Why Criminals Target Title Companies: An Interview with Investigative Journalist Geoff White

Geoff White didn’t plan to become a fraud expert. But he’s never shied away from a story, either. Which often turns you into an expert if you’re curious enough.

“I just can’t leave things alone,” White jokes.

After years as a journalist in TV newsrooms, his penchant for technology and persistence for truth helped him uncover digital patterns and stories no one else saw. So he decided to focus on the shadowy underbelly of technology and fraud.

For over two decades, he’s exposed some of the most intricate schemes in cybersecurity. From the isolated and mysterious cities of North Korea to the digital back alleys of crypto-gangsters and cartels, his investigative work has peeled back the layers of this darker part of humanity.

In a recent conversation, CertifID’s Tom Cronkright sat down with White to explore the evolving landscape of wire fraud and how real estate firms can stay one step ahead. Here is a portion of their discussion.

‍

Cronkright: Let’s start with your new book, Rinsed. Everyone I have sent this book to has come back and said I had absolutely no idea. Whatever I thought I knew, it’s a hundred times more insidious. It’s more coordinated. When we think about business email compromise in the concept of them diverting wire transfers after they’ve engineered a victim, how has that evolved over time?

White: Yeah, it's interesting. I mean, the phrase business email compromise, by the way, is a convenient phrase. It’s convenient because it covers quite a lot of territory. I read an interesting blog that said business email compromise is actually quite specific, as the name suggests. If a hacker compromises your business email system, they can then read all of your messages and then use that to defraud you. But there are other types of fraud we call business email compromise that don’t really involve compromising an email. If somebody phones up your accounts department, speaks to somebody, and tricks them into changing the invoice details—that has nothing to do with email. But for convenience it's still worth lumping all this together into business email compromise. 

What's at the heart of it is fraud—and fraud is as old as money. There's always been people who've tried to trick somebody out of the money, products, or goods they've got. So, if you think about that, it goes back a long way. The sort of “Nigerian Prince” email tactics we saw emerging in the 1990s were simply a twist on what was a hundred years old. 

What troubles me is that in the 1990s, I received those emails. Everybody probably remembers receiving those emails. We dismissed them as a stupid scam; they were badly worded. They just seemed like really weak emails — who would fall for this? But enough people fell for them that they laid the seed capital for what became known as the next generation of cybercriminals. They realized that instead of targeting individuals for a few hundred pounds or dollars, you could target organizations for thousands, hundreds of thousands, and eventually millions. So what happened? Those “Nigerian Prince” emails laid the foundation for what has now become this very well-developed sort of business email compromise.

‍

Cronkright: I still receive those emails to this day. I remember speaking to a senior Federal law enforcement Director who said that [the scammers] will never retire a scam that works, so it will continue to play. Speaking to this new “foundation” of crime, an article was written recently about forced cybercrime camps. And it’s heartbreaking because it’s a modern-day version of abduction and forced labor.

White:  Yeah, it’s a fascinating story. Because what we’re talking about here is a phenomenon that’s grown up where there are effectively scam compounds full of individuals whose job is to scam people. And a lot of this is this horrible term pig butchering, which is this fascinating but grim hybrid between romance fraud and cryptocurrency speculation and financial fraud manipulation. 

The initial approach will often be a romantic, ostensibly loving approach. But instead of doing traditional romance fraud where the scammers are then trying to get that victim to part with money, the second stage is a sort of well, ‘Hey, now that we're on such good terms, and we've established this loving relationship, I'll let you into why I'm so rich, and how you can make money, which I want for you.’ 

I mean, look at cybercriminals; they hack. I don't like it, but I get it. But the idea that you go up that close, that you're that up close in person with your victim, and you can understand them to the point where you can manipulate them, and somehow still not feel any empathy for that person… There's a switch in that person's brain that goes on to be able to do that. I don't know how that switch works. It's beyond me. But I have zero sympathy for those people.

Obviously, to make this work, you need operatives who can do the phoning, who can send the text messages, and do what they call love bombing. You know, seduce these victims, or get them into this sort of crypto or investment scams that the scammers want to do. 

And what's happened? The dynamics of it are quite interesting. [Workers] would hop on a bus or plane, arrive thinking they’ve got this job, and when they get there, their passport would be taken off them, and they'd be put in this compound and told, ‘This is what you now do. What you now do is you phone people up and text them and email them. This is your job.’ There was violence used to keep some of those people in place and keep them doing the job. Some people are kept there against their will. And it's coercion. It is modern slavery. And it's an interesting coalition between modern slavery and cybercrime and fraud.

‍

Cronkright: And you read the articles. They’re incentivized based on all these metrics that they’re tracked on—like how well they can manipulate and engineer the victim on the other side.

White: In their role as a romantic partner, the scammersThey will never have a bad day. They will never have a time when they’re not ready to listen to you. They are the best lover and companion you will ever have because that’s their job. 

But there's this moment when the scam becomes a crypto or investment. It’s usually about ‘We need money for a new phone,’ or ‘Wouldn’t it be wonderful to move houses? That would solve your problems. Well, I've got the solution to that. And I've been looking at this thing, and I've been making loads of money.’ And, of course, there are fake screenshots of bank accounts with loads of money in them. It's horrible.

‍

Cronkright: So what does this mean for title companies?‍

White: Well, in the same way that a romance forged will develop a relationship with a victim, it's precisely the same with a corporate victim. They are going to scope out the company. They will know exactly where you're based and where all your offices are based. They're going to know all of your employees. They’ll look through all of your LinkedIn profiles. They're trying to do the same thing to determine who’s the vulnerable one. Who is in your organization with access to the money and working at a junior level? They don’t want to go for the senior people because maybe they'll catch the scam. They want to go for that middle-ranking person.

And you contact them and develop a relationship with them. It's the same thing. You start working on them, and you don't go straight in and say, ‘Hey, can you transfer the money to this new account?’ You say, ‘Oh, you know you work in the accounts department. Can I speak to you about this particular thing? Oh, great! By the way, how are you today?’

All those tactics of relationship and getting to somebody, understanding them, and the long game they're playing—it's not just romance victims. They do this, but they will do this for your employees. And so it's worth having a handle on.

‍

Cronkright: Knowing that, how can title companies and businesses protect themselves?

White: Well, from speaking with you, Tom, the lightbulb went on for me in terms of how vulnerable the real estate industry is. You’re handling a lot of people's money. Your company might be small, but the money sloshing about within your organization is vast.

If I were a crook—and having looked at crooks and how they behave—there are two things I would need to do. 

Number one: contact. I’ve got to establish some line of contact. I can’t do this without contacting you. So that’s usually going to be by email, online message or by phone. It could be through your company’s official phone lines or your company’s official email addresses. But it could also be through LinkedIn, WhatsApp, or Facebook. You’ve got to think: if a malicious person wants to contact us, how will they do that? And how can we educate our staff about the types of contact that might get made? How do we police our email and phone systems so that scammers don't get through?

But scammers will also target people through their Facebook accounts and Whatsapp numbers. So, just screening your email to try and spot scammers is not going to stop them. They will reach employees via social media. That comes down to educating your staff. 

The second thing I'm going to have to do is try and trick your staff into making a mistake—into transferring money into a new sort of bank account. So again, how's that going to work out? What’s the process you've got in place for when payment details change? Again, CertifID feed into this, and how rigid those processes are. But again, there's public education and employee education—just thinking like a scammer.

It's quite uncomfortable territory because it forces you to go to work and see your workplace through a different lens. Ordinarily,You go to work, you sit down; you know your colleagues; you answer the phone; you answer some emails; you make a coffee. You've got almost to put on a different pair of spectacles and go in and try and think, ‘Right. I am going to take this place apart. How am I going to do that if I'm sitting here at my desk, and I've got a criminal who's trying to target me? How are they going to do that?’

‍

Cronkright: Really interesting and insightful. Geoff, thank you for the work.

White: Thanks, Tom.

‍

This discussion was originally held on September 11, 2024, as part of our To Catch a Fraudster webinar series. These selections have been edited for length and clarity.