a false sense of trust and urgency.
Email spoofing, on the other hand, is a technique used to falsify the sender’s email address to make it appear as if it’s coming from a trusted source when it’s not. The primary aim is to hide the sender’s true identity.
Spoofed emails do not necessarily contain deceptive content or malicious links. Instead, they manipulate the “From” field in the email header to appear as though the message is from a legitimate source. Cybercriminals may use spoofed emails to lend credibility to their phishing attacks or to create confusion.
In summary, the key difference is in the objectives: email phishing is about deceiving recipients and obtaining sensitive information, while email spoofing is about manipulating the sender’s identity to mislead the recipient or give the illusion of authenticity. Both can be used in conjunction to make phishing attacks more convincing, but they serve different purposes. Email spoofing, when used in isolation, doesn’t necessarily involve deceptive content, whereas email phishing does.
How Can Title Professionals Protect Themselves and Their Clients?
Fortunately, there are steps you can take to protect your clients and your reputation:
1. Password strength depends on length and complexity
Use a phrase password with numbers and special characters. Stay away from simple and short passwords. Hackers have software that can crack something simple in seconds, but adding two additional characters can make it take years. Experts suggest using at least 12 characters and ideally 16 or more.
Do not use the same password on your social media accounts as you do for work, and manage your passwords with an application like Lastpass so you don’t forget them instead of scribbling them down on a piece of paper.
2. Do not conduct business over a public wi-fi network without a VPN
We’ve all done it. You’re on the road and busy. You need some caffeine to keep you going, so you stop into Starbucks, connect to their free wi-fi, and answer some emails while you wait for your triple grande nonfat caramel macchiato. Unfortunately, using an unsecured public wi-fi can leave you vulnerable to cybercrime. Set up a virtual private network (VPN) on your devices, which encrypts all transmissions while using a public wi-fi.
3. Use a two-factor authentication (2FA) process on your email account
This is one of the easiest ways to add an extra layer of protection on almost all your accounts from email to social media. The best thing about 2FA is that even if you accidentally give a hacker your password, they can’t access your accounts without the 2nd authentication. It effectively eliminates phishing as a problem for accounts where it’s enabled. Apple’s iOS, Mac OS, Instagram, Facebook, and Google all offer 2FA to help prevent hackers from gaining access to your accounts. Here’s a helpful guide that shows you how to do it for each one.
4. Consider using a proprietary email account instead of a free email service like Gmail or Yahoo
It’s much easier for hackers to impersonate you and create a similar email to confuse and take advantage of your clients. This is how many home buyers have fallen prey to wire fraud scams. They receive an email from their trusted real estate professional and follow the instructions to send money to the criminals. Creating an email with your company’s domain name instead of a @yahoo.com or @gmail.com account will help combat these types of scams.
- Granted, all email services are vulnerable to hacking, and Gmail does offer some robust features to prevent hacking such as 2FA. No email service is 100% bulletproof from hacking, so be sure to stay proactive in protecting your accounts.
5. Request Verification of Identity
All parties involved in a real estate transaction should consider requesting proof of identity at various key points in their interactions to avoid falling victim to email phishing or wire fraud. Here are some crucial instances when identity verification is important:
- Initial Contact: When a new client or party reaches out via email, request proof of identity before engaging in any sensitive discussions or transactions. This helps ensure you are communicating with the legitimate party.
- Request for Financial Transactions: Whenever there is a request for a financial transaction, such as a wire transfer or payment of closing costs, always verify the identity of the person or entity initiating the request. Confirm transaction details by phone or in person, especially if they differ from previous arrangements.
- Changes in Transaction Instructions: If there are sudden changes in transaction instructions via email, such as updated bank account information or beneficiaries, always verify the changes with a trusted source through a secure communication method.
- Sensitive Data Sharing: When sharing or receiving sensitive documents, such as deeds, contracts, or personal information, confirm the identities of both parties involved to avoid unintentional data breaches.
- Unsolicited Requests: If you receive unsolicited or unexpected email communications requesting sensitive information or transactions, be highly cautious and verify the sender’s identity thoroughly.
- Regular Interval Checks: Periodically, double-check and confirm the identities of all parties involved in ongoing transactions, especially in longer-duration real estate deals.
By making identity verification an integral part of your email communication processes, you can significantly strengthen your defenses against email phishing, ultimately protecting your operations and client relationships.
6. Educate your clients
This may be one of the difficult parts of preventing cybercrimes like email phishing. You may feel like you are repeating yourself, but keep doing it. For most people buying a home, the amount of information they are receiving is overwhelming. The average person purchases 3 homes in their lifetime, so it’s sure to be a confusing and new experience for most. Don’t let scammers use this confusion and inexperience against them. Share these tips with your clients; it’s not just for real estate professionals.
As a real estate due diligence partner, we take cyber security very seriously. This attitude is part of everyone on our team. If you are looking for a trusted partner to help with your closings, we have a secure proprietary system that can be integrated with your preferred closing software.
- Cybersecurity: How to Protect Yourself Before It’s Too Late
- Cybersecurity Best Practices When Working With Third-Party Vendors
- How Cybercriminals Use Email Spoofing to Commit Wire Fraud