Impersonate, Engage, Divert, Repeat.
Wire fraud usually ends in the same way: a fraudster sends fake wiring details to someone involved in a real estate transaction for the purpose of diverting the wire funds transfer to a fraudulent account.
This is big business for international cyber fraud syndicates. They go to great lengths to impersonate a trusted party in a transaction so the victim will act on their instructions without question. If successful, the victim unknowingly wires funds to a fraudster thinking they are sending the money to the correct party.
However, fraudsters use different methods to get to the stage where they can attempt to give the buyer false wiring instructions. In this blog post, we’ll look at some of the techniques most often used to start a fraud.
Phishing is when criminals send an email to a fraud target– or pool of targets–designed to get the recipient to enter account credentials or personal information about themselves.
Information sought by the fraudster may include data such as bank details and credit card information. When it comes to real estate fraud, the hackers are usually after email credentials such as usernames and passwords.
When running a phishing scam, hackers send out an email that claims to be from a trusted organization; such as a bank, email provider, electronic document platform, or other reliable company.
The email will often look real. Attackers usually send the phishing email from a disguised email address and include the logos and taglines of the company they are spoofing.
The hacker also provides a convincing reason for needing the information. They will then specify the information required, before highlighting a negative consequence for not sending it.
Email phishing, in general, involves fraudsters sending out a fake email template to as many users as possible in the hope that at least one person will fall for the scam.
However, in real estate wire fraud, hackers often use more targeted types of phishing after obtaining transaction details and identifying specific people to target. This targeted approach is known as “spear phishing”. We will explore some types of phishing scam below.
First, let’s look at how scammers use phishing and spear phishing techniques to steal account credentials and personal information.
How Scammers Steal Account Details
There are many techniques fraudsters use to steal details.
Most often, scammers claim to be from a trusted company. In the email, the hacker will explain that there is a problem with your account and direct you to a malicious link where you can solve the problem.
The link will appear to be for a website you trust—such as your email provider. However, the website will be a clone designed to steal your login details. The example below looks realistic, but take a look at the URL.
On these clone sites, hackers include a box that looks like a regular login form. When you enter your details, the website records them and sends them to the criminals.
Sometimes, once you enter your login information, the fake site explains that you have done so incorrectly. It then redirects you to the real website where you can log in without issue. This increases the chances that the victim won’t realize they have had their details stolen.
Another technique scammers use is to convince the victim to download key-tracking malware onto their computer. This malware tracks what is typed on the computer, including any passwords and usernames entered. All the data is sent to the hackers who search the records for login credentials.
Image Courtesy: BT.com
While phishing sees scammers send out a general email to a large number of addresses, spear phishing is a targeted attack on a specific individual.
The fraudsters send out an email from a cloned email account that’s nearly identical to that of a trusted party. They’ll likely use the same name, email, job title and signature of the trusted source. In real estate, fraudsters pose as the buyer, seller, title agent or realtor, to sneak into your inbox undetected.
Once there, the fraudster will attempt to fool their unsuspecting victim into providing confidential information and passwords through fake websites or log-in portals. They may even ask for financial details. In real estate specifically, it’s common for them to send over “updated” wiring information and pressure you to send money right away.
Image Courtesy: TechTarget
What’s concerning is that spear phishing attacks are less likely to be flagged by an email provider’s spam filter than regular phishing attacks. This is because the emails aren’t sent out to a high number of people at the same time. They may also be sent using an email address that hasn’t been used for phishing before.
So be wary of any emails that are from unrecognized addresses or that urge you to take action immediately, be it wiring funds, clicking a link, or disclosing confidential personal or work-related information. Slowing down and confirming authenticity first may pay big dividends in the long run.
Whaling and Business Email Compromise
“Whaling” is a scam used to target or impersonate business owners and high-level executives for the purpose of influencing someone of lesser authority within an organization to send wire or ACH transfers to fraudulent accounts. For example, the fraudster impersonates the CEO in a message to the company’s controller to pay a large invoice or transfer a significant sum of money which ends up going to the cyber criminal’s account.
If hackers compromise the accounts of business owners and executives, they will often gain access to a vast amount of sensitive data about the organization.
They use this sensitive information to craft convincing messages that lead someone to act without question.
Image Courtesy CSOonline.com
In the case of real estate fraud, hackers often use the access to a title company owner’s email account to run a business email compromise scam. In these scams, they use the compromised account to convince employees to wire money to bank accounts they control.
Like spear phishing attacks, emails used for whaling and business email compromise are highly personalized and will appear to come from a legitimate source. They generally use the same techniques to steal passwords, such as key-tracking malware and spoofed hyperlinks.
There are many techniques hackers can use to spoof hyperlinks. Most of them are very simple to use. Here are some common tactics:
- Use a cloned domain name that looks like it belongs to the company being spoofed. For example, a scammer could use the URL www.[emailprovider]secure.com. While this may look like a legitimate web address used by the email provider, it would actually be a site controlled by the scammers.
- Change the text that is displayed to a different link. When linking in an email, there is nothing stopping a hacker from changing a link’s text. For example, the following link mail.google.com actually links to the CertifID homepage.
- It’s even possible for spammers to mask the email address used to send the email. Using the right software and an SMTP server, scammers can make it appear that emails they send are from any email address they choose. If these emails get through your spam filter, they can be incredibly difficult to spot and may require you to check the IP address to see where the email originated. This information will be in the email’s header.
If you’re a key decision maker in your organization, be wary of personalized emails asking you to verify account details or transfer funds. If you’ve got any doubt, don’t act!
While most attacks come via email, vishing—voice phishing—is another method used during fraud attempts. Vishing is one of the fastest growing fraud strategies in the US. Fraudsters know that most companies are requiring phone call verification before funds are wire transferred. This is known as “call back” procedures.
In these scams, hackers will call the victim or leave a voice message. The call or message will seem like it’s coming from a trusted party in the transaction such as the title company, attorney’s office or bank.
The fraudster will often lead with specific transaction details and state that the call is being made to protect the person on the other end from fraud. This builds instant credibility and disarms the victims. The scammer can then move on to the goal of the call—get the victim to trust the wiring instructions they are about to receive from the fraudster and act on them.
Vishing scams have become more convincing as fraudsters leverage technology platforms that allow them to spoof phone numbers. These display the caller ID to the call recipient as the name and number of a trusted party in a transaction, such as a title company or attorney’s office.
As most calls are received on mobile devices, this is nearly impossible to detect when the call is coming in.
As many business phone numbers are available on company websites, it isn’t difficult for a hacker to find one of these numbers. Alternatively, they can even find personal phone numbers by hacking into email accounts or using paid identity services.
Access to email accounts, transaction information, and techniques such as vishing allows fraudsters to convincingly manipulate their target. This is called “social engineering.”
The social engineering techniques used in real estate are some of the most convincing of any other industry in the United States. The use of cloned emails and knowledge of the transaction give the fraudsters a leg up when they send you convincing emails to their targets.
Additionally, the fraudsters are able to apply pressure on the target—thereby reducing their ability to think clearly—by introducing an element of immediacy, as well as a serious repercussion for not following the fraudster’s instructions.
An example of this would be an apparent email from a title company to a buyer asking for a wire that is coupled with the threat that the deal could fall apart if the transfer is not made immediately.
Knowing How Fraudsters Work is the First Step to Stopping Them
Arguably, the best way to protect yourself from fraud is to be aware of the techniques that hackers use to run their scams and educate your employees, referral partners and customers on what to watch out for.
The fraud strategies listed above account for a vast majority of successful wire frauds over the past three years. While cybercriminals continue to hone their craft, transaction participants need to do more to protect themselves or fraud losses will continue to climb.
Our next article will explore how you can protect your company and your customers from wire fraud.