The Housing Scene by Lew Sichelman

Is Your Data Hackable?

Would-be homebuyers and sellers may want to think twice about working with a real estate office where papers are strewn about and computers are left on for anyone to use at will.

Those are pretty good signs that the brokerage firm isn't careful enough with clients' personal information and is just begging to be hacked.

There are only a few cases in which data thieves have hacked real estate firms, according to the National Association of Realtors (NAR). But with the giant targets getting better and better at blocking hackers, the cybercrime experts believe that smaller companies like realty offices are next in line.

"What makes headlines are the larger data breaches," says NAR senior policy representative Melanie Wyne, part of the government affairs staff for the 1.1 million-member group. "But the trend now is smaller businesses. That's where the hackers are headed now."

Wyne, and others who participated in a risk-management and license law forum at NAR's annual conference last month, are worried that real estate outfits are not taking the necessary precautions to protect not just the identity of their buyers and sellers, but also their clients' specific financial information.

If companies aren't as diligent as they should be, Wyne says, they could be "the low-hanging fruit" easily picked off by hackers.

"If you are on the Internet, you can never be fully secure," warns Darity Wesley of the Lotus Law Center in La Mesa, California. "Data theft can impact your entire life. A lot of damage can be done," says the self-proclaimed "privacy diva."

Wesley says hackers "have become like artists; they're that good. They're very professional people. And I'm comfortable enough to call what they do organized crime."

Hackers are not just interested in swiping your bank account numbers, your Social Security number, credit card numbers and even your email addresses. They're also sophisticated enough to watch your emails to learn when you are about to close on your home purchase, then swoop in to snatch your settlement money.

The scam works something like this, according to Jessica Edgerton, associate counsel for NAR: Hackers observe your email traffic to figure out when closing is approaching. Then, they write to you and tell you to wire the closing costs to them.

Posing as your agent, or perhaps someone from the title company, it all looks official -- but it's not. And you money winds up somewhere offshore, says Linda Page of Fraleigh and Rakow Realty in Rhinebeck, New York. Page is a former chair of NAR's professional standards committee.

Wyne knows of one case where an unsuspecting buyer lost $30,000 to such a scheme. And she recalls another where a buyer decided at the last minute to stop her $100,000 wire transfer. Had she not, the NAR attorney says, the money would have been "on its way to Russia."

Edgerton says in recent months, her members are reporting an increase in this wire scam, so much so that she now advises agents to warn their clients ahead of time that a bogus email or snail-mail letter may show up.

But even if your agent doesn't give you a heads-up, your antenna should wiggle if you're on the receiving end of an email or letter advising you to send your closing cash somewhere. If you are, call your lender or real estate agent to make sure it's legit. Chances are, it's not.

Otherwise, when dealing with lenders and agents, you want to make sure they have made data security a top priority, says Wesley. Toward that end, she advises that all email traffic, personal and financial information, and the company's data storage should all be fully encrypted. If it's not, perhaps you should consider taking your business elsewhere.

Also, look for the "https:" rather than just "http:" in URLs. It's a protocol widely used for connections over a computer network, with the "s" standing for security, or more technically, a connection encryption.