Real estate-related cyber fraud is rapidly becoming one of our nation’s most worrisome issues. If the parties’ Personally Identifiable Information (PII), which is unavoidably involved in real estate transactions, falls into the wrong hands, it can result in financial loss, identity theft and more. Hackers often use fraudulent emails or websites to trick trusting consumers into disclosing their personal information. Here are some ways to spot the fakes:
1. Fake links:
Hover your mouse over the link to look at the URL in your browser or email status bar before clicking on it. A fraudulent link is dangerous and can:
- Direct you to a fake website that asks for your personal data.
- Install spyware on your system that can enable a hacker to steal any login IDs, passwords, or credit card numbers.
- Cause you to download a virus that could disable your computer.
2. A fake sender’s email address:
Fake emails may include a forged email address in the "From" field. If you don’t recognize the email address, contact the known sender to verify the authenticity of the email.
Do not open or click on attachments within an email requesting your signature. DocuSign, for example, only emails PDF attachments of completed documents after all parties have signed them. Even then, pay close attention to the attachment to ensure it is a valid PDF file.
4. Generic greetings:
If you do not see your name in the salutation, be suspicious and do not click on any links or attachments.
5. A false sense of urgency:
Many fake emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates, or that unauthorized transactions have occurred on your account. If you need to check on an account, only do so directly through your web browser.
6. Emails that appear to be websites:
Some fake emails look like a website in order to get you to enter personal information. Always enter the known web address directly in your browser; do not click on links in the email.
7. Deceptive URLs:
Look in your browser's URL bar for these signs that you may be on a phishing site:
- Look at the website address for a common misspelling of the company name or a character or symbol before or after the company name.
- A secure page address starts with "https://" - the letter "s" must be included or it’s not secure.
- Always heed browser warnings, especially when they advise that the site or certificate cannot be trusted.
8. Misspellings and bad grammar:
While no one is perfect, fake emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes like these help fraudsters avoid spam filters, but you should recognize them as red flags.