Many people wonder how fraudsters are able to gain access to business emails during the course of a commercial real estate transaction. The answer is often social engineering. Here’s a typical rundown of how a fraudster may gain access to an email:
-
An employee receives an email from a fraudster that appears legitimate asking them to reset their email password.
-
The employee clicks on the link in the phony email and fills in their login credentials.
-
Now the fraudster has the employee’s authentication credentials.
-
The fraudster will then try those authentication credentials in different systems hoping to gain access to the employee’s accounts.
-
Once the fraudster accesses the employee’s email account, they just sit there and wait until a request for funds transfer comes through.
-
The fraudster then quietly sends new instructions from a fake email. For example, if the legitimate email is msmith@gmail.com – the fraudster might create an account msmtih@gmail.com (with the i and t swapped) that looks very similar to try and trick the employee.
Keep Your Commercial Transaction Safe
Commercial transactions involve a lot of money – which is why they’re often a target of fraudsters. It’s important to follow best practices for avoiding fraud before, during, and after your commercial real estate transaction. If you have any questions about these best practices, please do not hesitate to reach out to the Commercial Partners team for assistance. You can find us at our primary office located in Minneapolis.