The Beehive State’s housing market is buzzing, but buyers, sellers and real estate agents aren’t the only ones in on the action.

Scammers are, too.

So much so, that the Utah Department of Commerce issued an alert and launched a public awareness campaign Monday, warning consumers and real estate agents of the burgeoning threat.

The basic scheme plays out like this: Hackers break into real estate agents’ email accounts and monitor their work. When an agent is poised to close a deal, a scammer sends an email from the account to the client requesting that money from the property transaction be wired to a bank account. Since the illegitimate accounts are often outside of the country, once the money is sent, it is gone forever.

The FBI estimates that Utahns lost more than $20 million to such scams in 2018.

Emily Pedersen, a real estate agent in Vernal, almost found herself the victim of such a con in August 2015, when she and her husband were closing on a $60,000 property sale.

The title company handling the transaction told Pedersen that it would call her when she could go to the office to pick up the check. Pedersen was running errands the morning the money was due and decided to drop by the title company, just in case the check was ready early. When she arrived, the woman at the office informed her that she was about to wire the money as per Pedersen’s emailed instructions.

“I said, ‘Oh, I haven’t been chatting with you by email,’ and we looked at the emails and, sure enough, someone hacked my emails,” Pedersen said. “If [I hadn’t come to] her office prior to closing, she would have wired the money, and we would have lost it.”

Pedersen and her husband changed their email passwords, and they now use a three-point verification system. She said the experience was “eye-opening." She never before had heard of such a scam.

“I was just taken aback that someone could hack my emails and take that much money that fast,” she said. “It blew me away how easy it was for someone to do it.”

Sheralyn Bennett, a real estate agent at Berkshire Hathaway HomeServices, dealt with a similar scam in 2017, when somebody used a fake email with her photo to request that a title company she was closing a deal with wire money to an illegitimate bank account.

Fortunately, the title company became suspicious and called Bennett before moving the money. Bennett said she knows of people who lost a lot of money to such frauds. She said Berkshire warns clients not to wire money to anyone without first confirming the payment over the phone.

Jonathan Stewart, director of the Utah Division of Real Estate, said that although scams have existed for several years, they have become more common, which prompted the public alert.

“Oftentimes, people view stories like this as if they’re going to happen to somebody else,” he said. “I think if people view themselves as a possible victim anytime they get an email, they are going to take more caution in what they do and how they respond.”

To avoid being taken, officials urge real estate consumers to:

  • Be wary of last-minute emails with changes to the transaction.
  • Contact email senders by telephone using a phone number you have independently verified.
  • Never send a wire transfer information via email.
  • Never email financial information.
  • Be cautious about opening attachments and downloading files from emails, regardless of who sent them.

And real estate professionals should:

  • Inform clients from the start about your email and communication practices, and alert them to the possibility of fraudulent activity.
  • Contact the intended recipient via a verified telephone number and confirm that the wiring information is accurate before wiring any funds.
  • Use encrypted email if a situation arises in which you have no choice but to send information about a transaction via email.
  • Never open a suspicious email.
  • Clean out email accounts on a regular basis. Emails may establish patterns in your business practice over time that hackers can use against you.
  • Regularly change usernames and passwords, and make sure your employees and licensees do the same.