Hackers making out like bandits in hot Boston real-estate market

By adamg on Thu, 08/31/2017 - 1:21pm

The Bates Real Estate Report alerts us that real-estate-savvy hackers have been busy sending instructions to real-estate buyers with instructions on where to wire closing fees that, yep, are not for real.

Topics:

Crime

Ad:

Like the job UHub is doing? Consider a contribution. Thanks!

Comments

this isn't new

By cybah on Thu, 08/31/2017 - 1:28pm.

Maybe this scam is.. but real estate scams on the internet have been going on forever.

CraigsList is the worst for them. My fav was a 800/mo 1 bedroom on Boylston Street, right at 800 Boylston Street. Wow what a deal! (and what a scam, click on the address to see where that is)

Not worse than the pople on social media

By Scauma on Thu, 08/31/2017 - 1:44pm.

Who think that lady who won the lottery has decided to give it all away via $100,000 checks to the first 50K followers.

Insidious

By Stevil on Thu, 08/31/2017 - 2:16pm.

A miserable and insidious scam.

Usually starts with someone hacking your email (that's how they find out about the transaction and it also allows the hackers to get personal info like the name of your realtor, your kids, their kids names etc. so they can make these instructions look really good buried in a personal note referencing personal info) - so take steps to prevent email hacks - change passwords, passwords you don't use for other things and don't use the word "password". If possible - use two factor authentication (usually a random number generator that is synced to your email account - a key ring token or app informs you of the number that changes every few seconds).

Most effective - if you are ever sending a wire - call the person that has given you the instructions (your client, your realtor etc.) and confirm the wire instructions by voice. The money is usually heading out of the country. If it's still in the country you MIGHT have a chance at canceling the wire and keeping the money. Once it's out of the country, it's pretty much gone.

Nothing is perfect - but that voice confirmation is usually the most solid way to prevent getting scammed.

More on passwords -- it's

By Tim McCormack on Thu, 08/31/2017 - 2:42pm.

More on passwords -- it's important to use a password manager (with a STRONG master password), since that allows you to easily have a completely different password for every service. It's the only way to stay secure.

Also a note on "security questions" -- they make your accounts insecure, because they encourage you to answer using commonly available information, or information you use on multiple websites. I don't have a great answer for this one, but you might try using random answers and keeping the answers in a safe place. -.-

Finally, this is a totally pedantic point, but two-factor authentication that involves one-time passes don't involve random number generators (RNGs). Instead, there's a shared secret between your app (or key-fob) and the service, and that is used to generate a sequence of codes that can't be predicted by an attacker. The one place an RNG would be used is during the initial setup, to generate that secret.

Thanks Tim

By Stevil on Thu, 08/31/2017 - 4:47pm.

Not an IT expert - so interesting about the tokens - always wondered how they worked and figured it was a continuous RNG. Now I know.

I AM in financial services though - and the security is a constant battle. You move the cheese and the rats follow you!

Thanks for the advice - we are looking at migrating to a password manager (when we sat down to organize it, between biz and personal we had dozens of usernames and passwords for just 2 of us!).

As one expert told us - everything is hackable, but if you lock your doors, the bad guys will usually move on to the neighbor who leaves their windows open.

Do you at least

By geep9 on Thu, 08/31/2017 - 3:20pm.

Get some ocean front land in Nigeria?

These sound like quality

By anon on Thu, 08/31/2017 - 10:12pm.

These sound like quality scams. I'm impressed.