Why is there so much fraud in real estate transactions? The answer is simple—real estate transactions involve large sums of money that are easily diverted to fraudulent accounts. Despite a growing awareness of wire fraud in the real estate industry, fraud losses continue to grow at staggering rates year-over-year.
What makes real estate transactions such an easy target for wire fraud? We will explore the following three attributes further in this article:
- The median price of homes that have sold now exceeds $226,000.
- There are multiple parties in every transaction, and only ONE needs to be fooled.
- All the information a scammer needs to start a fraud can be found online.
These unique attributes make it attractive and easy for fraudsters to compromise an individual in a transaction – after that, everyone is exposed. It’s time to firm up processes and communications to lower the chances for successful frauds.
Real Estate Transactions Are Huge
Fraudsters target real estate transactions because they are incredibly lucrative. Those running scams only need to be successful once or twice to earn significant amounts of money.
Additionally, many real estate transactions take place every day. The real estate industry hit $33.3 trillion in 2018, a new record as prices continue to increase across all inventory segments. With millions of transactions taking place each year, a hacker–unsuccessful in one attempt–can simply move onto the next one.
There Are Multiple Parties Involved
In the US, on average there are eight parties involved in any real estate transaction who are communicating electronically and leaving a clear trail of every conversation. This is unlike any other industry.
Additionally, granular profiles on each transaction participant and their traits are easily found online. These profiles include those of trusted trade associations representing the real estate, settlement, and lending industries. Fraudsters have learned that if they compromise a single email account of someone in a transaction, all other transaction participants are exposed and a lucrative fraud opportunity ensues.
Time is of the Essence
Real estate transactions are driven by specific timeframes that are agreed upon by the parties in the buy-sell agreement.
Knowing that closings must take place by a certain date, fraudsters apply pressure at critical points in the transaction. This can lead to someone being tricked and defrauded out of funds. It only takes one party in a transaction to make a mistake and everyone is exposed.
It could be the real estate agent using an unsecured email account that is compromised by a fraudster after giving up account credentials in a well-crafted phishing attack. Or the eager-to-please title agent who makes an exception to company policy in order to keep the real estate agent or lender satisfied. It may be that—in the days leading up to closing—the fraudster tells the buyer or seller that the deal may collapse if a specific action is not taken immediately.
The purchase of a home is typically the largest financial decision the average US consumer makes in their lifetime. It accounts for the biggest financial obligation and asset they will manage and own.
For that reason, most people go through the process just a few times in their life. The minimum expected time in a house is over ten years – the longest period we’ve seen in recent history. This infrequency of transacting for the purchase or sale of a home means that consumers are largely uneducated every time they go through the process.
On the other hand, fraudsters are keeping pace with the real estate, mortgage, and settlement trends in real time and know precisely what they are doing. They know the parties involved, what documents are exchanged, the timing of every transaction, and the strategies companies are deploying to protect against fraud. By inserting themselves at the right time with convincing information, they are able to defraud their victims with a high degree of success.
This matchup leaves inexperienced, uninformed and ill-prepared buyers nearly defenseless against their tactics. After all, the hacker has vast amounts of experience and knows how to spot and exploit an inexperienced buyer. All they’ve got to do is trick them into making a tiny mistake, which isn’t a difficult task for a pro.
Often, they’ll make a small change to the wire transfer information at the last minute, and the buyer won’t even know until it’s too late. It’s that simple. Buyers aren’t trained to spot red flags, and unfortunately, they’re up against masters of fraud.
Insufficient Authentication Processes
The large number of successful fraud attempts suggest that the process the real estate industry uses to authenticate wire transfers is flawed.
If real estate professionals verify details using email, it is easy for hackers—having taken over an email account—to insert false wiring instructing into a transaction.
Verifying details over the phone is better, but there are still some ways scammers can beat the validation process by porting legitimate calls to phones controlled by the fraudster.
For example, they sometimes follow up the fake email with a phone call, posing as a representative of the title company or other agency involved in the transaction. Even if the buyer had suspicions that the initial fake email contained fraudulent instructions, the phone call may reassure them that the change in wire details is real. Not wanting to lose the opportunity to purchase the property, they will then follow the false instructions.
Scammers can use easily accessible caller ID spoofing apps to trick victims into thinking a call is coming from a specific organization, when in fact it is coming from a fraudster.
The need to gather and securely store information on transaction participants early in the transaction lifecycle cannot be ignored. Identity verification and education around the risks of wire funds transfers is key.
Everything a Fraudster Needs Can Be Found Online
Most people in the real estate industry have no idea how easy it is for fraudsters to find sensitive information online. Here’s an example of publicly available resources used to gather information needed to start a fraud.
Here’s how to gather personal information on a seller in fewer than ten minutes and for less than three dollars:
- To start, you simply identify a property for sale by typing in something like “Grand Rapids Michigan home for sale” in a search engine. This will give you a range of houses for sale you can choose from.
- Once you identify a listing that interests you, click on the listing and you’ll instantly be able to see the real estate agent’s name and the home address.
- Next, enter the property address into a website like Spokeo, where for less than a dollar you can obtain the name of the owner, their date of birth, known mobile numbers, and some additional information on the house.
- Take a step further, enter the same information into a website like Radaris and for two dollars you will get the owner’s full date of birth, all currently and previously used email addresses, a list of all previous addresses, and phone numbers associated with the owner(s) of the home.
Here’s how to gain a full profile of the real estate agent that is listing the property.
- First, put the listing agent’s name in a search engine and you will likely pull up a LinkedIn, Facebook or other online profile that provides additional information that is unique to that agent, including an email address.
- Enter the email address or URL associated with the company the agent works for into Hunter.io. The app will spit out every email address associated with that URL domain.
- The agent’s email address will likely be displayed in the search results. If not, don’t worry, simply return to the online property listing and send the agent a message. An auto-responder will usually send you their email and phone number.
Those are just some quick examples of how fraudsters can gather crucial information online without breaking any laws or raising any suspicion.
All they have to do is repeat the process for each party in the transaction. Within 30 minutes, they have everything they need to know about the buyer, seller, real estate agent, and title company.
There are several things they can do with this information:
- Attempt spear-phishing scams using publicly available email addresses to gain access to a person’s email account. Once the email is compromised, the fraudster will gain real-time access to details about upcoming sales, as well as send emails claiming to be from the person whose email is hacked. This is incredibly hard to detect, particularly on mobile devices from which most buyers and sellers communicate.
- Create spoofed websites and email accounts that appear to be related to the individual or company being impersonated. They often copy logos, website text, and email signature lines from the real companies and individuals to make their fake websites and emails more convincing.
- Use second-level email masking techniques that make an email appear to be coming from the trusted person’s account. The techniques work even when the email address is hovered over and the originating email address is displayed. This is very hard to detect on tablet and mobile devices.
Once an email is compromised or spoofed and the fraudsters find information about a transaction, they know roughly how much time they have to act. Real estate transactions take over forty days on average to close—a long window for the fraudsters to exploit information and defraud a party in the deal.
Exploiting Long Transaction Cycles
Cyber perpetrators know that real estate transactions follow a pattern and timeline leading up to closing. Sitting in someone’s email account, they learn the unique attributes of a transaction and the parties involved. This includes how they communicate, when they communicate, and what stage the transaction is in at any point in time. Armed with this information, they strike against the weakest link in the transaction chain and start their fraud.
The timeframe in a transaction that is most susceptible to wire fraud occurs between the date of the scheduled closing and the day that all disbursements have been made for the transaction. Known as the “Kill Zone,” this is where fraudsters strike.
Education and awareness started early in the transaction, is the best line of defense to avoid fraud in the Kill Zone. This goes beyond fraud warnings in a signature line—it requires targeted messages about the risks associated with sending funds via wire transfer and what to watch out for.
Buyers, for example, are largely unaware that they are personal targets of this type of crime so they must be given information and examples of what to watch out for. If not, they may be tricked into sending their life’s savings to a fraudster.
It’s Time to Send a Message to the Fraudsters – There is No Place for You in The Real Estate Industry
While the above points show why real estate is an easy target for fraudsters, there are steps you can take to make it significantly harder for a fraud to be successful.
Protecting your network and email accounts will make it difficult for scammers to access your accounts. Steps you can take include using up-to-date firewalls, email filtering software, network monitoring, employing role-based system access, and turning on multi-factor authentication.
Policies and procedures around identity verification and the sending and confirmation of bank account information will create consistency within the organization and prevent fraud.
Finally, ensuring that everyone in the transaction knows about the types of fraud could help them spot a scam if they are targeted. Use specific fraud attempts to show employees, referral partners, and even customers, the timing and sophistication of the scams used by these criminals.
In the next article in this series, we’ll take an in-depth look at some of the methods fraudsters use to start a fraud and how to spot them before it’s too late.