3 must-have apps for real estate agents who crave better cyber security

3 must-have apps for real estate agents who crave better cyber security

The threat cyber criminals pose to real estate agents – and specifically their inboxes – has come up in a lot of recent conversations within the real estate and title insurance world lately. Wire fraud scams have cost the industry millions, if not billions, over the past decade or so.

At Federal Title, we’ve received several phony emails supposedly from real estate agents, asking us to wire funds to a particular account. We’ve read about these scams happening in other parts of the country as well.

Our staff is trained to spot these fake emails. We also make phone calls to agents, lenders, buyers and sellers to ensure the funds are going where they are supposed to go because we take our clients' privacy and security very seriously.

But in the interest of cyber security for all, we can recommend a few apps that we think are essential for better inbox protection. These services are free to use and go a long way toward protecting sensitive information, such as the kind that is exchanged throughout the homebuying process.

ProtonMail

First and foremost, make sure you’re sending sensitive information through encrypted email. Most email by default is transmitted in the clear or encrypted after it is sent to the email provider’s server, which means it’s possible for emails to be intercepted. Sending emails over free and public WiFi networks, such as in a coffee shop, makes the contents of one’s emails particularly vulnerable.

When it comes to buying or selling homes, it’s necessary to report personal information such as social security numbers, salary history, alimony payments, wage garnishments, etc. Your real estate agent and lender as well as third parties like the title company are legally required to maintain confidentiality, but a rogue party like a cyber-criminal is not.

ProtonMail, a free and open-source end-to-end encrypted email service that was originally created for researchers at the European Organization for Nuclear Research (also known as CERN in Switzerland) offers a more secure solution. Available as a webmail client or via the iOS / Android app, ProtonMail allows the user to encrypt email contents and data before they are sent to the ProtonMail servers.

With the click of a button, a user can enable to the encryption feature on ProtonMail and set a password, which is then sent separately to the intended recipient(s). Without the password, the contents of the email would present as a series of jumbled characters rendering the email useless to a cyber-criminal.

Another cool feature of ProtonMail is that it allows the user to set an expiration time for the message so that the contents of the email become inaccessible after the pre-determined number of minutes, hours or days, whether someone has the correct password or not.

LastPass

Most IT professionals will usually advise their clients to create a unique password that contains upper- and lowercase letters, a number and a character. The password should also be double-digits in length – and it can’t be used for any other accounts! To make passwords even more interesting, some companies require their employees to change passwords every month or quarter – and it can’t be one that’s been used in the past six months!

Who has time to remember so many random sequences of letters, numbers and characters? It’s really no wonder that so many of us will still default to easy-to-remember phrases such as “Password123!” or passwords that can easily be socially engineered such as kids’ or spouse's names, or mother’s maiden name.

That’s where a password manager service like LastPass comes in quite handy. Essentially, it’s a digital lock box that protects all your unique passwords. With a service like LastPass, all you have to do is remember one difficult password. LastPass will automatically remember and fill in login credentials for every site in your lock box.

LastPass is certainly not the only password manager on the market, but it happens to be the service we like. Skeptics out there may be wondering what happens if a user’s LastPass master-password is cracked, or if a security breach occurs that compromises hundreds of passwords such as the security breach of LastPass in 2015?

That’s where two-factor authentication can really save the day.

Google Authenticator

We’ve talked about two-factor authentication before, a second layer of security that user must clear to gain access to an account. A user must configure two-factor authentication with an external device, usually a smart phone or a thumb drive. We like Google’s free Authenticator app.

Services like ProtonMail and LastPass both offer the option to configure the account with two-factor authentication, and we highly recommend our clients take that extra precaution to protect their encrypted email account and password manager service. (After all, if a cybercriminal gained access to either of those services, it would undermine the whole purpose of this post and likely cause all kinds of hassle.)

When two-factor authentication is enabled, upon logging in a user will either receive a text message containing a six-digit code to unlock the account or be prompted to enter a 6-digit code from her authenticator app. In either case, the code is randomly generated and changes every 30 seconds making it virtually impossible to crack with a brute force attack.

Many social platforms offer some version of two-factor authentication including Facebook, Twitter, LinkedIn, Gmail and Yahoo! Mail. For independent contractors who use TurboTax or Mint to manage their finances, Intuit also offers a two-factor authentication option for their suite of services.

What is two-factor authentication, and why is it important for your real estate business?

We’ve noticed an uptick in agent email addresses that have been compromised by cyber criminals with the intent of defrauding home buyers, sellers and title companies – and most agents are totally unaware when we tell them.

The emails we’ve received of late are generally inquiries about wire transfers of seller proceeds. The sender is hoping the recipient (in this particular scam, title companies) will fall for a request to wire funds to their “client’s” account. If the victim is duped and sends funds, the fraudsters will quickly clear the account making it virtually impossible to recover the funds.

Reports of wire fraud scams have come in from all over the country and have cost the industry millions, if not billions, of dollars over the past several years.

These emails inquiring about wire transfers don’t come from the agent’s legitimate email account either, which is why the agent is often unaware any cyber hacking has occurred. Instead, the emails come from phony email accounts that look almost identical to the agent’s legit email account that was hacked – perhaps an extra letter, hyphen or dash is the only difference.

By the time the title company receives one of these phony email inquiries, the real estate agent’s legitimate email account has already been compromised along with all the contents of the inbox. Information pertaining to upcoming closings, specific property addresses, names and email addresses of other parties in the transaction are all used to bait the wire-fraud trap.

Needless to say real estate professionals must do all they can to protect their inboxes and the interests of their buyers and sellers, and email accounts have proved a particularly vulnerable area for attack. That’s where 2-factor authentication comes in handy.

What is two-factor authentication?

Pretty much like it sounds, two-factor authentication creates a second layer of security that a user must clear to gain access to the account. A classic example is the ATM card. To take money out, the individual must know their pin code (password) AND be in possession of the bank card that’s linked with the account that matches their pin. Having one or the other is not enough.

Two-factor authentication works very similarly with email, and many major email providers such as Gmail and Yahoo! Mail offer the option. To configure, a user goes to account settings, ticks the box to enable two-factor authentication and enters her mobile phone number. There’s an option to receive a verification code by phone or text. Enter the verification code to configure two-factor authentication with that mobile device.

From then on, any time the user logs into her account she must also enter a unique code to gain entry. It might seem like a hassle, but it increases email security significantly.

Even if an individual’s username and password are compromised – maybe they accidentally downloaded malware from a spam email or used public, unsecured WiFi to access their email – the criminals cannot gain access unless they also possess the specific mobile device that was configured with the email account.

The two most common two-factor authentication methods rely on text messages and/or mobile applications to produce the code.

With text message, a user logs into her email account with username and password and then receives a text message on her phone that contains the unique six-digit code. Once she successfully enters the code at the email login, she unlocks the second layer of security and gains access to her account.

A second method is similar to the SMS approach but instead relies on a free smart phone app, such as Authenticator by Google, which produces a new six-digit code every 30 seconds. A user logs into her email account with username and password and then opens the app to obtain the unique six-digit that unlocks the account.

With both methods, the user must have knowledge of their username / password AND possess a specific device that’s configured with the email account. Knowledge of the username / password makes one factor, and possession of a specific device makes two factors.

A better way to deliver EMDs

Delivery of earnest money deposit checks is about to become incredibly easy and more secure than ever.

We are excited to share with you the benefits of our new partnership with ZOCCAM, a revolutionary service that lets real estate agents and homebuyers send their EMDs directly to Federal Title's escrow account – with just a few taps on their smart phone.

Simply take a picture of the front and back of your EMD check, select Federal Title's escrow account, confirm the information on your check and hit send.

You and the homebuyer will immediately receive email notification that the EMD was received, plus you’ll have saved yourselves the time and hassle of driving a check across town.

ZOCCAM doesn’t contain or hold any financial account information, and all content is encrypted and sent using state-of-the-art security techniques that ensure every client’s non-public personal information is protected.

We're in the final stages of building our partnership with ZOCCAM and believe it’s only a matter of time before this superior method of delivering EMDs becomes standard practice in our business.

We look forward to providing this great benefit to all real estate agents and homebuyers very soon and will keep everyone posted when the service goes live.

Close It!™ House of the Week: Fabulous location, condo in Dupont Circle

This week we’re strolling over to Dupont Circle to check out a unique and appealing condo on the penthouse level of a boutique building. List price is $449,000.

This updated 1BR / 1BA unit features modern wood cabinets, high-end appliances and loads of closet space. The community is a hidden gem with a residential entrance tucked away on quiet Corcoran Street, NW. The new owner of this home will also enjoy sunny western exposures and a fabulous location that’s steps away from shopping, restaurants, culture and nightlife.

Assuming a homebuyer puts down 20 percent on a conventional loan, her cash to close number will be approximately $104,020.86. Monthly payments will then be around $2,296.99 including the HOA fee. For a complete picture of the cash to close, including the seller’s side of a transaction like this, try the Web version of Close It™ or download the free Close It™ iOS app.

Close It™ House of the Week: Light-filled historic row house in Mount Pleasant

This week we’re heading into the white-hot Mount Pleasant neighborhood to check out a light-filled historic row house that dates back to the 1920s. With original hardwood floors, coffered ceilings and transom windows, it’s filled with original character. List price is $899,000.

Possibly the best feature of this 3BR / 3BA abode is the enclosed reach porches that have created a sunny and tranquil family room as well as second-floor solarium den space that overlooks a rear garden. The first-floor enclosed porch also opens onto an outdoor deck.

Assuming a homebuyer puts down 20 percent on a conventional loan, her cash to close number will be approximately $203,985.12. Monthly payments will then be around $3,843.24. For a complete picture of the cash to close, including the seller’s side of a transaction like this, try the Web version of Close It™ or download the free Close It™ iOS app.

  • Ways to save at closing

    Title charges are the largest chunk of closing costs and can vary by hundreds of dollars.

    Learn more

  • What are closing costs?

    The real estate closing process involves loan steps, legal steps and title steps.

    Learn more

  • What's title insurance?

    Insure your legal ownership just like you'd insure the building, but for lots cheaper.

    Learn more

Connect with us


Our blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. Rate tables and figures that appear on our blog are deemed reliable but not guaranteed. For current rates & policies, refer to our Quick Quote and Consumer Guide. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on our blog.