Twenty Ways to Keep You and Your Clients Safe

Wire-transfer fraud has bedeviled real estate agents and brokers over the past decade. In fact, the real estate industry was the second most likely to fall prey to cybercriminals in 2018, according to a report from cybersecurity firm eSentire.

Despite warnings from law enforcement, the National Association of Realtors, and other groups, wire-transfer fraud targeting homebuyers, title firms, agents/brokers, and other parties continue to soar. According to the FBI, business email compromise (BEC), its term for email-based cybercrime, sparked $12.5 billion in losses worldwide from October 2013 to May 2018. U.S. victims represented about $2.9 billion of that total.

Worse, the FBI has witnessed an explosion of BEC directed at real estate firms and their customers, accounting for a 1,100 percent increase in reported incidents from 2015 to 2017, along with a 2,200 percent increase in BEC financial losses.

BEC victim reports tell a remarkably consistent story. Scammers often target professionals involved in real estate transactions, including agents and brokers, title firms, and lawyers. After gaining access to a participant’s email account and then identifying an upcoming transaction, they may pose as the property seller, giving a fake account and wire-transfer instructions to a title firm. The company then wires the closing money from escrow into the scammer’s account. Soon, it moves the stolen cash to another account, often offshore, leaving the real buyer and seller in the lurch.

As the real estate industry became familiar with this modus operandi, scammers began targeting consumers directly. Buyers and sellers, they found, were much less sophisticated about email security than were real estate professionals. According to BuyerDocs, an Austin, Texas firm that offers what it says is a secure method of sharing wire-transfer information, 52.2 percent of homebuyers are totally unaware of this form of fraud, and 74 percent think a title firm or bank can recover funds that are transmitted to a phony account.

However, even highly informed real estate professionals continue falling for such scams. Bill Soffel, an ERA Real Estate broker-owner in Chautauqua, NY, explains how the clients of one of his agents lost $175,000 in a wire-transfer scam. Describing the incident in REALTOR^® Magazine, Soffel said the buyer’s attorney received an email from the seller’s “attorney” asking for closing money to be wired to a certain address. The attorney did, only to find out that the money went to a fraudulent account.

Apparently, Soffel said, the fraudster hacked into the email of someone involved in the transaction. While there, he (or she) uncovered key information, including when the sale was slated to close. After setting up a fake e-mail account under the name of the seller’s attorney, the criminal sent the buyer’s attorney a request for money at just the right moment. Since everything looked legitimate, the attorney complied and—poof!—there went his client’s money.

Another case occurred in Colorado several years ago. A couple lost their life’s savings while trying to buy a retirement home. After selling their prior residence for $272,000, the couple was in the closing process when the title company emailed them the closing amount and wire-transfer details. The couple wired the funds, but—big surprise—the target account was fake, and their money disappeared without a trace. Again, a scammer posing as a party in the transaction absconded with the cash.

Not willing to accept their loss, the victims sued their agent, mortgage broker, and title company for not adhering to security best practices, highlighting the liabilities agents and brokers can face if they fail to keep their clients safe during wire transfers.

Thousands of reported cases have essentially followed the same script, despite it having received extensive publicity. For example, the FBI has identified a four-step timeline that cybercriminals use in their email schemes:

• Step 1: Identify a target. Here, organized crime groups target firms and individuals using readily available online information, especially those authorized to execute electronic payments.
• Step 2: Groom the victim. The criminals then send out spear phishing emails or make phone calls to targeted people in order to soften them up for a fraud attempt.
• Step 3: Exchange information. After misleading the target into believing the person is a legitimate party in the transaction, the fraudster provides information about where to send the money.
• Step 4: Wire the money. The victim wires the money to a criminal account, typically located offshore, never to see the money again.

In the real estate industry, the scams work because not all parties adhere to effective security practices. All it takes is for one bad actor to get into one of the professionals’ or consumers’ email account (via phishing) and then monitoring emails until a theft opportunity becomes evident.

When criminals leverage their ability to use credible language and their skill at forging the email signatures of legitimate real-estate estate firms, it becomes hard for all but the most diligent consumers and professionals to ward off wire-transfer fraud.

Fortunately, the FBI is aggressively pursuing the crime rings responsible. It recently completed a six-month sweep that produced 74 arrests and disrupted $14 million in fraudulent, in-process, wire transfers. Still, it’s hard for the FBI to circumvent fraud when people fail to protect themselves. To that end, here are 20 things you and your customers can do to safeguard their cash:

1. Avoiding sending sensitive personal information over email. This applies to banking information, routing numbers, PINS, or any other financial information, especially that relating to wire transfers.
2. When you first begin working with clients, inform them about basic email security measures. And impress upon them that the security burden falls upon the transfer originator, not the bank or title company that is moving money at the consumer’s request. Consider including a warning about wire-transfer fraud in your email signature.
3. Don’t assume that an email from a party in a real estate transaction is legitimate. Call the title firm to confirm wire-transfer details and tell your clients to do the same. Also, don’t use phone numbers or links in an email when verifying instructions. And only use a personally verified phone number, ideally one you’ve called in the past.
4. Consider using cashier’s checks delivered in person for large transactions. Sometimes the old ways are the safest ways.
5. The FBI suggests having your IT security team create an intrusion detection system that flags emails that mimic actual company emails. For example, if a business email had the extension of @abc_company.com, the system would identify as fraudulent any message with @abc-company.com.
6. See whether the financial institution involved in a wire transfer offers insurance against wire transfer fraud. Depending on its cost, it may be a sensible way to protect large transactions.
7. Take a close look at all e-mail messages. View with suspicion any that has a reply address different from a “from” address.
8. Don’t assume that Internet links in an email are legitimate, even if they open a website that looks real. Many times, fraudsters will create phony sites that are almost indistinguishable from the real ones.
9. Never make a wire-transfer payment over an unsecured wifi network. This is a huge risk to be avoided.
10. Engage in hygienic email practices. This includes changing your complex passwords frequently and cleaning out old emails.
11. Make sure your office has current firewall and anti-virus software in place. And make sure to update your security software as prescribed by your software vendor.
12. Consider setting up a test wire transfer. For example, send a nominal amount of money to make sure that it goes through safely before sending the real payment.
13. Be suspicious of last-minute changes. If an email comes in requesting changes in the payment process, call your contact immediately to verify the change before wiring money.
14. Be careful when someone demands immediate payment. Urgency is always a big red flag when it comes to wire-transfer fraud.
15. Always follow-up wire transfers with a phone call. If a client insists on wiring money instead of providing a cashier’s check, have the person call the title company within a few hours to confirm it received the payment.
16. If a client discovers that his money never arrived after a wire transfer, advise the person to immediately have his bank issue a recall notice. Also, the person should report the crime to the nearest FBI office and to Internet Crime Complaint Center (IC3.gov). If the FBI report is made within the first 72 hours, it may be able to recover the money using its Financial Fraud Kill Chain system. However, this tool is not available for frauds valued at less than $50,000, that occurred domestically, that didn’t involve the SWIFT financial network, or that happened more than 72 hours ago.
17. Watch for any request in a transaction that doesn’t meet the “smell test.” If something appears unusual or weird, investigate further before proceeding with a transfer.
18. Once a fraud attempt occurs, warn everyone involved in the transaction. Inform clients or other parties to not respond to the counterfeit requests or to click on anything in the bogus email.
19. If you are a fraud target, stop using your email account. Make sure to change all usernames and passwords for any accounts linked to the fraud attempt before you start using them again.
20. If you’re involved in a wire-transfer scam, report the incident to your state or local REALTOR^® association. It will likely wish to alert your local colleagues, as well as update the National Association of Realtors^®.

In short, to protect your clients’ money—and your reputation—approach real estate wire transfers with extreme caution. Make sure every payment detail has been checked and re-checked to make sure cash doesn’t get wired to a criminal’s account. Equally important is educating your customers about safe money transfers, as well as your various business partners.

Sadly, with the advent of technology comes much greater risk for everyone involved in real estate sales. Unfortunately, if something bad can happen, it often will. And when it does, you may become the target of legal action that can cost you a lot of money and tarnish your reputation. Don’t let it happen to you!

Related Posts

Safety How to Stay Protected Against Increasing Numbers of Real Estate Scams

sparkaffinity | February 10, 2020

Safety Getting the Most Out of Open Enrollment

sparkaffinity | October 22, 2019

Safety Top Ten Ways to Risk Proof Your Real Estate Open Houses

Harry Lew | May 1, 2019