19 minute read
What if Your Sellers Have Nowhere to Go?
Krakenimages.com©/ Adobe Stock
They may need to enter into a leaseback agreement with the buyer while searching for another property, but there can be unforeseen risks if the contract isn’t structured carefully.
By Melissa Dittmann Tracey
For sellers, it’s more difficult than ever to get the timing right between the sale of their current home and the purchase of their next property. Low inventory, high prices, and quick transactions work against them as buyers, so many sellers may need extra time to figure out their next move. One solution is to ask for a leaseback agreement, which allows the seller to stay put and rent the property from the buyer after the sale. Such an agreement is typically meant for a short period of time—a matter of days or a week. But in this feverish market, some agreements are stretching to a few weeks or even months, which can pose problems if
they’re not structured to account for various risks, said Deanne Rymarowicz, associate counsel at the National Association of Realtors®. Some sellers are delaying their search for a new home until they’ve sold to avoid the need for contingencies, which can undermine a person’s competitive edge in today’s market, said Michael “Smit” Smith, C2EX, RENE, a sales associate with Windermere Real Estate who is licensed in Arizona and Washington. Of course, that strategy also can land sellers in housing limbo. Sellers often have little time to organize a move, as the typical home sold in just 17 days in June, according to NAR data. Leasebacks, also known as post-possession occupancy agreements, not only help sellers but also can give buyers an advantage in bidding wars. “In this market, buyers are putting these in to sweeten their offers in a multiple-offer situation,” Rymarowicz said. “Sellers are selling their homes so quickly that they may not have even started packing.” But—and This Is a Big ‘BUT’… These agreements turn home buyers into landlords and sellers into tenants. Giving a seller a few extra days to move out is fairly common. “But it’s when we’re talking about more than a few days that there’s a lot more to consider, like any potential risk of loss, insurance, and rent,” Rymarowicz said. For example, should the buyer charge a security deposit? Do any state or local landlord rules apply—particularly if the seller-turned-renter is staying longer than 30 days? Here are some tips to keep in mind when your client needs to enter into a postclosing occupancy agreement.
• Put everything in writing. Buyers shouldn’t let sellers retain possession of a home for any amount of time without an agreement in place that lays out all the conditions. Your clients may need a short-term lease agreement in place while drafting a longerterm contract if the seller plans to stay for 30 days or more, Rymarowicz said. Leaseback agreements should spell out the length of the rental period; the amount of rent per day, week, or month, if applicable; penalties for late payments; who pays for utilities; the buyer’s right to access the property; and the seller’s duties to maintain the home while they’re living there. The agreement may stipulate that the buyer has the right to inspect the property and ensure no damage was done.
• Double-check insurance coverage. An insurance agent can help clear up any confusion about who’s responsible for what if the home is damaged during the leaseback period. For example, who has to pay if the water heater breaks or a tree limb falls on the roof? The responsibility likely will fall on the buyer as the new homeowner. However, the seller isn’t off the hook. Once becoming a tenant, the seller’s previous homeowner’s insurance policy no longer applies, Rymarowicz said. “The seller will need to talk to an insurance agent to discuss converting it to a renter’s policy to ensure their possessions are still covered,” she adds. Also, buyers should ensure that there are no gaps in their insurance policy during the leaseback period. Otherwise, they’ll need to carry supplemental insurance, like fire coverage.
• Charge a deposit. The buyer may want to charge a refundable security deposit just like a landlord would. Damage to walls, for example, can occur when the seller finally moves out, and a deposit can offer protection against any losses. Consider whether the security deposit should be held in escrow or released to the buyer at closing. A security deposit can also send a message to the seller: This isn’t your home anymore, and you’ll be on the hook for damages like any tenant would.
• Get the lender’s approval. Many lenders won’t accept leaseback agreements that are longer than 60 days, at which point the home can be classified as an investment property instead of a primary residence. Investment properties come with different loan terms—and, typically, a higher interest rate. Make a lender aware of any leaseback arrangements up front to make sure the buyer’s loan won’t be put in jeopardy.
• Know the risks. Buyers must have safeguards in case a seller refuses to leave at the end of the leaseback period, though this situation rarely occurs, real estate pros say. Still, it’s increasingly a possibility in an environment where many people are taking advantage of eviction moratoriums,
Smith warns. With this in mind, buyers may ask sellers to waive their rights as tenants under current COVID-19 protections. As another safeguard, buyers may hold a portion of the home sale amount in escrow and release it to the sellers once they finally move out.
• Consult an attorney. A real estate attorney can review any post-possession occupancy agreements, particularly those that stretch beyond a few days, to help minimize the risks. “The longer [the time period] these agreements are structured for, the more both parties will need to think about avoiding potential issues that could arise,”
Rymarowicz said.
Melissa Dittmann Tracey is a contributing editor for REALTOR® Magazine. She can be reached at mtracey@nar.realtor. Follow her on Instagram and Twitter: @housingmuse. Reprinted from Realtor® Magazine Online, August 2021, with permission of the National Association of Realtors®. Copyright 2021. All rights reserved.
The Aftermath of a Tech Attack
Who’s going to go after your website? Everybody is a target.
By G.M. Filisko
For years, Kevin Vandenboss didn’t visit his own company’s website very often. Why would he? He already knew what was on it. Today, the broker at Vandenboss Commercial in Lansing, Mich., checks the site regularly, just to be sure it hasn’t been attacked for a second time. The first time anybody who visited vandenboss.com was redirected to a porn site and assaulted with not-safe-for-work popups. “It was some nasty, nasty stuff,” recalled Vandenboss. “There were a lot of different popups ads for male enhancement and websites to subscribe to.” Vandenboss was stunned he’d become a target. “Who’s going to go after my website? I’m just a local, small real estate brokerage,” he explained. “Now I know. Everybody is a target.” Absolutely right, said Shawn Jaryno, a broker and salesperson at Weichert, REALTORS®, in Bayonne, N.J., who has 20 years of IT experience and teaches cybersecurity at the nearby Branford Hall Career Institute. “Real estate is like the wild, wild west,” asserted Jaryno. “Most agents are independent contractors, and everybody has their own personal email. They may be using services like Yahoo email, which has been compromised time and time again. And then people don’t change their passwords.” Brokers can also be careless about the risk to their company and agents. “I’ve walked into offices where computers are sitting wide open [unattended] with people logged in or where I’ve seen a username and password right on the computer,” explained Jaryno. “Agents also bring their own laptops to the office, and brokers don’t know what type of antivirus software those agents have—if any—or if the software is upto-date. I’ve also seen offices that have open wireless networks, and that’s a problem. There are a lot of things that open this industry up to a lot of potential risk.” Vandenboss and others who’ve learned those lessons the hard way say the damage they suffered wasn’t merely financial. Without exception, these practitioners say the most painful aspect was the devastation to their peace of mind.
Feeling Helpless
Brokers and agents who aren’t attuned to basic online security in their transactions may also be less vigilant when it comes to their own data. Vandenboss has long used DocuSign to secure contracts. “But when it came to my own information,” he admited, “I was like, whatever.” The trouble started right after Vandenboss had sent by U.S. mail a 1,000-piece, $1-per-piece postcard campaign that directed recipients to his website that, unbeknownst to him, had been compromised. He got an email from Google stating it had detected hacked content on his website. Vandenboss pulled up his website, which he discovered was hammered by porn and popups. “I panicked,” he said. “I had no idea what to do.” He could have contacted a “breach consultant,” whose pricing varies depending on the nature of the violation. For instance, specialty insurance companies like Victor O. Schinnerer & Company—a Realtor Benefits® Program partner for errors and omissions insurance—offer help navigating the legal and technical issues triggered by an attack. Instead, Vandenboss dug in himself, first calling his website host, GoDaddy. He learned he had two choices: Either wipe out his website and all the files associated with it or buy a third-party program to scan and remove the site for malware. He chose the second option, which costs about $200 annually. “The scan took a couple of hours—a very, very long couple of hours,” he stated. “I thought I was out of the woods.” Not even close. About three weeks later, Vandenboss got a call from someone who said that while trying to find Vandenboss’ phone number through a quick Google search, he was pummeled with porn again at the company’s website. This time, Vandenboss hired a tech consultant to investigate the coding at his website. Another $200 later, Vandenboss learned code deeply embedded in his site was still redirecting visitors to porn—but only when they clicked on his website in Google search results, not when they typed the website’s URL into their browser. “I ended up going all out at that point,” he explained. “To log into the administrative back end of my website, I set up Google two-factor authentication. That had no cost, but I also signed up for a service called Cloudflare at $20 a month.” It provides a firewall and blocks suspicious activity on his website. If it detects a suspicious internet address, Cloudflare requires the user to type in a Captcha verification word. “I also got an SSL certificate for my site, which is usually necessary only for credit card transactions,” added Vandenboss. “But I didn’t want there to be any risk to anybody filling out my contact form. That costs another $100 a year.”
Image licensed by Ingram Image
Still, Vandenboss couldn’t shake his anxiety. “Over the next several months, every couple of weeks, I’d get an alert that my scanner found something malicious,” he recalled. “It started to drive me crazy. I called GoDaddy again and was told there were probably some residual things on the website causing openings for malware.” The solution was to wipe out the entire website. Vandenboss hired another consultant—for another $200—to remove and then reinstall every file he’d used to build his WordPress website. Today, one of the programs Vandenboss bought does a regular scan for malware at his website. “I also used to have the same simple password for everything,” he said. “Now every website I use has a unique password that’s long and very complicated.” In addition to the out-of-pocket costs, Vandenboss has spent countless hours recovering from the attack. He also has no idea how much potential business he might have lost after his marketing postcard apparently led people to a porn site. The worst damage was caused by the stress. “It was the amount of time I worried about it and the anxiety it caused,” said Vandenboss. “I felt the most helpless when the Google searches were still redirecting people to porn. I’d already done the things I was supposed to do to fix it, so then what was I supposed to do?” Vandenboss now knows first-hand how vulnerable brokers are to cyberattack. “It’s not somebody just sitting in their mom’s basement looking for credit card numbers to steal,” he stated. “It’s automated. Programs are crawling the web looking for vulnerabilities. It doesn’t matter who you are if there’s a way to get into your site. Nobody is too small to attack.”
Email Hijacking
Four times Sue Dietz has been targeted, and she’s sure it’ll happen again. “It’s not that I’m hacked,” said the agent at RE/Max Advantage in Dubuque, Iowa. “It’s that my identity as a Realtor® has been taken. They haven’t been in my computer. They’re sending out emails from bogus email addresses saying I have a referral in the area, and they’re asking the other agent if they’d be interested in taking the referral.” The emails, which started in January 2016, are sent out under Dietz’s name. The danger isn’t to Dietz; it’s to recipients who click on a link in the email, which likely leads to a virus or malware. Dietz first got notice of the stunt when her office and
cell phones started blowing up with calls from other agents either giving her a heads up about the scam or wondering why she included a bad phone number or link in her email. “Some are really looking for a referral and think I messed up on the phone number,” she said. “Some are saying they can’t open the link and I tell them that’s a good thing.” There’s not much Dietz can do other than to warn others to be careful when receiving an email under her name, which she’s done each time it’s happened and in various ways. She contacted the National Association of Realtors®’ Director of Digital Engagement Nobu Hata for help spreading the word. She also posted on her website a notice of the scam and the fact that she’s aware of it. That’s not just to prevent the scammers from being successful; it’s also to cut down on the time Dietz spends handling the scam each time it hits. “Calling it a hassle is putting it mildly,” she reported, since she feels obligated to respond to every call, text, and email. She’s done that every time the scam starts, which has been at the beginning of each year and then again each September or October. Dietz estimates she’s had 6,000 to 7,000 people contact her over the past two years. “The only way to stop this is to change offices and change my full legal name,” she said. “That’s not going to happen.” The scam hasn’t cost Dietz money or business, except in lost time. But she knows she can’t be too careful. Even though her computer wasn’t hacked, she’s changed all her online passwords and doesn’t save any passwords in her computer. When people contact her, Dietz encourages them to beef up their security. “I tell them that if their computer tells them to not open something, don’t open it,” she explained. Also, taking advice from Hata, she reported the emails as spam because it might slow the scammers down. “I also suggest they let their local board know to spread the word, because usually I get hit in one area at a time,” she added. Like Vandenboss, Dietz has been rattled by the scam. Though no one stole her computer or got into her bank account, she said, “I feel like they’ve taken part of my sanity away.”
Phone Hostage
In the summer of 2016, an agent (who asked not to be identified) with Carolina One Real Estate Services in Charleston, S.C., checked online for a service that could help her with connectivity problems between her printer and her desktop. She found a place called WeFix, one of many sites using that name, and the business used a screen sharing program to access her computer and adjust the settings.
Problem solved, or so it seemed. She was once again able to print from her desktop. Then on a Friday, almost a year later in June 2017, the agent, an 18-year veteran in residential sales, received a phone call from a man claiming to be with that same online repair service. He said they’d found a glitch in the work they’d done on her computer and needed to remove a program. The caller knew exactly the amount she had paid for the repairs. He also knew they’d worked on two other devices the agent had gotten repaired at the time (she’d also arranged for repairs to her husband’s and her brother’s computers). It’ll just take a quick screen share, they’ll refund her money, and she’ll be set, he promised. The agent was hesitant, and she asked some questions. But she got reasonable answers to every one. So, she agreed to the screen share both on her laptop and her desktop. She watched as the caller tinkered around in both computers. Then the caller said he needed access to her bank account to process the refund. The agent grew more uneasy. She asked why he couldn’t issue a credit. She even said no. But the guy was persistent and convincing, telling her this was the only way to process the refund. “Something kept on telling me, ‘Don’t do this,’ but I opened up my bank account online.” And then she realized her mistake. “I said, ‘Oh, my God! You’re holding me hostage with my accounts,’ and he said, ‘Yep, you’re right,’” she recalled. “My heart just dropped.” Thus began a five-hour phone nightmare with the caller threatening harm to the agent and her family as well as the theft of all her money. He warned the agent not to do anything “stupid” because he was watching her on her computer’s camera. The assailant kept the agent on the line and instructed her to drive to the bank to withdraw $3,000. Then he told her to drive to Walmart and purchase three $1,000 gift cards. Then he told her to go home, scratch off the coating hiding the redemption code on each card and read each code to him. Hours into her ordeal, the agent’s brother happened to drop by, and she slipped him a note: “I’m being held hostage on my computer. Call the police.” Her husband got home about the same time, and the men immediately called the police. By then, the agent had had enough. “He said, ‘I want you to get back in your car and go to the next closest Walmart,’” she explained. She said no. The thief hurled more threats. But through tears, she held firm. “It was psychological,” she said. “It was so scary.” But the agent wouldn’t budge, and she hung up and unplugged her computer. The thief repeatedly called back with more threats. “He was going crazy, yelling, ‘What did you do with my cards?’” the agent recalled. “He said he was going to send somebody to our house and that he was going to kill us.” Luckily, the agent and her family are safe, and her accounts were untouched. Her husband and brother raced to Walmart, where they were able to cancel the cards before the thief redeemed them. She immediately called the emergency number at each of her banks and locked down her personal and business accounts. The next morning, she alerted the head of information technology services at her brokerage, Les Sease, about the scam. She also reported it to the Federal Trade Commission and the Federal Bureau of Investigation. She’s heard nothing so far from either federal agency or from the local police about whether the online repair business was in on the scam or was hacked itself. As for the lack of closure with the case, she said, “it’s frustrating, but on the other hand, I don’t know of any way they could actually track down these people. This kind of thing happens to people every day, and what makes me so special?” The agent bought a new computer and paid a tech expert—recommended by Sease—to remove the hard drive in her old computer and smash it. “I felt so violated after he’d been in that computer that I didn’t want to work on it anymore,” said the agent, who estimates she spent $1,000 on the new equipment and the tech help. “It also took a lot of time, effort, and hassle.” Though she initially shared her story only with Sease and a few close friends, the agent now wants others to recognize this can happen to smart, successful agents. “I’m sure people think that nothing like that could happen to them,” she said. “But it was scary. It takes control of you, and you just freeze.” The incident has changed the way the agent does business. “I’m more cautious talking with people on the phone and with meeting people places,” she said. “I’m afraid to talk to anybody on the phone if I don’t know who they are, because my trust level is very low. It’s made me very paranoid.” Her advice to others dealing with technology issues: “If you’re having a problem with your equipment, call a reputable IT person. Don’t go through the internet. We’re so used to online everything, but face-to-face is the best. “I’ve always known that as an agent, you should never meet anybody you don’t know at a property,” the agent warned. “This has made me even more aware. I’ve had agents tell me that they’ve met someone at a property and felt like something wasn’t right. I have that feeling all the time with all aspects of my life now. It’s sad that you can’t trust people.”
G.M. Filisko is a Chicago area freelance and former editor for REALTOR® Magazine. Reprinted from Realtor® Magazine Online, March 2018, with permission of the National Association of Realtors®. Copyright 2018. All rights reserved.
SANDY DAY Stewart Title 801-918-9669 sandy.day@stewart.com
KOLEEN FADDIS I NMLS#486864 Mountain America Credit Union 801-891-5032 kfaddis@macu.com
MCCAULEY FLINT U.S. Title Agency 801-644-6970 mflint@ustitleutah.com
BOB GOODSON First American Title 801-231-5857 bgoodson@firstam.com
BJ HANSEN I NMLS#218202 South Towne Mortgage 801-550-9944 bj@southtownemortgage.com BRITTANY JENSEN Novation Title 435-669-8822 bjensen@novationtitle.com
AMANDA LANDERS I NMLS#351348 Gateway Mortgage 801-550-9258 amanda.landers@gatewayloan.com
LONI LARSEN Pillar to Post 801-244-5255 lonilarsen@comcast.net
TERRIE LUND U.S. Title Agency 801-414 4188 tlund@ustitleutah.com
SANDRA PERKINS Acclaimed Home Warranty 385-232-6167 sandra@acclaimedhw.com
DONNA RENTMEISTER American Family Insurance 801-381-1938 drentmei@amfam.com
MARITA VISELLI I NM LS #261036 lnspiro Financial 801-755-4988 mviselli@inspirofinancial.com
DAVE YOUNG I NMLS#66797 America First Credit Union 801-386-6491 dyoung@americafirst.com What we do: Abide by the Realtor® Code of Ethics I Commit to helping you find the right services for your business model and clientele I Support The Realtor® Political Action Committee (RPAC) I Work to ensure a smooth business transaction from start to finish I Help you build YOUR team.
k_4J_/_�
COMMITTEE CHAIR Veritas Funding I 801-688-0599 I NMLS#288635 khendry@vfund.com rld::cl�
