Online Real Estate Scams

Hold onto your money, folks, and verify, verify, verify.

 Online scams nowadays often have more to do with social engineering than serious hacking. But protecting your data is very important, too.

Online scams nowadays often have more to do with social engineering than serious hacking. But protecting your data is very important, too.

So this is a super exciting topic, right? I've attended enough classes on information security to know how quickly people tune out (about 47.8 seconds). We're all vulnerable, though, so let's keep on top of this crazy world.

The Wire Fraud Scam

How it works
This one has been around for a couple of years and there are several different variations. However, the end result to a client during a real estate transaction is virtually the same. You receive an email from what looks to be your title company or realtor (it may have come from a hacked email address or be a "spoofed" email address). It includes wire instructions related to the house that you are purchasing. You go ahead and wire the amount to the account details shown because why wouldn't you? Unfortunately, that account you just sent your money to was actually an account that the scammer had access to.

 Don't let go of your control! (haha, see what I did there)

Don't let go of your control! (haha, see what I did there)

Scammer = $, You = :(

How to avoid the scam
Always, and I mean always, verify wire instructions via a phone call to someone you trust (the title company if you are familiar with the agent, your realtor, or your loan officer). Don't use any contact information contained in the email with the wire instructions.

Fictitious Property Scam

This one mostly impacts people that live out of state looking to purchase or rent a property but there are local variations, too. It is especially prevalent in hot markets. I could see this really starting to impact Portland. Take a look at my blog about all the people moving here. 

How it works 
Scam artists copy photos of previously listed homes and create a fake property profile. They post to websites that allow for basic, unverified user accounts such as FSBO (for sale by owner) websites. Prospective buyers/renters call the information listed and, depending on the variation of the scam, may go so far as to make an offer to purchase/rent the home. 

In the case of properties for sale, the interested buyer moves forward in wiring funds or mailing a cashier's check for earnest money (an amount often sent with an offer to purchase to prove how "earnest" the buyer is in their desire to buy the home). After funds are sent, the online property profile vanishes. In the case of rentals, the scam artist asks for an upfront "application fee" which promptly disappears along with the online listing. This scam can also happen on popular websites like Zillow, Trulia, or Craigslist. These sites aggressively crack down on scam accounts but there will always be some that slip through.

 For sale online for $450,000. Just take my money, already.

For sale online for $450,000. Just take my money, already.

How to avoid the scam
For home buyers, always work with a buyers agent. Attempting to buy a home without representation, especially when you live out of state, can lead to a whole host of problems (we'll save that for a future blog). Of course, I'm completely biased in this opinion because I'm a realtor but when it comes to the buyer side of things, there's very little to lose by having someone represent you. 

Other things you can do if you're a renter or you just don't want to hang out with your friendly neighborhood realtor:

  1. Check the tax records. Most places have some type of online public access to check this (locally that would be PortlandMaps) but if not, lookup the local Tax Assessor's office and give them a call. If the name on the tax record doesn't match the property profile, slowly back away before turning around and running. Figuratively speaking, of course. Don't, like, leave your computer behind in a public place.
  2. Ask for the property address then look it up on your favorite maps program then check the street view. Does it match the picture? No? Methinks I smell a rat.
  3. Contact a local realtor and ask them about it. I am sure that any who respond will be happy to help you find information about the house even though they don't represent you. Who knows why. I guess realtors are just super friendly that way. Then, if they seem like smart people that you could hang wallpaper with for an hour or two, maybe consider interviewing them...?
  4. Check for odd grammatical and spelling errors along with weird turns of phrase. Evildoers are getting better at this but are rarely perfect. Also, if the listing details clearly don't match what the pictures of the place look like or the price is entirely too good to be true, it is very likely a scam. 
 You knew this post had to include a picture of the ubiquitous hoodie-wearing hacker, right?

You knew this post had to include a picture of the ubiquitous hoodie-wearing hacker, right?

So there you are. These scams will now be successfully avoided by everyone I know. But, I feel like there's more to say about protecting yourself online that goes beyond real estate. Since this post has been relatively short for me, why not keep going? Just a disclaimer: no matter what you do, there is never a way to be completely protected. 

Having made that cheery statement, here's just a few pieces of advice for greatly reducing your online vulnerability that I find myself frequently dispensing and are just as frequently ignored:

  1. Keep ALL of your devices up to date which means update everything as soon as a new release comes out. That means Apple users, too (the days of thinking that Apple products aren't vulnerable are over). No, do not wait a week or two to see if you like the feel of the update. Vulnerability patches are entirely too important to wait. 
  2. Use a random password generator for everything. Store them in a password keeper (check out LastPass and Dashlane). Make sure that the password you use to access the password keeper is really good (like a passphrase). Yes, there are some downsides to using a password keeper and there's always debate about the safety of keeping all your passwords in one place. However, the alternative most people use is having one, maybe two, passwords for EVERYTHING. To me this is a lot riskier than relying on a very successful company to maintain sophisticated software that protects your data.
  3. If you do not want to use a password keeper then make sure not to use the same password for everything. Please use a different password for all of your financial accounts. At least in this manner, if one of your non-financial passwords gets cracked, they can't use it to drain your accounts. Make your financial passwords as difficult as possible (which means more complex than a word followed by a digit or two.) If you find yourself copying your passwords onto Notepad or Word then it's time for a password keeper.
  4. Do not click links in emails unless they are from a trusted source, no matter how interesting they look. Also, be careful of "attachments". A recent scam involves taking a screen capture of a PDF or other attached document and inserting it into the email. This way it looks like a legitimate document to download but is actually a link to a site that will install malware on your computer.