In memory of Bonnie

The Federal Title family is deeply saddened after learning of the loss of our dear friend Bonnie Lewin. All of us wish to extend our heartfelt sympathies to Bonnie’s family and her many friends. We will remember her as someone of great character and a devoted advocate of those she served.

How can real estate agents protect against Internet security threats?

Thanks to the Internet, small businesses are better able to compete with their bigger competitors. Most boutique real estate agencies are hip to the importance and value of maintaining a website with an active blog and social network, as are top-producing agents in many of the big brokerages.

A solid Web marketing strategy can be a boon to business of any size, but it can also make a business more vulnerable to cyber attacks if proper precautions are not taken. Two recent security breach incidents – the Heartbleed bug and Internet Explorer security flaw – have prompted me to take a closer look at security for Federal Title's website.

Real estate agents out there who manage their own websites and social networks, may want to do the same. This post highlights a few of the issues I've been dealing with.

What is Heartbleed?

This story broke during the second week of April. For a bit of background, read "Why Heartbleed is the Ultimate Web Nightmare," a nice article from Mashable that explains what's at the crux of the matter: OpenSSL.

In short, OpenSSL makes it possible to send private information between two computers by encrypting the message. It's like passing a note in a cryptex from The Da Vinci Code. Only those with the key can unlock it.

For example, let's say you want to log into Facebook. You enter your private password and press enter. The password is then encrypted as the data is sent to the server at Facebook, where the private information is unlocked so you can log in safely. It's the same thing for making purchases on Amazon or sending email through Google.

Heartbleed is a flaw in OpenSSL that makes it possible for someone else to gain access to that secret, private information by intercepting the key, which is especially bad because about 66% of the Web uses OpenSSL to send encrypted messages.

What's most interesting (and scary) about Heartbleed is that it went undetected for two years, so there's no telling how many people knew about the flaw – and how many bad guys exploited the flaw.

A patch was introduced to eradicate the threat, but as precaution you should change your passwords if you have not done so already. Here is a comprehensive list of Heartbleed-affected websites that advise you to change your password. Among those listed are Facebook, Google, Amazon, GoDaddy, YouTube, Instagram, Wordpress, Dropbox and more.

Why are you still using Internet Explorer?

I've been telling our office for years that IE is the worst. Anyone who develops and/or maintains websites, including our own IT vendors, tends to agree with me. (Read "Why do so many geeks hate Internet Explorer?")

Microsoft's browser is buggy. It doesn't adhere to Web standards – much to the chagrin of developers – which is why websites look great in every other browser and require special code fixes to render properly in IE. And as a news story that broke over the weekend illustrates, Internet Explorer remains susceptible to security breaches.

In case you missed it, IE versions 6 through 11 are affected and users running the no-longer-supported Windows XP are particularly vulnerable because there will be no security patch for them.

The flaw has the federal government on high alert because the bug could potentially give data thieves using a network computer the same level of access as a legit user, and at least 10 percent of federal government computers are running in this vulnerable configuration.

The best way to protect yourself and your business from IE security breaches is to stop using IE!

What is a brute force attack?

"How I became a password cracker" is a pretty interesting blog post from a guy who had never cracked a password before his "experiment" but was able to crack 8,000 passwords in one day. It sheds light on the technical side of how brute force attacks work.

In a brute force attack the hacker typically uses a software tool called a password cracker, which enters usernames and passwords over and over again until it gains access. (This is why you're not supposed to use passwords like "123456," and why it's best to avoid usernames like "admin.")

This threat hit particularly close to home for me a few weeks ago when I received a call from my Web host alerting me to a high number of login attempts – the call sign of a brute force attack. Our content and website were safe because the username and password were strong, but the incident led me to install additional security features on our site.

All websites with login forms are susceptible to brute force attacks, including Wordpress used by many real estate agents. Wordpress is a popular content management system and therefore a common target. Another popular target is the content management system Joomla, which is what I use to run our website.

Both the Wordpress and Joomla communities have developed several methods for preventing brute force attacks beyond the basics of creating a unique username and complicated password. Many of the solutions are free and easy to install so there's really no reason not to install login protection to your website.

5 safety tips for real estate agents

A female real estate agent who was preparing to show a vacant property in New Carrollton, MD was robbed on Monday, according to news reports. It appears the attacker took her purse and some personal items, but the woman will be O.K.

While rare, attacks on real estate agents do happen from time to time and (sadly) women in particular are vulnerable. In light of this recent event, I thought it'd be good to explore the topic and offer some safety tips for real estate agents.

Stranger danger! Verify customer information

In addition to getting your new client's full name and phone number, find out what where he works. Ask for an email address. Ask for multiple telephone numbers. Google is your best friend. While some might consider it creepy to Google an individual before a first date, it's totally acceptable to Google a potential client in the name of personal safety. What's more, you might learn a thing or two about your new client that you can use to help him find the perfect property.

Use the buddy system. Tell someone in your office where you're going

If you're out in the field, let people know. Ideally you shouldn't host public open houses or show vacant property alone. Bring a friend. But since that isn't always practical, at minimum it's a good idea to tell a co-worker and perhaps a personal contact, too, where you're going to be and when you expect to return.

Have new clients meet you in your office or another public place whenever possible. In those situations where you must meet a new client one-on-one, remember Google is your friend. (See the first tip.)

Carry your cell phone and keep it in your hands

Since you've already told your buddy that you will be showing houses or meeting a new client, why not pre-program that contact into your phone in case you need to make a quick call? Bonus points for downloading one of those personal safety apps. Some basic personal safety apps are free while fancier ones cost money. Of course, your phone will be useless in a pocket or purse, so keep it in your hands as much as you can. In the event you have to send a distress call, you can make it quickly and then throw your phone at the perp's face (just kidding).

Familiarize yourself with your surroundings

Take a drive around the neighborhood and keep an eye out for safety concerns. Do a quick Internet search before you go to look up crime reports and other information about the neighborhood. At the property, survey the exits and make sure you're able to get out easily in the event you have to make a quick escape.

Likewise, if you're in a property with your client, make sure you know where he is. Keep your client in sight, ideally in front of you and at a safe distance. Let him enter a room first while you linger by the doorway. You don't have to be weird or obvious about it, but keep your guard up. One of the best ways to avoid a compromising situation is to not allow yourself to get into a vulnerable position where a would-be attacker can take advantage.

Trust your gut

If something doesn't feel right, get out of there. Or don't meet the client one-on-one. It's that simple. Don't discount the lessons taught to us in kindergarten about stranger danger and the buddy system. Take extra steps to ensure your personal safety.

While it's unfortunate to hear about what happened with the female agent at the vacant house in New Carrollton, hopefully her experience will remind others of the inherent dangers of working with the public as a real estate agent. Stay safe out there!

Avoid the DC recapture tax 'surprise'

If you are an agent listing a property for a decedent’s estate/personal representative in DC, help your client and the prospective purchaser avoid a potential big surprise – the real property recapture tax.

DC Office of Tax and Revenue has recently been imposing a recapture tax against properties that were receiving senior citizen tax relief but ineligible due to the property owner’s death – i.e., a change in eligibility.

That is, upon the death of the owner, the personal representative for the estate would be responsible for notifying DC, within 30 days, that the property is no longer eligible for the benefit.

Since it’s unlikely the personal representative is aware of this requirement, the property continues to unjustly receive the benefit until such time as the property is sold.

Once the property is conveyed, DCOTR is notified by DCROD of the change in status and retroactively applies the proper tax status from the date of death through the date of conveyance. This often results in a hefty recapture tax amount then applied against the real property tax account.

As the settlement company, we are being proactive in our efforts to notify DC prior to closing and obtain the recapture tax amount such that it can be handled prior to or at the time of closing.

In some cases, due to timing, this is not possible and the purchasers are left with a recapture tax incurred by the decedent’s estate.

We advise all agents listing a property for a decedent’s estate to be aware of this issue, check the tax status to determine whether it is unjustly receiving the senior citizen tax relief benefit, and make the personal representative aware of the requirement to notify DC of the status change and be prepared to pay a recapture tax.

Split closings are (almost) never a good idea

The other day I handled a split closing – the buyer used Federal Title & Escrow Company and the seller used another title company – and things did not go so smoothly.

A closing already has many different parties involved: buyers, sellers, buyer’s agent, seller’s agent, loan officer.

But two title companies?

For a closing in the DC metro area, it just doesn’t make sense to complicate the transaction further by adding a superfluous second company.

Superfluous? Yes, that’s right, because the "seller’s title company" is going to perform the exact same tasks that the "buyer’s title company" would have performed, and almost certainly at a higher cost.

Since the "buyer’s title company" is responsible for sending out the payoff and issuing the title insurance, and consequently responsible for either releasing the mortgage lien on the property or following up to make sure it is released, most of the main functions will be handled by the buyer’s title company.

Really, all the seller’s title company will do is order a payoff (maybe), prepare the deed (maybe), and handle the closing for the seller, which is typically ten pages or less.

Despite having such a small role, the seller’s title company charges higher fees. They have to; they are handling virtually no major functions and are not issuing the title insurance and the only way to make it worth the title company’s time is to charge the seller a significant fee.

Here is a look at the closing fees from the last three closings in our office for which the seller chose to use another title company:

Closing Date Seller's Closing Fees if Seller Used FTE Seller's Closing Fees Since They Chose Another Title Company Additional Cost by Choosing to "Split" the Closing
March 2014 $435 $705 + $270
February 2014 $435 $675 + $240
January 2014 $435 $770 + $335

So if the seller is paying so much more, it must mean that the seller is being provided with better service, right? Wrong.

By adding a second title company you now have your classic "too many cooks in the kitchen" scenario.
Only one of the three closings above went smoothly, the other two had issues. Think about it, when has hiring more lawyers made for a smoother transaction?

So if it costs more to split the closing, and the service is not better (and often worse), why do people do it?

Well, most of the time, sellers don’t realize how much more it is costing them. That is why I strongly urge sellers to obtain quotes and make sure that it makes sense. 

We've posted a seller's fee schedule on our website. Unfortunately, since most title companies do not post their fees, you will have to call or email them – and shouldn’t the lack of transparency make you suspicious?

  • Ways to save at closing

    Title charges are the largest chunk of closing costs and can vary by hundreds of dollars.

    Learn more

  • What are closing costs?

    The real estate closing process involves loan steps, legal steps and title steps.

    Learn more

  • What's title insurance?

    Insure your legal ownership just like you'd insure the building, but for lots cheaper.

    Learn more

Connect with us


Our blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. Rate tables and figures that appear on our blog are deemed reliable but not guaranteed. For current rates & policies, refer to our Quick Quote and Consumer Guide. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on our blog.