How can real estate agents protect against Internet security threats?

Thanks to the Internet, small businesses are better able to compete with their bigger competitors. Most boutique real estate agencies are hip to the importance and value of maintaining a website with an active blog and social network, as are top-producing agents in many of the big brokerages.

A solid Web marketing strategy can be a boon to business of any size, but it can also make a business more vulnerable to cyber attacks if proper precautions are not taken. Two recent security breach incidents – the Heartbleed bug and Internet Explorer security flaw – have prompted me to take a closer look at security for Federal Title's website.

Real estate agents out there who manage their own websites and social networks, may want to do the same. This post highlights a few of the issues I've been dealing with.

What is Heartbleed?

This story broke during the second week of April. For a bit of background, read "Why Heartbleed is the Ultimate Web Nightmare," a nice article from Mashable that explains what's at the crux of the matter: OpenSSL.

In short, OpenSSL makes it possible to send private information between two computers by encrypting the message. It's like passing a note in a cryptex from The Da Vinci Code. Only those with the key can unlock it.

For example, let's say you want to log into Facebook. You enter your private password and press enter. The password is then encrypted as the data is sent to the server at Facebook, where the private information is unlocked so you can log in safely. It's the same thing for making purchases on Amazon or sending email through Google.

Heartbleed is a flaw in OpenSSL that makes it possible for someone else to gain access to that secret, private information by intercepting the key, which is especially bad because about 66% of the Web uses OpenSSL to send encrypted messages.

What's most interesting (and scary) about Heartbleed is that it went undetected for two years, so there's no telling how many people knew about the flaw – and how many bad guys exploited the flaw.

A patch was introduced to eradicate the threat, but as precaution you should change your passwords if you have not done so already. Here is a comprehensive list of Heartbleed-affected websites that advise you to change your password. Among those listed are Facebook, Google, Amazon, GoDaddy, YouTube, Instagram, Wordpress, Dropbox and more.

Why are you still using Internet Explorer?

I've been telling our office for years that IE is the worst. Anyone who develops and/or maintains websites, including our own IT vendors, tends to agree with me. (Read "Why do so many geeks hate Internet Explorer?")

Microsoft's browser is buggy. It doesn't adhere to Web standards – much to the chagrin of developers – which is why websites look great in every other browser and require special code fixes to render properly in IE. And as a news story that broke over the weekend illustrates, Internet Explorer remains susceptible to security breaches.

In case you missed it, IE versions 6 through 11 are affected and users running the no-longer-supported Windows XP are particularly vulnerable because there will be no security patch for them.

The flaw has the federal government on high alert because the bug could potentially give data thieves using a network computer the same level of access as a legit user, and at least 10 percent of federal government computers are running in this vulnerable configuration.

The best way to protect yourself and your business from IE security breaches is to stop using IE!

What is a brute force attack?

"How I became a password cracker" is a pretty interesting blog post from a guy who had never cracked a password before his "experiment" but was able to crack 8,000 passwords in one day. It sheds light on the technical side of how brute force attacks work.

In a brute force attack the hacker typically uses a software tool called a password cracker, which enters usernames and passwords over and over again until it gains access. (This is why you're not supposed to use passwords like "123456," and why it's best to avoid usernames like "admin.")

This threat hit particularly close to home for me a few weeks ago when I received a call from my Web host alerting me to a high number of login attempts – the call sign of a brute force attack. Our content and website were safe because the username and password were strong, but the incident led me to install additional security features on our site.

All websites with login forms are susceptible to brute force attacks, including Wordpress used by many real estate agents. Wordpress is a popular content management system and therefore a common target. Another popular target is the content management system Joomla, which is what I use to run our website.

Both the Wordpress and Joomla communities have developed several methods for preventing brute force attacks beyond the basics of creating a unique username and complicated password. Many of the solutions are free and easy to install so there's really no reason not to install login protection to your website.

5 safety tips for real estate agents

A female real estate agent who was preparing to show a vacant property in New Carrollton, MD was robbed on Monday, according to news reports. It appears the attacker took her purse and some personal items, but the woman will be O.K.

While rare, attacks on real estate agents do happen from time to time and (sadly) women in particular are vulnerable. In light of this recent event, I thought it'd be good to explore the topic and offer some safety tips for real estate agents.

Stranger danger! Verify customer information

In addition to getting your new client's full name and phone number, find out what where he works. Ask for an email address. Ask for multiple telephone numbers. Google is your best friend. While some might consider it creepy to Google an individual before a first date, it's totally acceptable to Google a potential client in the name of personal safety. What's more, you might learn a thing or two about your new client that you can use to help him find the perfect property.

Use the buddy system. Tell someone in your office where you're going

If you're out in the field, let people know. Ideally you shouldn't host public open houses or show vacant property alone. Bring a friend. But since that isn't always practical, at minimum it's a good idea to tell a co-worker and perhaps a personal contact, too, where you're going to be and when you expect to return.

Have new clients meet you in your office or another public place whenever possible. In those situations where you must meet a new client one-on-one, remember Google is your friend. (See the first tip.)

Carry your cell phone and keep it in your hands

Since you've already told your buddy that you will be showing houses or meeting a new client, why not pre-program that contact into your phone in case you need to make a quick call? Bonus points for downloading one of those personal safety apps. Some basic personal safety apps are free while fancier ones cost money. Of course, your phone will be useless in a pocket or purse, so keep it in your hands as much as you can. In the event you have to send a distress call, you can make it quickly and then throw your phone at the perp's face (just kidding).

Familiarize yourself with your surroundings

Take a drive around the neighborhood and keep an eye out for safety concerns. Do a quick Internet search before you go to look up crime reports and other information about the neighborhood. At the property, survey the exits and make sure you're able to get out easily in the event you have to make a quick escape.

Likewise, if you're in a property with your client, make sure you know where he is. Keep your client in sight, ideally in front of you and at a safe distance. Let him enter a room first while you linger by the doorway. You don't have to be weird or obvious about it, but keep your guard up. One of the best ways to avoid a compromising situation is to not allow yourself to get into a vulnerable position where a would-be attacker can take advantage.

Trust your gut

If something doesn't feel right, get out of there. Or don't meet the client one-on-one. It's that simple. Don't discount the lessons taught to us in kindergarten about stranger danger and the buddy system. Take extra steps to ensure your personal safety.

While it's unfortunate to hear about what happened with the female agent at the vacant house in New Carrollton, hopefully her experience will remind others of the inherent dangers of working with the public as a real estate agent. Stay safe out there!

Avoid the DC recapture tax 'surprise'

If you are an agent listing a property for a decedent’s estate/personal representative in DC, help your client and the prospective purchaser avoid a potential big surprise – the real property recapture tax.

DC Office of Tax and Revenue has recently been imposing a recapture tax against properties that were receiving senior citizen tax relief but ineligible due to the property owner’s death – i.e., a change in eligibility.

That is, upon the death of the owner, the personal representative for the estate would be responsible for notifying DC, within 30 days, that the property is no longer eligible for the benefit.

Since it’s unlikely the personal representative is aware of this requirement, the property continues to unjustly receive the benefit until such time as the property is sold.

Once the property is conveyed, DCOTR is notified by DCROD of the change in status and retroactively applies the proper tax status from the date of death through the date of conveyance. This often results in a hefty recapture tax amount then applied against the real property tax account.

As the settlement company, we are being proactive in our efforts to notify DC prior to closing and obtain the recapture tax amount such that it can be handled prior to or at the time of closing.

In some cases, due to timing, this is not possible and the purchasers are left with a recapture tax incurred by the decedent’s estate.

We advise all agents listing a property for a decedent’s estate to be aware of this issue, check the tax status to determine whether it is unjustly receiving the senior citizen tax relief benefit, and make the personal representative aware of the requirement to notify DC of the status change and be prepared to pay a recapture tax.

New Maryland bill to limit cost of condo resale package

Maryland law requires the seller to provide specific information pertaining to the resale of property within a Homeowner’s Association (HOA) or a property designated under a condominium regime.

Typically, this information is produced by the management for the HOA or condominium, and the HOA or condominium charges the seller a fee for the production and delivery of the information.

It is the belief of some Maryland legislators that the fees being charged are excessive and, as such, these legislators are seeking to limit the amount that may be charged.

Before the Maryland legislature are bills S229/HB412, which would limit the fee a condominium council of unit owners or HOA may charge an owner (seller) for providing this legally required information to a prospective homebuyer.

The current law calls for a "reasonable fee," but it is left undefined so many organizations have simply been using the requirement as a way to profit – charging upwards of $400 to $500.

There's currently a proposal to limit the fee to $50. Hearings on the legislation continue and we will keep you apprised of the final bill.

UPDATE: The Senate passed SB 229.  They amended HOA’s out of the bill, thus making it applicable only to Condo Associations; and they upped the fee that could be charged from $50 to $100.  The House Committee then amended the bill further, but the Senate committee refused to concur with those amendments and so the bill died when the clock ran out at midnight.

Scheduling a settlement date is a contractual obligation for homebuyers

An often overlooked provision in paragraph #6 of the GCAAR Regional Sales Contract provides that the "Purchaser agrees to contact the Settlement Agent within 10 Days after the Date of Ratification to schedule Settlement and to arrange for ordering the title exam and, if required, a survey."

Homebuyers and their agents should pay particular attention to this requirement.

Recently our office was notified that a seller had declared the purchaser in breach of contract due to purchaser's failure to schedule settlement within 10 days from the date of ratification.

While the purchaser had ordered a title exam with our office, neither he nor his agent had scheduled the settlement date.

Through email notification, Federal Title reminds homebuyers and their agents to schedule the closing with our office within this time period. Unfortunately, in this particular instance, our notifications were ignored.

  • Ways to save at closing

    Title charges are the largest chunk of closing costs and can vary by hundreds of dollars.

    Learn more

  • What are closing costs?

    The real estate closing process involves loan steps, legal steps and title steps.

    Learn more

  • What's title insurance?

    Insure your legal ownership just like you'd insure the building, but for lots cheaper.

    Learn more

Connect with us


Our blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. Rate tables and figures that appear on our blog are deemed reliable but not guaranteed. For current rates & policies, refer to our Quick Quote and Consumer Guide. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on our blog.