By James Swan
As Labor Day and the symbolic end of summer approaches, the peak home buying and selling season begins to wind down for the year. However, as tempting as it may be to look forward to the long holiday weekend, it’s important to remain vigilant about the threat from wire fraud.
How significant is the threat of wire fraud and how can it best be avoided?
The Threat is Real
The unfortunate truth is that wire fraud in business and real estate transactions — including both commercial and residential real estate transactions — has grown in recent years. In fact, according to a May alert from the FBI, between January 2015 and December 2016 there was a “2,370 percent increase in identified exposed losses” due to just business email compromise (BEC) scams alone. According to the same FBI alert, the total domestic and international losses exceeded $5.3 billion between October 2013 and December 2016.
BEC scams typically involve a hacker using a phishing attack to gain access to the email system of an employee at a company or an individual involved in a transaction. The hacker then uses the compromised email account to direct parties involved in transactions to alter wire transfer instructions and wire funds to the hacker’s account.
The FBI highlighted several scenarios that fraudsters have used to infiltrate business transactions. In the “bogus invoice scheme,” a business working with a foreign supplier is requested to wire funds for an invoice payment to an alternate, fraudulent account. The request could be made by phone, fax or email.
Similarly, an employee’s business or personal email is hacked and the fraudster uses the compromised email account to send requests to multiple vendors identified from the employee’s contact list for invoice payments directed to the fraudster’s bank account.
Fraudsters have also targeted departments in businesses, like the human resources department, responsible for W-2s or other personally identifiable information. If the fraudster is successful in the data theft, they occasionally use the data to pursue fraudulent wire transfer requests.
The corporate suite is not safe either. The email accounts of high-level business executives (chief executive officer, chief financial officer, chief technology officer, etc.) can be hacked or spoofed. Email spoofing is the forgery of an email so that the message appears to have originated from someone other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open — and possibly even respond to — a solicitation. Once they are successful, the fraudsters send a wire transfer request from the compromised senior executive’s email account to an employee that is typically responsible for wire transfer requests.
According to the FBI, victims have also reported being contacted by fraudsters posing as lawyers or representatives of law firms and claim to be handling confidential or urgent matters. Fraudsters pressure the victim to quickly and secretly wire funds. This type of fraud has often been timed to coincide with the end of the day or end of the week.
Over the past few years, the real estate industry has been plagued by incidents where criminals hacked the email accounts of real estate agents, title companies, attorneys or consumers in order to learn about transactions and/or impersonate identities with the intention of misdirecting funds. A supposed seller may email the title company with new instructions for the disbursement of the sale proceeds. A fictional payoff lender may provide a false statement with wiring instructions to the fraudster’s account. A buyer may receive a communication that appears to be from the title company, when in fact it is from an untrusted source.
Prevention, Prevention, Prevention
The hackers involved in these fraud attempts are continually evolving, but government, business and industry groups are taking aggressive steps to enhance awareness of the threat and educate professionals and consumers about how to protect themselves from wire fraud. In July, the Consumer Financial Protection Bureau published a warning to consumers that consolidated some tips on prevention from the Federal Trade Commission (FTC), the FBI and the Financial Crimes Enforcement Network.
At the industry level, the National Association of Realtors, American Land Title Association and others have also published alerts to inform the real estate industry and consumers about these BEC and phishing scams. The challenge is that every individual in a transaction must be cautious and diligent when it comes to reviewing small details. For example, noticing the difference between JillSmith@gmail.com and JilllSmith@gmail.com can make the difference between closing on a property or being victimized by a fraudster.
In addition to the advice from the government and industry, here are some suggested precautions to take when interacting with parties to your real estate transaction, particularly when it comes to financial information or funds.
Call your title company at a trusted number to confirm wiring instructions before sending funds. Title companies rarely, if ever, alter wiring instructions, so any communication like this should be considered suspect. When in doubt, pick up the phone. If you receive any email communication that seems strange (new email address, poor grammar, typos, abnormal requests) contact the party at a trusted number. Do not use any phone numbers or email addresses included in that communication. Also, be cautious of links in emails. Pay close attention to the sender’s email address and look for any red flags that may indicate the email is fraudulent. Do not click on a link unless you are sure of the sender.
Secure Your Email
In general, exercise caution with regards to your online habits. The wire fraud scenarios generally start with hacking an email account, so securing your email is the first step to prevention.
Use multi-factor authentication on your email accounts and any financial accounts. This requires an additional action to verify changes to your account. Keep your firewall and security software up-to-date and avoid accessing accounts from unsecured Wi-Fi. It also helps to use strong passwords which combine letters, numbers and symbols.
If you think you have sent funds using fraudulent wiring instructions, contact your financial institution immediately to attempt to stop the wire. You can report fraudulent activity to the FBI’s Internet Crime Complaint Center at www.ic3.gov/complaint. Phishing emails can be reported to the FTC at www.ftccomplaintassistant.gov.
Criminals are innovative, sophisticated and constantly contriving new methods for fraud and mischief. Consistent communication — from the beginning of a transaction to the closing — will often prevent potentially harmful scenarios and make it easier to identify something that seems out of place. Stay ahead of the threat and protect your business and real estate transactions by staying alert and working closely with the trusted professionals on your team.
James Swan is state counsel and underwriting counsel in Utah for First American Title Insurance Co.