Judging from my own email, there has been a huge spike recently in email scams targeting real estate agents and their clients. For several months I have been getting emails with subject lines such as “Clear to Close” or “Document Delivery Notice,” with links to “View Documents.”
Many of the emails appear to have a PDF attachment, but when you click on the attachment, then you see a link to “open” that PDF. I worry that some of my colleagues or their clients might fall prey to this or similar scams.
DocuSign is a well-known software for signing real estate documents, and often the email asks me to click on a link to view a DocuSign contract or settlement statement for some transaction it doesn’t identify and that I wasn’t expecting. One should never click on that link. This can be tempting to an unaware agent.
I can’t tell you what exactly the scam is because I haven’t clicked on any of those links. If any of you readers have clicked on such links, I’d like you to share your experience with me.
Another popular scam involves sending an email giving buyers wiring instructions for their down payment. In many cases buyers’ money was lost forever. These emails might appear to be from your agent or title company, but they aren’t. Always call your agent or title company to verify any such email.
Our office has a business subscription to Microsoft Office 365, and often my agents and I receive emails aimed at compromising our Office 365 accounts. The subject line is often “Account Login Attempt,” and the text claims that someone knows my login details and has used it to access my email account. The text of the email contains my email address to make it seem authentic. It goes on to say that a lock has been placed on my email account and that I need to click on a link to restore access. Of course I ignore and delete these messages. How many of my colleagues (and readers of this column) have fallen victim to such emails? I’d like to hear from them/you.
There’s a simple way to identify links you should not click on. Float your cursor over the link (don’t click!) to display the true link address. What you saw in the message is likely not what you would get if you click on it! Often it will be for a web address from a foreign country, whose 2-letter initials take the place of .com.