Subscribe
Share
Share
Embed
Real Talk with Sterling Real Estate Group is your go-to resource for all things real estate. In our episodes, we break down the latest market trends, share insider tips, and provide expert insights to empower your property journey. Whether you're buying, selling, building, or investing, we're here to help you navigate the dynamic world of real estate in New York's Capital Region and beyond. If you have any questions or topics you’d like us to cover in a future episode, we’d love to hear from you! Reach out to us at info@sterling518.com.
Jackie Cybersecurity (00:36)
Hi, welcome to Real Talk with Sterling Real Estate Group. Today I'm excited to introduce you to Jackie Goralczyk from Pierson Ferdinand Law Firm. And today we're gonna be talking about a very serious topic of cybersecurity. And let's just keep in mind, this is not just specific for real estate, it's just in general, right Jackie? Just day-to-day activities. Yep, generally. And I do, Jackie, I wanna thank you. I know you came in and spoke with our agents.
about cybersecurity and that was certainly eye-opening. I don't click on anything. Even if I know who it's from, I don't click on it. I call them. Yeah, you're talking to the most paranoid person in the world. I know we're all paranoid, but in a very, very good way. Good. So let's get started. Tell us, what are the nightmare stories out there in cybersecurity and relating to real estate? Yeah, yeah. They're unfortunately, when I got into cybersecurity in 2017, it was really like,
we were starting to see wire fraud. ⁓ And I would like to say that over the last 5 to almost 10 years now that it's gone down, but it really hasn't, it's skyrocketed. They all find new ways for... Yes. exactly. They find new ways. Lucky for us that there's always people buying and selling houses ⁓ that don't do that every single day. So ⁓ there's always a new target, unfortunately.
⁓ So we continue to see an uptick in wire fraud with real estate transactions. I think in the beginning it was more focused on the buyer side, trying to get the buyer to wire their funds. Over the years, they've definitely found more ways, ⁓ payoff funds. They've been able to intercept payoff funds more easily. ⁓ And all of that goes hand in hand with technology. I mean, ⁓ there's a school of thought where it's like, if I fax something,
⁓ It's safer. Well, most people have e-facts now, right? So it's going into your email. Mm-hmm So I think that you know, as long as we're doing transactions, there's always gonna be a really high risk in real estate, right? What are some of the things that people should look for, you know in an email? Yeah, what are some clues? So that's becoming trickier by the day We used to be able to say if you saw lowercase "I's" throughout the email if there were
If there was language that you didn't normally hear, a lot of countries would incorporate religious type language into their spoofing emails, their phishing emails. ⁓ But now with the advent of AI, it's just like you're talking to the person that you think you're talking to. ⁓ There are so many less indicators than there were 10 years ago. ⁓ So unfortunately, it's...
more about being cognizant of how the transaction should happen ⁓ so that you can spot things that are out of the ordinary for the transaction. So calling numbers in a real estate transaction. So I know the wire fraud. It has happened around here. Thankfully, it hasn't happened within our company. Right. But I know a few agents that it has happened to. ⁓ But we sit down with our, you know, buyers and sellers and we actually have them sign a cybersecurity form, which
You had recommended that we do that. In fact, I think you put eyes on it. I send it to you when you're like, yeah this is good. And we tell them, you know, do not call any of the phone numbers embedded in the email. Do not click on it. Yes. Use the phone number we gave you, right? Or you call us at our number that you have and we will confirm. And a few people have said, hey, I got this email. Did you send it? We're like, nope. Get rid of it. Delete it. Report it. You know, and
You know, get on the phone with your attorney and it's scary. That's one of the biggest things is, ⁓ you know, they are so realistic at this point. Right. And if you are a buyer or seller that, you know, maybe we buy or sell houses 3 or 4 times in our life. ⁓ So if this is your first transaction, you don't really know what to expect. ⁓ Responding to an email or calling a phone number from an email is going to be very natural. I mean, that's what we do. If we get a question, you know, we call. ⁓
So it is again, you know, from your side about education, which it sounds like you guys are doing. ⁓ And then, you know, just a recommendation for people to speak to their attorney. Have that conversation with the attorney to understand what they should expect so that if something is off, they're going to know. there are things that happen last minute. We all know that somebody. Somebody all of sudden says, wait, I moved out of state. You have to wire the money.
There's different things that happen, but making sure that we're prepared knowing what is supposed to happen. And then if things are a little off, you're going to call and say, is this what's supposed to happen? And trust your gut. Yeah. Trust your gut. That's big. The unfortunate part of wire fraud also is that many times it's not caught in time. I've been in situations hearing from individuals that are sitting at the closing table that then say, what do you mean? I wired my money a week ago.
If it's a week ago, the chances of getting it back are so slow. We are lucky from the standpoint that the FBI, ⁓ CISA, the Secret Service, they've become very involved in these transactions ⁓ and are helpful in recovering some of the money. But it depends on the amount too. It has to meet a level where they're going to be aggressive about it. ⁓
Can you tell us what that level is or it's really everything is different? Yeah, I mean, I guess I say that from the standpoint of we know that like, for instance, a first time FHA home buyer, you know, they're bringing a relatively small amount of money, but for them, it's a large, right? It's a large amount of money. So if they lose a $20,000 wire, let's say for instance. It's devastating. It's devastating to them. Yeah, so it's all in perspective of, you know, what the transaction looks like.
⁓ But there are steps where if you can get it in time, there's a greater chance of recovery, but that timeframe is like 24 to 48 hours. Yeah, that had happened when I was telling you an agent, they had walked into the closing and they're like, did you get the money we wired? And everyone just kind of stopped and like, what are you talking about? We did not, they were able to stop that, that wire transfer. it didn't, but. Yeah, that's a heart-dropping moment though. That's like, ⁓ no, because everybody has that feeling of like.
Yeah. So you've got to be able to catch it on the front end. You've got to be able to give that education. I can tell by some of the emails, know, that they're like, that's a really weird email coming from a company. Yeah. But even then, know, they are getting, they're getting really smart with, you know, the emails and where they're coming from. ⁓ What other types of fraud do we need to worry about in real estate? And it's funny, I'm asking you this because I had a staff meeting yesterday.
and the whole meeting was about fraud. ⁓ Yeah. So be curious. want to see, know, on your perspective as an attorney, what you're dealing with out there. Yeah. So real estate specifically, ⁓ you know, it's the buyer seller, mortgage payoff fraud. It's also the, ⁓ and I'm sure you guys have seen this cause we've seen a lot of it locally is the, many times the vacant land purchase. The title theft. Yes. Right. Yeah. So, you know, it's,
It's kind of ⁓ jaw dropping in the sense that there are multiple transactions that could potentially be happening on these properties. But the ultimate goal of the, you know, the what we call threat actors is to get somebody to wire their money. Right. So we don't necessarily, we're not as concerned of the fact that a deed has passed, you know, that potentially can be fixed. But we are concerned that money was wired at some point. ⁓ You know, so they've gotten the buyer on the buyer side and
you know, it's then you've just, you know, started a whole snowball reaction. ⁓ But we definitely see more of that with the, you know, the Airbnb space. Just the fact that people are more disconnected from their, you know, home base, their properties, their ⁓ rental properties, it allows a lot more room for fraud. For fraud. You know, I guess one of the biggest indicators
We get emails all the time, you know, through our website. And normal leads come in, but they're never available by phone. No. They're always out of the country. Yes. They're only available by WhatsApp. When you try to get them on Zoom, you know, they'll set up, you know, they'll agree to the appointment and then they cancel at the last minute. know, we've asked, you know, if you actually do get them on the Zoom call, you want to copy of their driver's license beforehand. Yes. You see if it's right.
is this the person on the driver's license? But you never get it. We've never, ever gotten that far. ⁓ And those are the telltale signs. Well, they're trying to buy. They're trying to buy the property. ⁓ it's always, you know, are new construction. I want to buy this house. I can close in 30 days. And we're like, OK, it's not even built yet. That's an indicator. But we need you to help us find an attorney, find a bank. Where can we wire the funds?
That's concerning because they want to wire it in. Right. what is the scam on the back end? It's getting our information to... So potentially ⁓ getting the information, the banking information, I've also seen it a lot of times where they want to send their certified check that they expect that whoever is ⁓ receiving the certified check will cash it immediately. Right. And then they say, I want to resend the transaction and you have to wire me the money back.
And a lot of people have been fooled by it. A lot of people have wired the money back. And by the time the bank catches it, can be 20, right? 20 days. 20 days. Yes. And then the bank comes to you and like, we want our money. Yes, that's exactly right. OK. Yep. So if they can get that sort of quick turnaround transaction, and particularly in New York state where you have those three days, if they can get somebody to deposit the funds and then send it back to them, that's the goal. Yeah. Red flag. Red flag. Yeah. We just delete.
Delete. You know, I hope the day doesn't come that we actually deleted something that was legitimate, but I think we do a good job with the vetting of that. Yeah, I mean, you know, from the years that I spent in real estate, you're always excited when you have a new client. You're always excited when somebody reaches out to you out of the blue ⁓ or you have a recommendation from someone. ⁓ But it's not that, you know, it's not that simple anymore. Because people with how much people, ⁓ you know, express their lives on social media.
It's very easy for fraudsters to go on and say, ⁓ I'm, you know, I pick a friend, I'm friends with this person, they recommended. ⁓ And, you know, get somebody kind of wrapped in that way. Right, yep. And someone who maybe is newer in the business, just really, you know, trying to get the experience, but they don't know enough ⁓ what to look for and how those happen. Yes. What about whitewashing? We call it whitewashing the changing of the checks.
and then they're cashing them. They're taking the checks out of the mailboxes. Ok. We've been seeing that, I guess, like an escrow overage. So we've always had the policy that our agents deliver the escrow overage to the attorney and we don't mail it. I guess people go through, right, and they take the checks out of the mailbox and they say they whitewash it. have something, they change the name on the check and the amount and they cash it.
Yeah, I don't think I've heard that term used for it before, but certainly we have ⁓ so many of those instances where they take the check out of the mailbox or out of the mail or whatever it is and start duplicating the checks. Okay. And start sending them all around the country. ⁓ And basically just seeing who will ⁓ cash them. Who will cash it. And it becomes part of a bigger scheme because...
Many times it's a situation where they've contacted somebody on some sort of app or social media and said, I'm sending you this amount of money. I need you to cash it and send me back this portion. And people do it. And it's an ⁓ attorney's check or a real estate check or whatever the case is. ⁓ But that's why we tell everybody to get positive pay. Because you want to be able to stop those. Wow. Interesting. Yeah. I went out and bought gel pens that are specifically for... ⁓
They're saying whitewashing, I'm sure, or that there's so many different names for it and that there's actual ink that you can put in your printer so the checks can't be changed. But I'm sure anybody with technology, they can duplicate. Yeah, they're still right. If we can try to find like one way to stop them. Yes. Yeah, I know it's crazy. So tell us, our listeners, what can buyers and sellers do to protect themselves? You know, in a real estate transaction, I we touched on it a little bit.
But what are some other things that they should be, and it doesn't always have to be real estate, it could just be in general, right? Yeah, yeah. With some of the larger data breaches that have happened, you know, even over the last few months, we all need to just consider the fact that our social security numbers are out there. Our, you know, most of our information and our passwords and accounts.
So people have to be super careful about, and I know we've kind of been harping on this for years, using unique long passwords, always using two-factor authentication on any sort of account, particularly banking. The two-factor, I have a lot of that. That's a good, write that down. Two-factor is, and I say that because it's a best practice, but even two-factor now is not fail safe. They're finding many ways to get around two-factor, stealing tokens.
being able to be persistent in somebody's environment. But it's still a best practice, like still use two factor. Using two factor through an application like Microsoft Authenticator ⁓ or I think is Google, I don't know if it's Google. Is it Passkey? I know I did something through Passkey, is that through Google? No, so Google is, I can't think of the name of ⁓ the authentication app, but. ⁓
using the app as opposed to text message to your phone. It's a little bit safer. So, you know, the same kind of cyber hygiene that we talk about for businesses, people have to use for themselves. ⁓ Updating passwords regularly, ⁓ you know, not making them password one because, you know, there's like, there's a whole list of things that people still use as passwords and they use them on every single account. Yeah. So just being super careful about that. But then in
in the real estate transaction, again, it's having that conversation with everybody involved in the transaction. We've become a community that is so technology focused that we're texting and we only want to email and nobody wants to pick up the phone. that's horrible. Yeah. And we kind of have to take a step back and go to that communication where we're actually hearing somebody say, this is what's going to happen. Do you think with AI that it's duplicating your voice and that you
Right. we're here that have you seen that in, in, the fraud part of the real estate? I mean, if someone calls and is this, you know, Lisa, yes. And then they're using your voice. Yes. To, I don't know, I guess, buy other services and all of sudden you're billed different things. So we're seeing that across the board in numerous types of business transactions. Um, we're seeing that a lot in the CFO or the CEO fraud, um, where
You think you're on a Zoom call with the CEO of the company. ⁓ We're seeing it a lot in employees being hired, remote employees, and it's not who you think is being hired. ⁓ So you're hiring potentially somebody from a country that is trying to hurt the US. So we're seeing it in many different circumstances. Yeah, Yeah.
There's a new regulation coming out and I think that the sunset period kind of just ended for people to get, businesses to get in line and it's going to put the burden on businesses to be more careful about who they're investing with, who they're transferring people's data to and who they're hiring. taking steps to authenticate that much more because we're transferring data to foreign countries.
that are using it maliciously. Let me ask you, and I lost my train of thought, I hate it when that happens. That's okay. Geez. Yeah, yeah. One thing that I feel like we should hit on is the older adult, the elder abuse in cybersecurity. I cannot tell you the number of clients that we have had.
and the amount of money that has been lost by older adults. ⁓ prime target. It's so sad. People draining their entire ⁓ 401k, all of their bank accounts. ⁓ And we really need to start, like as a community, talking to our parents and grandparents about what this looks like. You know, how many times we've heard the story of the older individual who has their first computer.
and they get the pop-up from Microsoft that says, you know, you have this issue. They click on it. Somebody calls them and lets them remote in. The individual lets them remote in. you know, take them for all their worth. They're taking everything. Yeah. Yeah. You know, does that go as far as, you know, that they pose as their granddaughter? Oh, yeah. Or grandson, I'm in trouble. I need money. you know, the police aren't going to let me go. Yes. I mean, yeah. It's, it's. Yeah.
My grandmother is the cutest person in the world. She is so lovely. And ⁓ she had that happen to her with my brother. And she called later and she was like, I'm thinking, why are they calling me? What am I getting? I'm giving you anything, right? I'm going to tell you, keep them in jail. Yeah, exactly. Exactly. Yeah, we had, when my mom was alive, we made sure she had caller ID. And she was pretty witty, but we're like Mom, if it's not any of us.
don't answer the phone. She still had the answering machine or the voice. I think it was the answering machine, not even the voicemail. Like your rewind answering machine. We were very protective, but a few times she'd say, so-and-so called, or we've been there and she answered the phone. I'm looking at the caller ID and we're like, hang up, hang up. know, Ma you can't. But when they get a bit older, they forget. But that's a very good point that people should be.
Your grandparents, even your parents. Yeah, I mean, the psychology that they're using behind these types of fraud are devastating. I mean, we see instances where a threat actor is calling an older individual and saying, you know, I have inappropriate pictures of you. We've put a camera in your house. We have, you know, whatever the case is, we have things that were online, which, you know, I get if you were to take a step back and say, I don't have pictures
online. And if you do, good for you because you're not going make any money off of it. but it definitely goes to that psychology piece of it. We have seen, you know, at this point, individuals showing up at the people's house to get the money. So it's not even like it's just limited to they got a password and, you know, access to an account. It's they've got individuals on the outside that are going to show up and collect the money. That's scary. It is. It's so scary. So if, you know, we have to somehow educate
to not fall for these types of scenarios. Anything out of the normal should feel suspect. That's scary. It's almost everything. It's almost everything. Like I said most paranoid person. Oh, yeah. I remember what I was going to ask you. I wrote it down. So we all get these letters in the mail, right? That there's been a security breach. Yes. In which those are true because you hear it on the news and then they recommend like TransUnion. Do you think that's, I mean,
worth doing, putting us... Yes. Yeah. Okay. I do that all day, every day. That's what I... Okay. So essentially what you're getting there is an organization has had some sort of incident. There is potential that your information has been subject to unauthorized access. And then as part of their due diligence and their state law obligations, they're offering credit monitoring.
So you get the letter and the uptake of people accepting credit monitoring is very low, like two or 3%. It is, it's very low. Yeah, most people get them in the mail and they throw them away. They do. But if you don't have it and you get one in the mail, take the credit monitoring. And you only, I mean, if you've already signed up for it and they're offering a different company, you only need one company. It's good to have all three bureaus if you can. It is? Okay. Yeah, because there is instances where they all don't hit the same. So if you have one and they offer another one,
certainly take them up on it. Off the top of your head, the three companies? Equifax, TransUnion, and Experian. Right, okay. I didn't know if they were some different ones. I know I got a phone call because I was buying a car, but they told me when they ran my credit, they're like, you have a, I guess a block. And they said, the banks are going to call you and ask you if you've authorized this. I was like, okay. And they did.
And it was one right after the other. I go, well, I guess they just now put it in to shop, you know, for that car loan. But at least, you know, it's like, OK, it's doing, you know, what I signed up for. it's supposed to do. Yeah. So that's good. Yep. So you can take the credit monitoring. There's also you can put, you know, blocks on your account. Like it sounds like maybe have happened. There is a method to set up a PIN number with the IRS now so people can't file false tax returns in your name. OK. So there are certain services, you know, that you can.
take advantage of to try to help on that side. That's good information. Look at all this additional we're learning today. ⁓ Let me see here. ⁓ What is one trend in cybercrime? Well, we probably touched on everything. Is there another trend that you see happening or something new that's rearing its ugly head? I think one of the things that
is surprising to people is the types of businesses that these threat actors are going after. ⁓ You would be shocked at the number of small construction companies, small engineering firms, small CPAs, a lot of small businesses where small businesses think like, ⁓ what do I have? ⁓ But we represent one person shops all the way up to Fortune.
100 companies. Yeah, you guys have a great company. Yeah, I mean, so there is such a wide variety of organizations that are affected by it. And one of the things that we're seeing so often every single day is the funds transfer fraud. organizations that use ACH transfers, which is most. Yeah, communicate by email.
with threat actors getting in the middle of their correspondence and having ACH instructions changed. So that's something that all organizations need to be aware of. Not just, I mean, they're not just hitting a million at a time, they're hitting, you know, 5 or 10,000 at a time. Yeah, and that's their full-time job, that's what they do. Yeah, yeah. Well, what about, okay, let's, we're talking about the full-time, where you say the threat actors, the text message. You have an unpaid,
Oh, parking. DMV, parking. Apparently my license has been suspended five times now. So, you know, I am still driving. It's because you didn't renew your car warranty. Oh, yeah. Yeah. That's why. Yeah. It's like, you know, I have unpaid parking tickets. It's something with DMV. just got another one, you know, the other day. I'm like, the EZPass one is a lot too. Oh, That's a good one. That's a good one. I mean, I got one because my husband and I were in the city and some came on like, and I was like, wait a minute.
and I had the New York Tolls app and I went right in and like, yeah, block. Yeah, I mean anything again, anything that feels out of the ordinary, I mean DMV doesn't contact us by text message. Yeah, I know. Same thing with EZPass, but I think it's just because we've moved to such a digital world that people will be like, okay, that's, or your Amazon package is, it can't be delivered. I mean, who wants to miss their Amazon package?
⁓ And you think like, I need that. And you call your FedEx can't be delivered. ⁓ What was the other one during COVID? I haven't seen it much lately. I'm in a meeting. Can you go buy ⁓ the gift cards for me? Like really? You're in a meeting? We're in lockdown. It's COVID. But they're still, that's still a thing. And I had a very ⁓ sad one.
that they had convinced, again, an older adult to go and buy gift cards. And she bought like $8,000 at Home Depot. And her son came to the house and was like, what are all these Home Depot cards? And she was like, nothing, like, you don't worry about it. Because at that point they've gotten, they've said, if you tell, then, you know, there's these repercussions. But certainly in office situations, it's very much like...
And ⁓ there's an individual that puts up reels that talks about, he's like, my CEO finally noticed me. He asked me to go get a gift card. yeah, yeah. It's like, I didn't know he knew my name. ⁓ I know. That older woman with the 8,000, did she ever get her money recovered or no? Yeah, it's sad. Yeah. It's sad. ⁓ And I mean, we are lucky that financial institutions are
Definitely they're taking a stance against it and trying to be more diligent with their clients. ⁓ We have, when individuals go into the bank and make transactions that they wouldn't normally make, they are asking questions. But if someone is already deep into it and they're having conversations with the threat actor on a daily basis, I have one gentleman where they spoke on the phone every single day for a year. yeah, I mean, was as if it was somebody that they were actually doing business with.
And they just, they won't tell. They won't say, you know, there's a problem. That's sad. That's sad. I know I go to the bank, where I'm always at, and they're like, can we have your ID? And I look and I'm like, seriously? You know, and I like, but I get it. You're only doing your job to protect, but you know. The Fed actually did come out with new regulations. I think actually they were in place yesterday of additional safeguards that they're taking for people wiring.
So for our buyers and sellers that are expecting sending or receiving a wire, ⁓ it's likely that they're going to see their attorney's offices asking for more information because the FED is going to require more information, which is good. And that's okay. Yeah. Yeah. If it protects you, may be a little bit of a pain, but in the long run, you're going to go through a lot worse, right, than trying to recover your money, which chances are you may not. Wonderful. ⁓ Jackie, it's always a pleasure getting together with you.
Do you want to tell our listeners how they can get a hold of you? just know we will follow up. We'll have all of Jackie's information as well embedded into the podcast. Yeah, absolutely. So ⁓ LinkedIn is the best way. You can find me on LinkedIn, Jacqueline Goralczyk or you can email Jacqueline. Goralczyk at PiersonFerdinand.com. wonderful. And again, we'll have all of that information embedded. And ⁓ Jackie, I hope you come back. I will. Anytime. We'd to have you back. I mean, I think we could talk.
forever. And this is a very serious topic that we want our listeners to be a part of and hopefully learn something from this today to protect them. So thank you. changing all the time. Yeah. All right. Wonderful. Thank you. And thank you. That wraps up our last episode of Real Talk with Sterling Real Estate Group.