Clear To Close
The Complete Guide to Understanding and Preventing Real Estate Wire Fraud
Free Guide: Learn how to improve security and lower your risk.Download eBook
Wire fraud is an epidemic in nearly every U.S. industry.
According to information recently obtained from the FBI, from June 2016 through December 2018, roughly $90 billion in attempted wire fraud was reported through the FBI’s IC3 division.
Because of this, it is crucial that companies are aware of how these scams work, and—most importantly—what you can do to protect your business and your customers from these types of fraud.
While wire fraud affects nearly every business, this article will focus on its impact on the real estate sector. We’ll cover:
Clear To CloseDownload PDF
How Real Estate Wire
If you work in the real estate industry, it’s essential that you know how wire fraud occurs. While no two real estate scams are the same, cybercriminals tend to follow a typical playbook that includes the following steps:
- 01Fraudsters find publicly available information of anyone involved in the transaction via social media, company websites, and online resources. This could target buyers, sellers, real estate agents, lenders, settlement providers, attorneys, or any other party to a transaction.
- 02Known transaction participants are targeted with phishing scams designed to gather email account details. Once the fraudster gains access to one email account, all other parties to the deal are exposed and may be individually targeted or spoofed by the fraudster.
- 03Armed with account access, fraudsters wait patiently and obtain intimate details about a transaction and the participants involved; particularly when someone is expected to transfer funds electronically.
- 04The fraud begins once the fraudster identifies that funds are to be electronically transferred for a closing (e.g. via Wire or ACH). Using a compromised or spoofed email address, the scammer will send emails containing fake wiring instructions to the victim. This is typically a buyer wiring cash to close to the title company. Or it could be the title company wiring funds to a broker, seller and/or current mortgage holder in connection with the disbursement process.
- 05Once the money lands in the fraudsters account, it is quickly wired to other bank accounts or withdrawn in cash, through an elaborate network of money mules that await instructions in real-time.
Parties Affected By Real
Estate Wire Fraud
While wire fraud directly affects the party sending funds to the fraudulent account, all other transaction participants stand to lose too. Here is a look at how some of the parties may be affected. For more detail on this, check out the full blog post here.
Buyers continue to be the most vulnerable to real estate wire fraud as they are largely unaware that they may be personally targeted by cybercriminals. The purchase of a home is typically the largest financial decision the average U.S. consumer makes in their lifetime. For that reason, most people go through the process just a few times in their life. Inexperience with the process makes them susceptible to being tricked.
Baby boomers make up a significant portion of sellers. Their lack of sophistication with technology leads to mistakes that could provide fraudsters access to critical transaction details.
If a transaction is compromised, sellers are directly affected when closing funds are diverted to a cybercriminal. If a transaction participant is unable to recover stolen funds quickly, the sale may fail and the seller will have to go through the whole selling process again.
Title and Escrow Companies
As title and Escrow companies themselves often wire money, they are vulnerable to wire fraud attempts. Once a buyer has transferred money for a closing, fraudsters will attempt to insert themselves into the stream of communication with the goal of diverting wires during the disbursement process.
This can lead unsuspecting and ill-prepared title and escrow companies to send money to a fraudulent account. In such cases, not only does the buyer lose their funds, but the title or escrow company may be held liable for the loss. This has forced many companies to close their doors because they cannot make up the shortfall in their escrow account caused by the fraudster.
Real Estate Agents and Brokers
In the event that wire fraud occurs, real estate agents stand to lose a whole lot more than their commission check.
Both their reputation and business are on the line, and if a lawsuit is filed after a loss occurs, they may be held responsible if their email account was compromised and that led to the loss.
Juries have found real estate agents and their brokers personally liable for such losses with judgments in the hundreds of thousands of dollars. This, coupled with a changing landscape from E&O insurance carriers that limit coverage for cyber fraud and wire transfer losses, may put the economic burden squarely on the shoulders of the individuals and companies representing consumers.
Cyber scammers know that law firms receive and send funds through their escrow accounts for real estate transactions. Scams that divert incoming wires from buyers and redirect disbursement wires after closing are proving successful against law firms and the individual attorneys representing clients in a real estate transaction.
Why Real Estate Wire
There are three main attributes that make real estate transactions a prime target for wire fraud:
Median home listing price is ~$280,000
Average of eight parties in every transaction
All the information to start a fraud can be found online
These unique attributes make it attractive and easy for fraudsters to compromise an individual in a transaction. It’s time to firm up processes and communications to lower the chances for successful frauds. Let’s take a look at why these attributes make fraud so appealing. For more details, check out the full blog post here.
Large Wire Transfers Happening Frequently
Fraudsters target real estate transactions because they are incredibly lucrative.
Those running scams only need to be successful once or twice to earn significant amounts of money.
Additionally, many real estate transactions take place every day. The real estate industry hit $33.3 trillion in 2018, a new record as prices continue to increase across all inventory segments. With millions of transactions taking place each year, a hacker—unsuccessful in one attempt—can simply move onto the next one.
Multiple Parties Communicating Electronically
There is an average of eight parties involved in any U.S.-based real estate transaction. While their obligations may differ based on whether they are representing the seller or buyer in a transaction, there is one commonality among them all – they exchange communications and sensitive transaction information electronically.
Many times these parties have never met in person and rely solely on the information exchanged over phone calls and emails. Making matters worse, real estate transactions are driven by specific timeframes that are agreed upon by the parties in the buy-sell agreement. Newly introduced parties, short time frames, and the stress of trying to close a home make everyone involved more susceptible to getting tricked or making a mistake.
Real estate transactions are driven by specific timeframes that are agreed upon by the parties in the buy-sell agreement.
Knowing that closings must take place by a certain date, fraudsters apply pressure at critical points in the transaction. This can lead to someone being tricked and defrauded out of funds.
It only takes one party in a transaction to make a mistake and everyone is exposed.
It could be the real estate agent that unknowingly allows a fraudster to obtain login and passwords for their email account and enables them to begin acting as if they were the account holder. Or the eager-to-please title agent who makes an exception to company policy in order to keep the real estate agent or lender satisfied. It may be that—in the days leading up to closing—the fraudster tells the buyer or seller that the deal may collapse if a specific action is not taken immediately.
The purchase of a home is typically the largest financial decision the average US consumer makes in their lifetime. It accounts for the biggest financial obligation and asset they will manage and own.
For that reason, most people go through the process just a few times in their life. On the other hand, fraudsters know precisely what they are doing. They know the parties involved, what documents are exchanged, and the timing of every transaction. By inserting themselves at the right time with convincing information, they are able to defraud their victims with a high degree of success.
There’s little an uninformed and ill-prepared buyer can do to protect themselves. After all, the hacker has vast amounts of experience and knows how to spot and exploit an inexperienced buyer. All they’ve got to do is trick them into making a tiny mistake, which isn’t a difficult task for a pro.
Insufficient Authentication Processes Between Parties
The large number of successful fraud attempts suggest that the process the real estate industry uses to authenticate wire transfers is flawed.
If real estate professionals verify details using email, it is easy for hackers—having taken over an email account—to insert false wiring instructions into a transaction.
Everything a Fraudster Needs Can Be Found Online
Most people in the real estate industry have no idea how easy it is for fraudsters to find sensitive information online. Sources fraudsters use include simple Google searches, social media profiles, MLS listings, and services like Spokeo that provide personal details about an owner of a property. In addition, they are able to identify the title or escrow company used to close the transaction by profiling the prior sales of a real estate agent. Using public notaries, fraudsters review the recorded deeds to determine whether the same notary public closer was used and identify where the transaction is likely to close.
Once they have this information, they can use it perform spear phishing scams and create spoofed websites and email accounts.
Fraud Strategies To
Look Out For
Wire fraud usually ends in the same way: a fraudster sends fake wiring details to someone involved in a real estate transaction for the purpose of diverting the wire funds transfer to a fraudulent account.
However, fraudsters use different methods to get to the stage where they can attempt to give the buyer false wiring instructions. In this section, we’ll look at some of the techniques most often used to start a fraud. For more details on how these scams work, check out the full blog post.
Phishing is when criminals send an email to a fraud target—or pool of targets—designed to get the recipient to enter account credentials or personal information about themselves.
When running a phishing scam, hackers send out an email that claims to be from a trusted organization; such as a bank, email provider, electronic document platform, or other reliable company.
The email will often look real. Attackers usually send the phishing email from a disguised email address and include the logos and taglines of the company they are spoofing.
The hacker also provides a convincing reason for needing the information. They will then specify the information required, before highlighting a negative consequence for not sending it.
How Scammers Steal Account Details
There are many techniques fraudsters use to steal details.
Most often, scammers claim to be from a trusted company. In the email, the hacker will explain that there is a problem with your account and direct you to a malicious link where you can solve the problem.
The link will appear to be for a website you trust—such as your email provider. However, the website will be a clone designed to steal your login details. The example below looks realistic, but take a look at the URL.
On these clone sites, hackers include a box that looks like a regular login form. When you enter your details, the website records them and sends them to the criminals.
Another technique scammers use is to convince the victim to download key-tracking malware onto their computer. This malware tracks what is typed on the computer, including any passwords and usernames entered. All the data is sent to the hackers who search the records for login credentials.
Spear phishing is a targeted attack on a specific individual.
The fraudsters send out an email from a cloned email account that’s nearly identical to that of a trusted party. They’ll likely use the same name, email, job title and signature of the trusted source. In real estate, fraudsters pose as the buyer, seller, title agent or realtor, to sneak into your inbox undetected.
What’s concerning is that spear phishing attacks are less likely to be flagged by an email provider’s spam filter than regular phishing attacks. This is because the emails aren’t sent out to a high number of people at the same time. They may also be sent using an email address that hasn’t been used for phishing before.
Whaling and Business Email Compromise
Whaling is a scam used to target or impersonate business owners and high-level executives for the purpose of diverting wire transfers to fraudulent accounts.
In the case of real estate fraud, hackers can use the access to a title company owner’s email account to run a business email compromise scam. In these scams, they use the compromised account to convince employees to wire money to bank accounts they control.
Like spear phishing attacks, emails used for whaling and business email compromise are highly personalized and will appear to come from a legitimate source. They generally use the same techniques to steal passwords, such as key-tracking malware and spoofed hyperlinks.
If you’re a key decision maker in your organization, be wary of personalized emails asking you to verify account details or transfer funds. If you’ve got any doubt, don’t act!
While most attacks come via email, vishing—voice phishing—is another method used during fraud attempts. Fraudsters know that most companies are requiring phone call verification before funds are wire transferred. This is known as “call back” procedures.
In these scams, hackers will call the victim or leave a voice message. The call or message will seem like it’s coming from a trusted party in the transaction such as the title company, attorney’s office or bank.
The fraudster will often lead with specific transaction details and state that the call is being made to protect the person on the other end from fraud. This builds instant credibility and disarms the victims. The scammer can then move on to the goal of the call—get the victim to trust the wiring instructions they are about to receive from the fraudster and act on them.
Access to email accounts, transaction information, and techniques such as vishing allows fraudsters to convincingly manipulate their target. This is called social engineering.
The social engineering techniques used in real estate are convincing. The use of cloned emails — the act of forging an email address to make it appear to have been sent from a legitimate email — and knowledge of the transaction give the fraudsters apparent authority over their targets.
Furthermore, the fraudsters are able to increase stress on the target—thereby reducing their ability to think clearly—by introducing an element of immediacy, as well as a serious repercussion for not following instructions.
An example of this would be an apparent email from a title company to a buyer asking for a wire, with the threat that the deal could fall apart if the transfer is not made immediately.
How To Prevent
Preventing wire fraud essentially comes down to three things:
- Educating transaction participants about the threat of fraud and what to watch out for;
- Preventing fraudsters from accessing email and other communication-based accounts to obtain critical information about a transaction; and
- Ensuring parties have accurate, uncompromised wiring information and contact details for the person or entity that will be receiving funds via wire transfer.
A commitment to education and the adoption of preventative measures will lower your risk profile and protect yourself and your customers from fraud.
Stop Fraudsters From Accessing Sensitive Information
An important step in wire fraud prevention is to stop fraudsters from gaining access to transaction-level information required to run a scam. Here are some strategies to consider.
Limit Publicly Available Information
Running a business requires that certain information be shared about your company. However, there are things you can do to protect some of the more sensitive data about your organization and employees.
Use Strong Spam Filters
Preventing phishing emails being seen is the best way to stop employees from falling for them. A strong email filter is one of the best ways to do this. Products like Mimecast and Spam Bully provide solutions that block and filter phishing emails.
If criminals can’t get their emails in front of your employees, then it will be far harder for them to steal account details and, ultimately, hit someone in your organization with wire fraud.
Phish Your Employees
Spam filters aren’t always enough. This is why many forward-thinking businesses are hiring third-party companies to perform phishing testing on their employees.
They simply create a phishing email, send it to your staff, and then see who falls for it and what credentials are given. This provides a starting point for training and awareness and gives them the education needed to avoid making the same mistake in the future.
We recommend taking advantage of Google‘s phishing test. It provides a great set of emails meant to educate you and your employees on how to identify phishing versus legitimate emails.
Real-Time System Monitoring
Perimeter security helps keep your organization’s entire network threat-free. It utilizes features such as a firewall, web-content filtering, malware protection, and geolocation blocking to keep your network safe in real time.
By monitoring all web activity that enters and exits the network, perimeter security is able to identify unusual patterns or abnormal behavior on your network that could be a sign you are under attack and take action to stop it.
Secure Your Accounts with Strong Passwords and Two-Factor Authentication
Another step you can take is to secure accounts with two-factor authentication (2FA). Accounts that use 2FA require an extra piece of information on top of a username and password to log in.
This additional bit of information is something that only the account owner has access to and it usually has a physical element. For example, it could be a code, sent to an app on the user’s phone, virtual private networks that are tethered to each company device, or a physical key like Yubi Keys. It could even be an SMS message or an actual key.
Essentially, it means that even if a hacker knows an account’s username and password, they will be unable to log into the account without also having access to the third authentication detail.
One final thing you can do regarding 2FA is to educate your customers and referral partners about the benefits of turning it on.
If everyone involved has 2FA turned on, the chances of a hacker being able to access an account are drastically reduced.
Always Verify The Person You’re Doing Business With
Wire fraud is a symptom of the lack of proper identity verification at critical points in a transaction. The success rate of wire fraud scams is due to the exploitation of a trusted relationship between two parties. If identities are confirmed properly, that trust is never breached.
Some things you can do to help verify information include:
- Gather and share contact information early in the transaction cycle
- Have a process for sending and receiving wire transfers
- Educate customers and staff about what a scam looks like
- Authenticate wiring details and identity
You can find out detailed instructions and techniques you can use in our blog post.
How to Recover From
Wire fraud happens. When it does, you have to move quickly to mitigate the loss.
Understanding Why Recovering Funds is Difficult
Fraudsters move fast when they successfully convince a victim to wire money. When the stolen funds arrive in the fraudster’s bank account, they engage a network of money launderers who immediately withdraw funds in cash, wire the money to a number of different accounts and/or convert it to cryptocurrency.
The longer the trail between the original account—used to receive the transfer—and the money’s final destination, the harder it becomes for the victim to see their money again.
Because of this, it is essential that you act quickly when you realize you have become a fraud victim.
The Recovery Roadmap
The following tips will not guarantee you will get all your money back. However, it is a path that maximizes your chance of retrieving some money.
Contact your bank and initiate a “SWIFT recall“ on the wire transfer that left your account.
You first need to call your bank and let them know the transfer you made was fraudulent and that you are requesting a SWIFT recall to be initiated. You must have all the information about the wire funds transfer in front of you to properly initiate this request.
You also need to ask your bank to contact the fraud department of the receiving bank immediately so they can freeze the funds in the recipient account.
Alternatively, if the funds—or part of the funds—have already been moved, you’ll need to ask the bank to find out where the money was sent. Ask them to contact the third bank (or banks) to freeze the accounts that received the money.
Make a note of the banks and the accounts that received your money as you’ll need this information later.
File a complaint with the FBI’s Internet Crime Complaint Center (IC3)
The next step is to contact the FBI’s Internet Crime Complaint Center. You’ll need to provide information about the transaction, the scam itself, and the victim. It’s a good idea to add details like the contents of the phishing email, links you clicked, etc. Once you have filed a complaint, the service will give you an IC3 Complaint Number. Make a note of this as you’ll need it in step three.
It’s worth noting that filing a complaint with the FBI is necessary but does not guarantee a real-time recovery effort. It’s up to you to complete the remaining steps to increase your chances of recovery. Be aware that the FBI is flooded with complaints like yours each and every day so you need to stay vigilant and be your own advocate for recovery.
Contact your local FBI field office and provide the IC3 complaint number
Find your local FBI field office at this link. You’ll then need to contact them and report the details of the crime to the agent in charge of processing financial or cybercrimes. Following this, give them the IC3 Complaint Number and your personal contact information.
If you’re an enterprise, now’s the time to contact legal counsel to determine if an injunctive order is necessary. If so, send the order to the banks involved. This will ensure that all banks that received your money are no longer able to transfer funds from such accounts.
Contact all banks that may have also received your funds
If the fraudsters manage to transfer your money to another bank (or banks), you now must contact these banks. Ask to speak to their fraud department about requesting a SWIFT recall and a ‘fraud freeze’ on the recipient accounts.
You’ll have to provide information about the fraudulent transfers so the banks can identify the transfer and the account. Once the account is frozen, confirm with the bank how long the freeze will remain in place and that the SWIFT recall protocol has been initiated. Don’t be surprised if the bank refuses to give you the name of the account where your funds may have landed as privacy rules may restrict the dissemination of this information. Don’t give up, the goal is to confirm that they have identified where the funds are currently being held, that those funds are frozen within those accounts, and that the recall protocol has been initiated so that they may be returned.
Alternatively, if the money has already been moved on to a fourth bank account, you’ll need to follow the same steps as above. You can even request the first bank you visit to send SWIFT recall and ‘fraud freeze’ requests to all other banks in the chain.
Don’t only rely on them though. Repeat the steps until all the accounts that received your money are frozen and that the SWIFT recall protocol is in process.
Remember to write down the number you used to contact the bank, the time of the call, the name of the bank representative you spoke to, and their direct phone number and email address.
If you’re an enterprise or business, this is time to contact your insurance provider if you have errors and omissions coverage, professional liability coverage, or any form of cybersecurity or cyber loss coverage.
Contact local authorities and file a police report
Next, you need to contact the local authorities and file a police report. Give them all the information they may need. While you’re doing so, save the incident number or police report number, and exchange contact information with local authorities for future communication.
Contact your security team, IT department, or consultant and initiate “The Information Technology Kill Chain”
The final stage of the process is to get your IT/Security team involved. If they haven’t already acted out your incident response plan or if you don’t have one, here’s what you need to do.
First, contact your security team and request that they make an image of your system for forensic purposes. As tempting as it may be, try not to change anything on your system so the security team can see it exactly as it was when the attack occurred. You’ll also want to use a clean loaner system to conduct business using a different temporary email address.
Now it’s time to determine the source of the breach. Most wire fraud attacks result from Business Email Compromise (BEC). Which means a hacker has gained access to your email system, and it’s up to you to find out how.
In more serious cases, the attacker may have installed malware on your machine or network that compromised your email and other credentials. If so, you have to act quickly to identify and eliminate the threat before other sensitive data can be used against you.
If warranted, eForensics investigators can be dispatched from a variety of sources to investigate the incident.
Wire fraud may, or may not, be covered in your errors and omissions insurance and/or cyber insurance policy. This is because the wire transfer is often made after a social engineering attack, not as a direct result of cybercrime or a direct breach to your computer network or attack on your personnel.
The fraudster convinces the victim to transfer money voluntarily. Technically, the fraudster does not directly use your computer to steal the money. Often, the claim is made by a third-party such as a buyer who was tricked into wiring their earnest money deposit or “cash to close” to a fraudulent account. Given these claim profiles, the various policies may respond differently–which can lead to finger-pointing by the carriers if a claim is made and delay settlements.
Intro to Cyber Insurance
Cyber insurance protects businesses from internet-based risks and divides coverage into two types: first-party losses and reimbursements and third-party losses and claims payments.
A first-party loss is one which your business incurs. For instance, if your business stores data—such as payment records, bank information, birth dates, social security numbers, and state-issued identity documentation—on computers in the cloud, it is at risk of a data breach. If its data system is breached, then it may have various restoration losses, income losses, regulatory and notice costs, business reputation loss, and other expenses. All of these are incurred by your business and paid by your business – hence first-party.
The other type of loss is third-party claims made by another party against you. Often, this arises from a data breach that compromises someone. If a third party incurs damages due to a breach of data held on your computers, you may be held liable. Cyber insurance is there to protect you from this.
As with all types of insurance, what specific plans cover will differ depending on the terms and conditions the insurer is offering. Because of this, it is best to look at what you need and pick an insurance provider based on that.
Wire Fraud May Not be Covered
Wire fraud may, or may not, be covered in your cyber insurance policy. This is because the wire transfer is often made after a social engineering attack, not as a direct result of cybercrime or a direct breach to your computer network or attack on your personnel. The fraudster convinces the victim to voluntarily transfer money. Technically, the fraudster does not directly use your computer to steal the money. Often, the claim is made by a third-party such as a buyer who was tricked into wiring their earnest money deposit or “cash to close” to a fraudulent account. Given these claim features, the various policies may respond differently–which can lead to finger-pointing by the carriers if a claim is made and delay settlements.
The rapid responses by insurance underwriters in recent years show that anything we say today will have changed in the next year. Today, it is worthwhile to check with your insurance agent and underwriter to confirm several things:
- 01Identify the policies that cover the type of wire fraud seen in real estate.
- 02Review whether the limit of coverage for that exposure is adequate.
- 03Review the claim triggers under which a loss will be covered by each policy.
- 04Coordinate the various policies so that it is clear what will happen if a claim arises.
The promise of homeownership is the principal goal of many Americans, it’s part of the “American Dream”. These hopeful buyers approach what is likely the largest financial decision of their life and are dependent on the experts they hire in the title, legal, real estate, and lending industries to guide and protect them through the process.
We are the custodians; we’re the protectors and guardians of the transaction with the unique and lofty position of fighting on the front lines of wire fraud prevention.
Follow this guide and implement a layered approach to security across the hardware, software, people, and process that make up your organization. Those that embark on this journey, make the investment and are able to create a culture of compliance internally, will be positioned to benefit from lower instances of fraud attacks and will stand out as a leader in their communities. Fighting fraud is a journey, not a destination and we welcome you to come along with us as we strive to educate the community and create a shared culture of curiosity to stay alert and one step ahead of the threats.