Wire Fraud in Real Estate: The Complete Guide
According to information recently obtained from the FBI, from June 2016 through December 2018, roughly $90 billion in attempted wire fraud.
Wire fraud is an epidemic in the real estate industry.
According to information recently obtained from the FBI, from June 2016 through December 2018, roughly $90 billion in attempted wire fraud was reported through the FBI’s IC3 division.
Because of this, it is crucial that you are in the know about how these scams work, and—most importantly—what you can do to protect your business and your customers from this type of fraud.
This article will explain everything you need to know about wire fraud in the real estate industry. We’ll cover:
- 01Wire Fraud in Real Estate: How it Happens
- 02Who Does Wire Fraud Affect in Real Estate?
- 03Why Fraud Happens in Real Estate
- 04What Real Estate Scams Should I Look Out For?
- 05How To Prevent Wire Fraud
- 06How to Recover From Wire Fraud?
- 07Does Insurance Cover Wire Fraud?
Wire Fraud in Real Estate: The Complete GuideDownload PDF
Wire Fraud in Real Estate:
How it Happens
If you work in the real estate industry, it’s essential that you know how wire fraud occurs. While no two scams are the same, there are common patterns that cybercriminals follow when running wire fraud schemes. Here are the basic five steps that they use.
- 01Fraudsters find publicly available information of anyone involved in the transaction via social media, company websites, and online resources. This could target buyers, sellers, real estate agents, lenders, settlement providers, attorneys—you name it.
- 02They target those participants with phishing scams designed to gather email account details. Once the fraudster gains access to one email account, all other parties to the deal are exposed and may be individually targeted or spoofed by the fraudster.
- 03Armed with account access, fraudsters wait patiently and obtain intimate details about a transaction and the participants involved.
- 04Once the fraudster identifies that funds are to be transferred for a closing, the fraud begins. Using the compromised email address or a spoofed address, the scammer will send emails containing fake wiring instructions to the victim. This will typically be a buyer wiring cash to close to the title company. Or it could be the title company wiring funds to a broker, seller and/or current mortgage holder in connection with the disbursement process.
- 05Once the money lands in the fraudsters account, it is quickly wired to other bank accounts or withdrawn in cash, through an elaborate network of money mules that await instructions in real-time.
Who Does Wire Fraud Affect
in Real Estate?
While wire fraud directly affects the party sending funds to the fraudulent account, all other transaction participants stand to lose something if they failed to protect the person who was scammed. Here is a look at how some of the parties may be affected. For more detail on this, check out the full blog post here.
The person who will often lose the most in real estate wire fraud is the buyer. In general, they are easy targets as they can be unaware that they may be personally targeted by a cybercriminal during a real estate transaction.
When the buyer loses the money they were planning to purchase a house with, it’s also terrible news for the seller. If the buyer can’t get their money back quickly, the sale may fail and the seller will have to go through the whole selling process again.
Even worse, the seller may be exposed to liability if the sale of the property is tied to other contractual obligations, such as the purchase of a replacement property, that they can no longer fulfill due to the wire fraud loss.
The fastest growing wire fraud scam sweeping the country is mortgage payoff fraud.
This fraud involves a legitimate closing between a buyer and a seller, where the title company receives all the money from the buyer and the lender needed to close. In order to transfer the property free and clear to the new buyer, the title or escrow company must pay off any existing mortgages on the property that relate to the seller.
These are the largest sums of money that typically transfer in a real estate transaction. The fraud occurs when criminals—armed with stolen knowledge and having gained access to someone’s email account in a transaction—email or fax fraudulent payoff instructions. The purpose is to divert the payoff from the current mortgage holder to a fraudulent account that is controlled by the perpetrator.
Mortgage payoff fraud has a devastating impact on transactions because the buyer fully consummated their side of the transaction but the seller never received the payoff of their mortgage, or possibly their net proceeds after the sale.
Title and Escrow Companies
As title and Escrow companies themselves often wire money, they are vulnerable to wire fraud attempts. Once a buyer has transferred money for a closing, fraudsters will attempt to insert themselves into the stream of communication with the goal of diverting wires during the disbursement process.
This can lead unsuspecting and ill-prepared title and escrow companies to send money to a fraudulent account. In such cases, not only does the buyer lose their funds, but the title or escrow company may be held liable for the loss. This has forced many companies to close their doors because they cannot make up the shortfall in their escrow account caused by the fraudster.
Real Estate Agents and Brokers
In the event that wire fraud occurs, real estate agents stand to lose a whole lot more than their commission check.
Both their reputation and business are on the line, and if a lawsuit is filed after a loss occurs, they may be held responsible if their email account was compromised and that led to the loss.
Juries have found real estate agents and their brokers personally liable for such losses with judgments in the hundreds of thousands of dollars. This, coupled with a changing landscape from E&O insurance carriers that limit coverage for cyber fraud and wire transfer losses, may put the economic burden squarely on the shoulders of the individuals and companies representing consumers.
Cyber scammers now know that law firms receive and send funds through their escrow accounts for real estate transactions. Scams that divert incoming wires from buyers and redirect disbursement wires after closing are proving successful against attorneys. This is another fast growing profile of fraud.
Why Fraud Happens in
There are three main attributes that make real estate transactions a prime target for wire fraud:
Median price of homes sold exceeds $226,000
Multiple parties in every transaction
All the information needed to start a fraud can be found online
These unique attributes make it attractive and easy for fraudsters to compromise an individual in a transaction. It’s time to firm up processes and communications to lower the chances for successful frauds. Let’s take a look at why these attributes make fraud so appealing. For more details, check out the full blog post here.
Real Estate Transactions Are Huge
Suitcase filled with money
Fraudsters target real estate transactions because they are incredibly lucrative.
Those running scams only need to be successful once or twice to earn significant amounts of money.
Additionally, many real estate transactions take place every day. The real estate industry hit $33.3 trillion in 2018, a new record as prices continue to increase across all inventory segments. With millions of transactions taking place each year, a hacker—unsuccessful in one attempt—can simply move onto the next one.
There Are Multiple Parties Involved
In the US, on average there are eight parties involved in any real estate transaction who are communicating electronically and leaving a clear paper trail of every conversation. This is unlike any other industry.
Additionally, granular profiles on each transaction participant and their traits are easily found online. This includes those of trusted trade associations representing the real estate, settlement, and lending industries. Multiple parties means fraudsters can take advantage of the following:
Real estate transactions are driven by specific timeframes that are agreed upon by the parties in the buy-sell agreement.
Knowing that closings must take place by a certain date, fraudsters apply pressure at critical points in the transaction. This can lead to someone being tricked and defrauded out of funds.
It only takes one party in a transaction to make a mistake and everyone is exposed.
It could be the real estate agent that unknowingly allows a fraudster to obtain login and passwords for their email account and enables them to begin acting as if they were the account holder. Or the eager-to-please title agent who makes an exception to company policy in order to keep the real estate agent or lender satisfied. It may be that—in the days leading up to closing—the fraudster tells the buyer or seller that the deal may collapse if a specific action is not taken immediately.
The purchase of a home is typically the largest financial decision the average US consumer makes in their lifetime. It accounts for the biggest financial obligation and asset they will manage and own.
For that reason, most people go through the process just a few times in their life. On the other hand, fraudsters know precisely what they are doing. They know the parties involved, what documents are exchanged, and the timing of every transaction. By inserting themselves at the right time with convincing information, they are able to defraud their victims with a high degree of success.
There’s little an uninformed and ill-prepared buyer can do to protect themselves. After all, the hacker has vast amounts of experience and knows how to spot and exploit an inexperienced buyer. All they’ve got to do is trick them into making a tiny mistake, which isn’t a difficult task for a pro.
Insufficient Authentication Processes Between Parties
The large number of successful fraud attempts suggest that the process the real estate industry uses to authenticate wire transfers is flawed.
If real estate professionals verify details using email, it is easy for hackers—having taken over an email account—to insert false wiring instructions into a transaction.
Everything a Fraudster Needs Can Be Found Online
Most people in the real estate industry have no idea how easy it is for fraudsters to find sensitive information online. Sources fraudsters use include simple Google searches, social media profiles, and services like Spokeo that provide owner details on property.
Once they have this information, they can use it perform spear phishing scams and create spoofed websites and email accounts.
What Real Estate Scams
Should I Look Out For?
Wire fraud usually ends in the same way: a fraudster sends fake wiring details to someone involved in a real estate transaction for the purpose of diverting the wire funds transfer to a fraudulent account.
However, fraudsters use different methods to get to the stage where they can attempt to give the buyer false wiring instructions. In this section, we’ll look at some of the techniques most often used to start a fraud. For more details on how these scams work, check out the full blog post.
Phishing is when criminals send an email to a fraud target—or pool of targets—designed to get the recipient to enter account credentials or personal information about themselves.
When running a phishing scam, hackers send out an email that claims to be from a trusted organization; such as a bank, email provider, electronic document platform, or other reliable company.
The email will often look real. Attackers usually send the phishing email from a disguised email address and include the logos and taglines of the company they are spoofing.
The hacker also provides a convincing reason for needing the information. They will then specify the information required, before highlighting a negative consequence for not sending it.
How Scammers Steal Account Details
There are many techniques fraudsters use to steal details.
Most often, scammers claim to be from a trusted company. In the email, the hacker will explain that there is a problem with your account and direct you to a malicious link where you can solve the problem.
The link will appear to be for a website you trust—such as your email provider. However, the website will be a clone designed to steal your login details. The example below looks realistic, but take a look at the URL.
On these clone sites, hackers include a box that looks like a regular login form. When you enter your details, the website records them and sends them to the criminals.
Another technique scammers use is to convince the victim to download key-tracking malware onto their computer. This malware tracks what is typed on the computer, including any passwords and usernames entered. All the data is sent to the hackers who search the records for login credentials.
Spear phishing is a targeted attack on a specific individual.
The fraudsters send out an email from a cloned email account that’s nearly identical to that of a trusted party. They’ll likely use the same name, email, job title and signature of the trusted source. In real estate, fraudsters pose as the buyer, seller, title agent or realtor, to sneak into your inbox undetected.
What’s concerning is that spear phishing attacks are less likely to be flagged by an email provider’s spam filter than regular phishing attacks. This is because the emails aren’t sent out to a high number of people at the same time. They may also be sent using an email address that hasn’t been used for phishing before.
Whaling and Business Email Compromise
Whaling is a scam used to target or impersonate business owners and high-level executives for the purpose of diverting wire transfers to fraudulent accounts.
In the case of real estate fraud, hackers can use the access to a title company owner’s email account to run a business email compromise scam. In these scams, they use the compromised account to convince employees to wire money to bank accounts they control.
Like spear phishing attacks, emails used for whaling and business email compromise are highly personalized and will appear to come from a legitimate source. They generally use the same techniques to steal passwords, such as key-tracking malware and spoofed hyperlinks.
If you’re a key decision maker in your organization, be wary of personalized emails asking you to verify account details or transfer funds. If you’ve got any doubt, don’t act!
While most attacks come via email, vishing—voice phishing—is another method used during fraud attempts. Fraudsters know that most companies are requiring phone call verification before funds are wire transferred. This is known as “call back” procedures.
In these scams, hackers will call the victim or leave a voice message. The call or message will seem like it’s coming from a trusted party in the transaction such as the title company, attorney’s office or bank.
The fraudster will often lead with specific transaction details and state that the call is being made to protect the person on the other end from fraud. This builds instant credibility and disarms the victims. The scammer can then move on to the goal of the call—get the victim to trust the wiring instructions they are about to receive from the fraudster and act on them.
Access to email accounts, transaction information, and techniques such as vishing allows fraudsters to convincingly manipulate their target. This is called social engineering.
The social engineering techniques used in real estate are convincing. The use of cloned emails — the act of forging an email address to make it appear to have been sent from a legitimate email — and knowledge of the transaction give the fraudsters apparent authority over their targets.
Furthermore, the fraudsters are able to increase stress on the target—thereby reducing their ability to think clearly—by introducing an element of immediacy, as well as a serious repercussion for not following instructions.
An example of this would be an apparent email from a title company to a buyer asking for a wire, with the threat that the deal could fall apart if the transfer is not made immediately.
How To Prevent
Preventing wire fraud essentially comes down to three things:
- Educating transaction participants about the threat of fraud and what to watch out for;
- Preventing fraudsters from accessing email and other communication-based accounts to obtain critical information about a transaction; and
- Ensuring parties have accurate, uncompromised wiring information and contact details for the person or entity that will be receiving funds via wire transfer.
A commitment to education and the adoption of preventative measures will lower your risk profile and protect yourself and your customers from fraud.
Stop Fraudsters From Accessing Sensitive Information
An important step in wire fraud prevention is to stop fraudsters from gaining access to transaction-level information required to run a scam. Here are some strategies to consider.
Limit Publicly Available Information
Running a business requires that certain information be shared about your company. However, there are things you can do to protect some of the more sensitive data about your organization and employees.
Use Strong Spam Filters
Preventing phishing emails being seen is the best way to stop employees from falling for them. A strong email filter is one of the best ways to do this. Products like MimeCast and SpamBully provide solutions that block and filter phishing emails.
If criminals can’t get their emails in front of your employees, then it will be far harder for them to steal account details and, ultimately, hit someone in your organization with wire fraud.
Have Someone Try To Hack Your Employees
Spam filters aren’t always enough. This is why many forward-thinking businesses are hiring third-party companies to perform phishing testing on their employees.
They simply create a phishing email, send it to your staff, and then see who falls for it and what credentials are given. This provides a starting point for training and awareness and gives them the education needed to avoid making the same mistake in the future.
We recommend taking advantage of Google‘s phishing test. It provides a great set of emails meant to educate you and your employees on how to identify phishing versus legitimate emails.
Real-Time System Monitoring
Perimeter security helps keep your organization’s entire network threat-free. It utilizes features such as a firewall, web-content filtering, malware protection, and geolocation blocking to keep your network safe in real time.
By monitoring all web activity that enters and exits the network, perimeter security is able to identify unusual patterns or abnormal behavior on your network that could be a sign you are under attack and take action to stop it.
Secure Your Accounts with Strong Passwords and Two-Factor Authentication
Another step you can take is to secure accounts with two-factor authentication (2FA). Accounts that use 2FA require an extra piece of information on top of a username and password to log in.
This additional bit of information is something that only the account owner has access to and it usually has a physical element. For example, it could be a code, sent to an app on the user’s phone, virtual private networks that are tethered to each company device, or a physical key like Yubi Keys. It could even be an SMS message or an actual key.
Essentially, it means that even if a hacker knows an account’s username and password, they will be unable to log into the account without also having access to the third authentication detail.
One final thing you can do regarding 2FA is to educate your customers and referral partners about the benefits of turning it on.
If everyone involved has 2FA turned on, the chances of a hacker being able to access an account is drastically reduced.
Always Verify The Person You’re Doing Business With
Wire fraud is a symptom of the lack of proper identity verification at critical points in a transaction. The success rate of wire fraud scams is due to the exploitation of a trusted relationship between two parties. If identities are confirmed properly, that trust is never breached.
Some things you can do to help verify information include:
- Gather and share contact information early in the transaction cycle
- Have a process for sending and receiving wire transfers
- Educate customers and staff about what a scam looks like
- Authenticate wiring details and identity
You can find out detailed instructions and techniques you can use in our blog post.
How to Recover From
Wire fraud happens. When it does, you have to move quickly to mitigate the loss.
Understanding Why Recovering Funds is Difficult
Fraudsters move fast when they successfully convince a victim to wire money. When the stolen funds arrive in the fraudster’s bank account, they engage a network of money launderers who immediately withdraw funds in cash, wire the money to a number of different accounts and/or convert it to cryptocurrency.
The longer the trail between the original account—used to receive the transfer—and the money’s final destination, the harder it becomes for the victim to see their money again.
Because of this, it is essential that you act quickly when you realize you have become a fraud victim.
The Recovery Roadmap
The following tips will not guarantee you will get all your money back. However, it is a path that maximizes your chance of retrieving some money.
Contact your bank and initiate a “SWIFT recall“ on the wire transfer that left your account.
You first need to call your bank and let them know the transfer you made was fraudulent and that you are requesting a SWIFT recall to be initiated. You must have all the information about the wire funds transfer in front of you to properly initiate this request.
You also need to ask your bank to contact the fraud department of the receiving bank immediately so they can freeze the funds in the recipient account.
Alternatively, if the funds—or part of the funds—have already been moved, you’ll need to ask the bank to find out where the money was sent. Ask them to contact the third bank (or banks) to freeze the accounts that received the money.
Make a note of the banks and the accounts that received your money as you’ll need this information later.
File a complaint with the FBI’s Internet Crime Complaint Center (IC3)
The next step is to contact the FBI’s Internet Crime Complaint Center. You’ll need to provide information about the transaction, the scam itself, and the victim. It’s a good idea to add details like the contents of the phishing email, links you clicked, etc. Once you have filed a complaint, the service will give you an IC3 Complaint Number. Make a note of this as you’ll need it in step three.
It’s worth noting that filing a complaint with the FBI is necessary but does not guarantee a real-time recovery effort. It’s up to you to complete the remaining steps to increase your chances of recovery. Be aware that the FBI is flooded with complaints like yours each and every day so you need to stay vigilant and be your own advocate for recovery.
Contact your local FBI field office and provide the IC3 complaint number
Find your local FBI field office at this link. You’ll then need to contact them and report the details of the crime to the agent in charge of processing financial or cybercrimes. Following this, give them the IC3 Complaint Number and your personal contact information.
If you’re an enterprise, now’s the time to contact legal counsel to determine if an injunctive order is necessary. If so, send the order to the banks involved. This will ensure that all banks that received your money are no longer able to transfer funds from such accounts.
Contact all banks that may have also received your funds
If the fraudsters manage to transfer your money to another bank (or banks), you now must contact these banks. Ask to speak to their fraud department about requesting a SWIFT recall and a ‘fraud freeze’ on the recipient accounts.
You’ll have to provide information about the fraudulent transfers so the banks can identify the transfer and the account. Once the account is frozen, confirm with the bank how long the freeze will remain in place and that the SWIFT recall protocol has been initiated. Don’t be surprised if the bank refuses to give you the name of the account where your funds may have landed as privacy rules may restrict the dissemination of this information. Don’t give up, the goal is to confirm that they have identified where the funds are currently being held, that those funds are frozen within those accounts, and that the recall protocol has been initiated so that they may be returned.
Alternatively, if the money has already been moved on to a fourth bank account, you’ll need to follow the same steps as above. You can even request the first bank you visit to send SWIFT recall and ‘fraud freeze’ requests to all other banks in the chain.
Don’t only rely on them though. Repeat the steps until all the accounts that received your money are frozen and that the SWIFT recall protocol is in process.
Remember to write down the number you used to contact the bank, the time of the call, the name of the bank representative you spoke to, and their direct phone number and email address.
If you’re an enterprise or business, this is time to contact your insurance provider if you have errors and omissions coverage, professional liability coverage, or any form of cybersecurity or cyber loss coverage.
Contact local authorities and file a police report
Next, you need to contact the local authorities and file a police report. Give them all the information they may need. While you’re doing so, save the incident number or police report number, and exchange contact information with local authorities for future communication.
Contact your security team, IT department, or consultant and initiate “The Information Technology Kill Chain”
The final stage of the process is to get your IT/Security team involved. If they haven’t already acted out your incident response plan or if you don’t have one, here’s what you need to do.
First, contact your security team and request that they make an image of your system for forensic purposes. As tempting as it may be, try not to change anything on your system so the security team can see it exactly as it was when the attack occurred. You’ll also want to use a clean loaner system to conduct business using a different temporary email address.
Now it’s time to determine the source of the breach. Most wire fraud attacks result from Business Email Compromise (BEC). Which means a hacker has gained access to your email system, and it’s up to you to find out how.
In more serious cases, the attacker may have installed malware on your machine or network that compromised your email and other credentials. If so, you have to act quickly to identify and eliminate the threat before other sensitive data can be used against you.
If warranted, eForensics investigators can be dispatched from a variety of sources to investigate the incident.
Does Insurance Cover
Coverage for wire fraud exposure is mixed and continues to be a moving target at each policy renewal. The insurance industry is reacting to two things that may affect coverage; first, there has been an exponential increase in the events and losses, and, second, recent court decisions have interpreted cyber losses to be covered under broad policy language where it was not intended to be covered or priced into the premium.
As a result, the insurance industry has made adjustments to coverage types and amounts to mitigate losses in this area. These include, without limitation; excluding coverage, migrating specific risks to a new policy (or special endorsements) altogether, or placing a much lower limit on the specific cyber exposures. Many of these changes are in motion now, without a settled consensus as to where it will end up. Because of this, current policies may not carry the same coverage as those previously bound by insurance carriers – even those bound within the past twelve months.
Intro to Cyber Insurance
Cyber insurance protects businesses from internet-based risks and divides coverage into two types: first-party losses and reimbursements and third-party losses and claims payments.
A first-party loss is one which your business incurs. For instance, if your business stores data—such as payment records, bank information, birth dates, social security numbers, and state-issued identity documentation—on computers in the cloud, it is at risk of a data breach. If its data system is breached, then it may have various restoration losses, income losses, regulatory and notice costs, business reputation loss, and other expenses. All of these are incurred by your business and paid by your business – hence first-party.
The other type of loss is third-party claims made by another party against you. Often, this arises from a data breach that compromises someone. If a third party incurs damages due to a breach of data held on your computers, you may be held liable. Cyber insurance is there to protect you from this.
As with all types of insurance, what specific plans cover will differ depending on the terms and conditions the insurer is offering. Because of this, it is best to look at what you need and pick an insurance provider based on that.
Wire Fraud May Not be Covered
Wire fraud may, or may not, be covered in your cyber insurance policy. This is because the wire transfer is often made after a social engineering attack, not as a direct result of cybercrime or a direct breach to your computer network or attack on your personnel. The fraudster convinces the victim to voluntarily transfer money. Technically, the fraudster does not directly use your computer to steal the money. Often, the claim is made by a third-party such as a buyer who was tricked into wiring their earnest money deposit or “cash to close” to a fraudulent account. Given these claim features, the various policies may respond differently–which can lead to finger-pointing by the carriers if a claim is made and delay settlements.
The rapid responses by insurance underwriters in recent years shows that anything we say today will have changed in the next year. Today, it is worthwhile to check with your insurance agent and underwriter to confirm several things:
- 01Identify the policies that cover the type of wire fraud seen in real estate.
- 02Review whether the limit of coverage for that exposure is adequate.
- 03Review the claim triggers under which a loss will be covered by each policy.
- 04Coordinate the various policies so that it is clear what will happen if a claim arises.
Prevention is the Best Way to Ensure You Don’t Lose Out
Preventing an attack is the best way to ensure your business doesn’t lose money to wire fraud.
We have plenty of articles on our site about things you can do to protect your company and customers from falling victim to wire fraud.
Having a secure procedure in place when it comes to verifying wiring details can help stop those involved in real estate transactions wiring money to the wrong people.