Lost in transmission: Cyberthieves hack real estate agents’ emails, divert funds

Listen to this article

Realtor Linda Hoverman O’Neal was riding high on a busy selling season in March, when she emailed a PDF of a signed contract on a $680,000 Tega Cay waterfront property to the lender, closing coordinator, and seller’s agent.   

It was a treasure trove of information, O’Neal said, detailing the amount of down payment, closing date, email addresses, and names.

Little did she know that her email account had been hacked and that, but for a fortunate intersection of timing and luck, the buyer would have lost more than a quarter of a million dollars.

For the last several years, hackers have been breaking into agents’ email accounts and scooping up data on upcoming sales. Then, when the timing is right, they electronically pose as the agent or closing attorney and send a legitimate-looking email to the homebuyer with last-minute instructions on where to wire closing funds.

Of course, the money goes to a bogus account that is often overseas.

Many homebuyers have already been victimized. Reported cases range from a Lehman Brothers executive who unwittingly wired hackers a $2 million down payment on a $20 million New York apartment to a Rhode Island couple who lost $13,000 in earnest money.

“It’s a crime syndicate of massive proportions,” said Jessica Edgerton, associate counsel with the National Association of Realtors. “Everybody is struggling to get their heads around this. It’s the Wild West, and these guys have the reins.”

Scams increasing

Edgerton said she first heard about the scam in 2013, but that a “major push” in 2015 brought the problem to a whole new scale.

“This is life-ruining for buyers,” Edgerton said, adding that she hears of multiple cases each month. The reverberations are massive she said, with commissions and reputations lost as well.

O’Neal, with Re/Max Metro Realty in south Charlotte, thinks her computer was hacked sometime in February, when she got an email from a purported first-time homebuyer saying that he had been preapproved for a loan. O’Neal clicked the attachment, but nothing opened.

She didn’t know it then, but that simple action was capable of infecting her computer with a virus that allowed hackers to monitor each of her keystrokes.

“Now they had my login and password,” O’Neal said.

Soon, they’d have much more — the signed contract on the Tega Cay house that she emailed in early March.

The swindlers lay in wait until March 15, when they first posed as O’Neal and sent an email to the buyer from O’Neal’s AOL account.

“We need to start getting everything ready to close soon, also I suppose you have made plan for the closing funds that’s due from buyer?  Please let me know so I keep other party informed. I await your reply.”

They sent a more demanding email the following day. It instructed the buyer, who was putting down $257,000, to wire between $50,000 and $150,000 in consecutive payments to a soon-to-be-revealed routing number. Subsequent installments should come gradually, the message said, “until the complete amount for closing is available in the account.”

The buyer, a 74-year-old retired senior technology manager at Wells Fargo who wished to remain unidentified for fear of being targeted again, told The Mecklenburg Times that the email’s contents made him suspicious.

He chalked the grammar errors up to fast typing in an age of instant communication.

Still, the requests for money so early in the closing process “seemed abnormal,” he said.

So, he emailed O’Neal.

“Is this you?” he asked.

The hackers intercepted the message, forwarding it to a junk folder O’Neal didn’t create, and responded in the affirmative.

But he didn’t take the bait, replying to the email that he preferred to wait.

Timing and luck

The con artists bided their time for another six weeks, waiting until the day before the scheduled closing to email the buyer.

“I have provided the wire instruction you need. Therefore you can go-ahead and send the wire out today to the wire instruction provided below….Thanks, Linda”

He did just that, sending more than a quarter of a million dollars to a Wells Fargo account in Texas that was opened in the name of a child.

When he returned home from the bank, another email awaited. It was instructions from the closing attorney on where to wire the funds to purchase the house.

“Oh, !#%$, we’ve been scammed!” the buyer said to his wife.

He raced to the bank and met O’Neal, and the two worked to recall the wire transfer. Fortunately, the buyer hadn’t followed the scammers’ request to notify them immediately of the remittance.

“They didn’t know the money had been wired,” he said. ”Otherwise, it would have been long gone. We would have lost half of our retirement savings.”

The bank froze the funds for several days as its fraud department sorted out the situation. They were returned in time for a delayed closing.

O’Neal said the experience was the worst she has faced in her 31 years as a real estate agent.

“Intuition has protected me over the years” in avoiding potential scams, she said. “”But this took me by complete surprise.”

O’Neal said the Federal Bureau of Investigation is working on the case. The FBI declined comment.

Attorneys alerted

N.C. State Bar Trust Account Compliance Counsel Peter Bolac recently issued a fraud alert to attorneys after receiving several reports of similar activity. In one case, the law firm had a two-level authentication process in place, but the hackers called the firm to confirm the wiring instructions as was required.

Bolac said he’s seen at least 10 such cases over the last year. But, he said, he wouldn’t be surprised if there were attempts on a daily basis.

“It’s a game of numbers,” he said. “All the scammers need is a couple of hits and they can get hundreds of thousands of dollars.”

He said lawyers have a professional responsibility to replace funds in trust accounts that have been stolen by hackers if they don’t take reasonable security measures that could have prevented the theft.

Neither Edgerton of the National Association of Realtors nor Bolac can identify the perpetrators, who are thought to be international as many of the fake wiring addresses are outside the United States.

Edgerton said tracking down cybercriminals is exceedingly difficult, but she has heard of a “few big busts” in Eastern Europe and Russia.

“Overall, once it happens, the money is gone and the criminals are gone like ghosts,” she said. “It’s very creepy and very hard to track.”

Janet Thoren, legal counsel at the N.C. Real Estate Commission, said she hasn’t heard of any cases where hacked real estate agents have been held liable for a client’s losses. The same goes for Bolac and Edgerton.

But, Edgerton said, the situation may change.

“There will be lawsuits,” she said. “There are legal vulnerabilities.”

In Guilford County a listing agent was named, among others, in a suit brought by a seller who didn’t receive transaction proceeds after the law firm handling the closing mistakenly forwarded the funds to scammers.

That case was settled, said Bill Gifford, attorney for the listing agent at Martin & Gifford PLLC in Winston-Salem. Financial terms were confidential.

O’Neal’s not taking any chances. She’s invested $1,000 in safety features on her computer, and her firm will add a fraud prevention rider onto its errors and omissions insurance policy.

She suggests that information on how funds are to be transferred be included in sales contracts.

Her best advice, she said, is prevention. She said she wishes she and her client had spoken more regularly instead of relying on emails.

“Do things the old fashioned way,” she said. “Go back to conversation. No one can steal that.”

 ** Special Subscription Offer**
$7.99 month or $25 VISA Gift Card