Stuck in the Middle?

August 2018 Insight: Stuck in the Middle resource header

Insight | August 2018By Roger Bernholz

By now we should all be aware that aggressive criminals around the world are using the internet to steal money and identities through a variety of nefarious schemes. Brokers in North Carolina have seen their buyer and seller clients lose hundreds of thousands of dollars—fraudulently stolen and never recovered! Imagine if you were implicated in such a disaster.

Because our business has become so tied to digital communication, be it email, social media, CRM, online marketing, data mining, etc., we have become easy targets for these criminals. Phishing, spoofing, cracking, man-in-the-middle, spear phishing, sniffing and a host of other social engineering techniques with funny names and too numerous to describe are often aimed at REALTORS® who are easily spotted online. Our business almost always involves transactions where very large and very attractive sums of money are changing hands, often through digital funds transfers, because that has been viewed as faster and more reliable for assured receipt of “good funds.”

On top of that, as we guide our clients through the contract and closing process, a good deal of their personal and confidential information is collected. Indeed, buyer and seller information sheets, like Standard Form 9-T from NC REALTORS® or similar forms from attorneys, are replete with what has come to be called NPPI, non-public personal information. And REALTORS® have traditionally been the conduit through which that information has flowed between the parties to the transaction and the closing attorney. This combination is obviously a very dangerous one, ripe for the criminals to steal our clients NPPI and, more importantly, their money.

Attorneys already have been pushed into adopting a long list of expensive “Best Practices” to satisfy mortgage lender requirements in order to protect NPPI and the confidentiality of these transactions. This, by necessity, must be a coordinated effort among REALTORS®, closing attorneys, mortgage lenders and other important players in our transactions. We must work hard and make changes to stop this attack on our clients and us. Here are some of the steps REALTORS® can take to address this huge problem.

1.  Get out of the middle.

When sensitive information is being exchanged, REALTORS® need to stay out of the way, when possible. The process of transmitting the information sheet, instructions for digital funds transfer or other documents containing NPPI, should remain between the client and the attorney only. This will ensure that an encrypted email service or secure online portal is being used and provided by the lawyers. Although much less likely, this also helps keep the finger of blame and liability from being pointed at REALTORS® should a problem arise.

2. Written warning.

Review with your clients the “Wire Fraud Warning,” added to the Offer to Purchase and Contract, and the listing and buyer agency agreements that instruct them on the best way to protect their money. Encourage them to follow the various recommendations contained in those documents because they do work in protecting parties and agents involved. We’ve received numerous notes of appreciation for the “warning” received in situations where schemes were discovered and crooks were thwarted.

3. Use multi-factor authentication

Set up and only use an email system that provides “multi-factor authentication.” This makes it much harder for a criminal to obtain access to your email account by phishing for your credentials and logging into your email account, monitoring the progress of your transaction, obtaining the contacts for all the other players in the transaction and sending messages that look for all intents and purposes like they are from you. Also, be very cautious about any email you receive that asks you to provide any form of login credentials in order to see an “important document”, particularly when unexpected. These are very often fraudulent.

4. Only use reliable contact information

Provide your client with your card and the business card of the closing attorney when possible so they have reliable contact information. Avoid using email to transmit such information that could be easily intercepted and modified.

5. Face-to face interactions are best

Encourage and support the direct, face-to-face interaction between each party to the transaction and the closing attorney’s staff, where identities can be verified and written and signed directions about transfer of money can be exchanged. Notarized written instructions can also work.

6. Strong passwords

Use strong passwords for online activities and change them regularly. A key element of wire scams is the hacker’s ability to research and monitor email accounts for lengthy periods of time. Changing passwords regularly may deny access to hackers before the opportunity to strike appears.

 

Roger Bernholz is Vice President and General Counsel at Coldwell Banker Howard Perry and Walston in the Triangle. He assists the company’s brokers and agents when thorny issues arise and keeps them informed about important industry and regulatory changes. He has volunteered on the NC REALTORS® Forms Committee and the Joint Forms Task Force for more than 20 years.


Filed Under: