Mary was a hard-working broker at a medium-sized office, she answered her agents’ emails and provided all the tools of the trade. She wanted every agent in her brokerage to succeed and like all brokers, Mary charged her agents an office fee to cover their costs.
In April, the start of the busy season, Mary noticed emails from her agents, even ones she didn’t hear from often, popping up one after another after another in rapid succession. “What is going on?!”
Her first email, a reply to an email Mary sent stating the office fees had gone up, and a charge was applied without any warning. She opened the next email, and it read the same, and the next, and the next. Mary was perplexed; upon further investigation, she realized she never sent an official statement with an additional charge to her agents. She called a fellow broker for advice, and he suggested she call the FBI.
The FBI explained this is a common tactic labeled “CEO Fraud,” or “Business Executive Scam.” They told her that poor email practices in her brokerage made it easy for a hacker to infiltrate her and her agents’ emails. Then the hackers found an old statement, copied it, and sent out emails to all the agents hoping they would pay the inflated office fee. Luckily, Mary’s agents did not pay the hackers and instead emailed her promptly! Wisely, Mary called the agents directly to inquire about their emails. Not everyone is that lucky.
Mary discovered, through the FBI, that there are practices you can put into place to protect herself:
- Out-of-Band Communication: Establish other communication channels, such as telephone calls to verify significant transactions. Arrange two-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
- Avoid free web-based e-mail accounts: Establish a company domain name and use it to create company e-mail accounts instead of free, web-based accounts.
- Immediately report and delete unsolicited e-mail (spam) from unknown parties. DO NOT open spam e-mail, click on links in the e-mail or open attachments. These often contain malware that will give scammers access to your computer system.
- Carefully scrutinize all e-mail requests for transfers of funds to determine if the requests are out of the ordinary.
At Independence Title we suggest you take advantage of the spring season to clean out your emails and take a hard look at your security. Delete all emails that are spam or have links or attachments that are not legitimate. Spring is also a time of renewal, use it to implement two-factor authentication as a security step in your new defense strategy. Don’t let an internet breach slow you down during the busy season!