Protect Your Money
Buying and selling a home is an exciting time, but there can be pitfalls for unsuspecting consumers. You should be aware that criminals use wire fraud schemes to steal money meant for home purchases or the proceeds from the sale of the property. Criminals often begin the wire fraud process by using email messages, website forms, or phone calls to steal your email login and password information.
Check out these resources to protect your money:
Safeguards to Follow
Consumers are encouraged to follow these steps to help reduce the risk of becoming a wire fraud victim.
- Call don’t email: Confirm your wiring instructions by phone using a known number before transferring funds. Don’t use phone numbers or links from an email.
- Be suspicious: It’s uncommon for title companies to change wiring instructions and payment info by email.
- Forward, don’t reply: When responding to an email, hit forward instead of reply and then start typing in the person’s email address. Criminals use email address that are very similar to the real one for a company. By typing in email addresses, you will make it easier to discover if a fraudster is after you.
- Confirm everything: Ask your bank to confirm the name on the account before sending a wire.
- Verify immediately: Call the title company or real estate agent to validate that the funds were received. The sooner it is detected that money has been sent to a wrong account, the better chance you have of recovering the money.
Social Engineering and Phishing
Criminals Use Fake Emails to Phish for Your Information.
What is Phishing?
Phishing emails often ask for personal information to gain access to your financial assets or to steal your identity. They may also place malicious code on your computer, browser, or mobile device to monitor your activity or gain access to your other accounts. Be wary of any emails from unknown senders or spoofed email addresses.
How to Identify a Phishing Email
- Poor spelling or grammar
- Generic or non-personal greetings
- Requests personal information (passwords, financial information, MFA pins, credit card numbers, social security numbers, etc.)
- Unusual or unnecessary sense of urgency
- Offers that are too good to be true
- Emails that instruct you to transfer money or to change wire instructions
How to Identify Spoofing
Bad actors commonly spoof the sender’s display name so that an email will look like it is coming from someone you know. Hover over the display name to see if the email address matches the purported source of the email. You can also always pick up the phone and call the sender through a trusted phone number to confirm the message is from them.
Bad actors will also disguise hyperlinks so that you cannot see the true destination of the link. Hover your mouse over a hyperlink without clicking to confirm it points to an address you expect.
Bad actors can impersonate legitimate websites by making subtle changes to the website domain name, like adding an “l” and “r” to transform “firstam.com” to “flrstarm.com”. Always double check the address bar to confirm you have not found yourself on a fraudulent website. If you have never heard of the website before, do some research on the organization before handing over your information. Call the sender through a trusted phone number to confirm the message is from them.
Did You Know that Phishing is More than Just Emails?
Vishing, a combination of “voice” and “phishing”, is a call-based scam designed to get you to share personal information or financial details, such as account numbers and passwords. While most email have robust spam filtering technologies, our phones are less adept at warning us of an attack and prone to phone number spoofing. Additionally, it’s much easier for bad actors to convey emotion and build trust over the phone, which makes it easier for them to trick you.
Smishing, or “SMS Phishing”, is a text-based phishing scam. Like email phishing and vishing scams, bad actors attempt to steal your personal information, MFA codes, or passwords, or infect your devices; however, in smishing, bad actors communicate with you via text.
Social Media Messages
Social media is also ripe for phishing-style scams. Bad actors can create fake individual or business profiles that appear trustworthy, and they also attempt to duplicate real accounts.
What to Do if You Receive a Phish
Never Click a Link Without Checking.
Hover your mouse over the text of a link without clicking to verify the true destination of the link. The true link will be displayed in the lower right corner of your browser. On your mobile device, you can similarly press and hold down on the link.
Be Careful With Attachments.
If you are not confident that the sender is legitimate and the attachment is secure, call the sender through an independently verified telephone number and confirm they actually sent the message.
Keep Your Systems Updated.
Be sure to keep your operating systems, browsers, email software, virus protection and apps updated with the latest versions. These updates will often contain fixes for certain vulnerabilities that fraudsters may try to exploit.
Report Suspicious Messages.
Most email software (Microsoft Outlook, Gmail, and others) has functions that allow you to report suspicious emails and provide the detail of the email. You can also report any fraud attempts to the Federal Trade Commission (FTC).