Wire fraud in real estate has become a common occurrence. Purchasing a home represents the largest asset category on the balance sheets of most households. Wire fraud can ruin the lives of victims who lose their entire life savings in these scams.
Wire fraud often begins when a criminal hacks into the email of a party to the transaction – the buyer, seller, realtor, closing agent – and learns information about upcoming real estate transactions. The criminal can figure out when a closing will occur simply by keeping tabs on the email communication. The criminal then poses as someone involved in the transaction, such as an escrow agent, real estate agent, or loan officer using a fake or spoofed email address. Often times, they provide fake wiring instructions and ask for the proceeds to be sent to an overseas bank account where it is out of U.S. law enforcement’s jurisdiction.
Luckily, there is an easy way to avoid falling victim to these types of wire fraud scams. That is by preventing it in the first place by using multi-factor (aka two-factor) authentication.
So, what is multi-factor (aka two-factor) authentication?
Multi-factor authentication creates a second layer of security that a user must clear in order to gain access to the account. A classic example is the ATM card. To take money out, the individual must know their pin code (password) AND be in possession of the bank card that’s linked with the account that matches their pin. Having one or the other is not enough.
Multi-factor authentication works much the same way with email. To configure multi-factor authentication, a user simply goes to their email account settings, ticks the box to enable multi-factor authentication, and enters their mobile phone number. There’s an option to receive a verification code by phone or text. Enter the verification code to configure multi-factor authentication with that mobile device.
From then on, any time the user logs into her account she must also enter a unique code to gain entry. It might seem like a hassle, but it increases email security significantly. Even if an individual’s username and password are compromised – maybe they accidentally downloaded malware from a spam email or used public, unsecured WiFi to access their email – the criminals cannot gain access unless they also possess the specific mobile device that was configured with the email account.
The two most common multi-factor authentication methods rely on text messages and/or mobile applications to produce the code. With a text message, a user logs in to their email account with a username and password and then receives a text message on her phone that contains the unique six-digit code. Once the user successfully enters the code at the email login, they unlock the second layer of security and gains access to their account. A second method is similar to the SMS approach but instead relies on a free smartphone app, such as Google Authenticator or LastPass Authenticator, which produces a new six-digit code every 30 seconds. A user logs in to their email account with a username and password and then opens the app to obtain the unique six-digit that unlocks the account. With both methods, the user must have knowledge of their username/password AND possess a specific device that’s configured with the email account. Knowledge of the username/password makes one factor, and possession of a specific device makes two factors.
Check out this quick demo video on how to setup LastPass Authenticator:
Unfortunately, we are only as strong as our weakest link. It only takes one party to the transaction with lax security, which opens the door to potential wire fraud. This means it is incumbent on each of us to educate all parties to the transaction on the risk of using insecure email and the importance of using multi-factor authentication.