Skip to content
Keyboard with lightning behind it

Cyberattacks on Real Estate Professionals, What’s Next?

Brokers and escrow officers, like other professionals, use phones and e mail as their main mode of communication and by doing so they are exposed to data breaches. In the last year data breaches became more prevalent in real estate transactions. Brokers and escrow officers should be aware of the issues and try to avoid them. This article discusses the type of breaches that may occur, their danger and how to try and avoid them.

The concern brokers and escrow officers should have is that they are processing their clients’ personal financial information as well as, significant amounts of money. For this reason, they have become a rich target to cyberattacks.

Data breaches arise from several causes. They can happen by rogue employees, or they can occur by mistake, when there are lost or stolen mobile devices or laptops. This article mainly discusses breaches that occur by third party hackers.

A cyberattack is an attack initiated by hacking from a computer against a website, computer system or individual computer or person, that compromises the confidentiality, integrity or availability of the computer or information stored on it. Cyberattacks occurs in many forms, including: (a) Gaining, or attempting to gain, unauthorized access to a computer system or its data, (b) unwanted disruption or denial of service, including the take down of entire web sites, (c) installation of viruses or malicious code (malware) on computer a system, (d) unauthorized use of a computer system’s hardware, firmware or software without the owner’s knowledge, instruction or consent, and (e) inappropriate use of computer systems by employees or former employees.

In the last few years real estate agents would often receive e mails, purportedly originating from ‘investors,’ usually from oversees, who wanted to rent an apartment, buy a home, or invest in real property. These perpetrators would typically e mail a real estate agent asking for information, which then lead to someone in the transaction sending bank account information to the perpetrator so that they can wire funds. In other instances the perpetrators simply sent a check to be deposited in the broker/escrow trust account. Those instances may lead to other trust funds being stolen and to claims from sellers/landlords that the buyer/lessees were not properly vetted by the brokers. Agents should be more suspicious in transactions where they never met their clients and they should be careful in depositing funds wired or mailed by these mystery clients.

A more pervasive form of cyber attack in real estate transactions occurs when there is stolen identity. A perpetrator learns information about a property owner and he/she applies for a loan secured by the owner’s property. Stolen identity occurs when a person, without permission, uses a legitimate identity to fraudulently take certain action. Generally, the cyber criminal obtains a valid name through the use of social engineering, email phishing, or purchasing the data on the black market. This then becomes a gateway to other cybercrimes such as, tax refund fraud, credit card fraud, loan fraud or other similar crimes. Over 50% of the identity thefts go undetected for a least one month and 10% remain undetected for two or more years. According to the Identity Theft Resource Center identity theft complaints are ranked first with a 30% increase over prior years.

Using cyber crimes through identity theft in escrow transactions, the perpetrator obtains the identity of a party to the escrow and then assumes its identity while the transaction is still pending. This is done by e.g., mimicking a party’s e mail address with a slight variation, which e mail will then be returned to the communicating perpetrator. To make the communication more believable the perpetrator may also carbon copy the e mail communication to the buyer/seller’s agent (also with a slightly variation of the e mail address) and then instruct escrow or one of the brokers how to proceed.

In one recent case, a perpetrator pretending to be the escrow company instructed the agent to deposit the buyer’s trust funds in the wrong account. In another, someone pretending to be the seller instructed the escrow company to cancel a check with the sale proceeds and instead wire the proceeds to another account. Since escrow companies handle money they are a rich (and a lot more promising) target than credit card fraud.

The problem with identity theft is that none of the real estate professionals are safe from liability. An agent who does not communicate with escrow or his/her client, passes on the client’s e mail or other personal information, or uses an unsecure e mail account that could allow perpetrators to hack into the agent’s e mail (to find out the transactions the agent may be involved in) can be a source of liability.

In order to try and avoid cyber security claims, real estate brokers should discuss those risks with their agents. They should develop training, procedures and keep agents informed of new methods of attack. When handling funds, brokers and escrow officers should avoid getting instructions by e mail. They should speak to the parties and obtain instructions in person, or preferably notarized. Red flags can include, a client e mail that suggests that the client is unavailable to speak and can only be reached by e mail, a client’s instruction that is different from a prior instruction, and an instruction to send money to a bank account that is out of State and in a different name.

Below is a summary of proposed procedures to consider:

(a)        Internet Use: Real estate professionals should use a protected servers to send and receive e mails. If an agent or escrow officer’s e mail is hacked they should immediately notify all parties to their transactions so that the parties could be on elevated alert.

(b)        Employees: Escrow companies and brokers should scrutinize the employees they hire. It is suggested that they review prior employment, financial problems, and relationships with certain shady investors. Supervision can be accomplished by reviewing and/or auditing files.

(c)        The Devil is in the Details: Professionals should pay attention to details. A different e mail address can mean that the party communicating may have had its e mail hacked. An instruction that makes no sense may suggest wrongdoing. Different signatures for the same party, a new bank account to send proceeds, a new address to send a check, e mails out of context or e mails with poor English can all be an indication of fraud.

(d)       Following Up on Red Flags. Anything that appears strange should be verified. First, it should be verified with the agents who know the parties. Next, with the parties themselves.

(e)        Funds: Funds should be handled with the utmost care.

i.     Checks are a preferred method of payment than wiring. A check takes longer to cash, it has a clear indication of the payee and if attempted to be deposited into the wrong account it may raise a red flag with the bank. A bank in insured and can be liable for releasing funds if the check and account name do not match. This procedure is not followed when a wiring instruction is received.

ii.     Any changes from the original instructions of delivery of funds, bank account, name of payee, or method of payment should be verified. They should be verified with the agents and the parties over the phone or in person.

iii.     Payment instructions should not be accepted from an e mail. They can be easily altered. Various procedures can be implemented such as notarized instructions, having the real estate agents obtain the original signatures or having the parties provide the instructions in person to escrow.

While this article is not intending to establish a new standard of care and the author is not suggesting that these procedures are how real estate professionals should act, these are some tips which could be considered best practices, that may help to prevent future losses in the immediate future, until the perpetrators develop new methods of attack.

About the Author


Rinat B. Klier-Erlich

Manning & Kass Ellrod, Ramirez Trester

Ms. Erlich is a professional liability defense attorney specializing in defending real estate professionals including, real estate brokers, escrow officers, appraisers, and design professionals. Graduate of Tel-Aviv University (BA 1992, magna cum laude), Whittier Law School (JD 1997, magna cum laude) and California State University (MA, Philosophy of Law 1998). In the last 18 years she has defended many professionals through trial and appeal. Ms. Erlich is a member of the Real Estate Executive Committee of the California State Bar and a member of the Legal Affairs Forum, California Association of Realtors. She is a Specialized Litigation Group chair and she is on the steering committees of several Defense Research Institute groups, Professional Liability Underwriters Society Southern California Chapter, and the Southern California Chapter of Claim and Litigation Management Alliance. Ms. Erlich is a recipient of Rising Star and Super Lawyers awards, and is an author and frequent speaker on professional liability topics. Ms. Erlich is a former Israeli Defense Force officer and a mother of 4 children.

Back To Top