Take Action to Prevent Wire Transfer Fraud
December 4, 2018
Over the past several years, wire transfer fraud has increased exponentially year over year. Unfortunately, the scams with which title companies and real estate agents are slowly growing familiar continue to morph and modify themselves, producing new and innovative ways to stay ahead of the curve.
Business Email Compromise (BEC) has been on the FBI’s radar since 2010 when it began receiving complaints regarding these scams. Over the last eight years, hackers have started to focus on real estate transactions as a simple way to defraud people of hundreds of thousands of dollars.
According to the FBI, fraudsters stole $5.3 billion through wire fraud schemes from October 2013 through December 2016. This is growing exponentially. In 2017, online crime resulted in losses of $1.4 billion.
Previously, scammers hacked into the email accounts of title companies and real estate agencies. From there, they would gather information about closing dates and times, property addresses, seller names, and sensitive personal information about customers. Then, they would email or call the title company pretending to be the property seller, and provide their own wire transfer instructions. The title company would then wire the closing funds out of their escrow accounts, straight into the hacker’s account, which may even have been opened in the property seller’s name. Often that money was then immediately withdrawn and transferred into a second account, never to be seen again.
Similarly, hackers have also been taking advantage of money mules and their mule accounts. Often, foreign-born hackers will enlist the help of an American who has access to an American bank account. Once the money has been wired to this American bank account, the mule then transfers the funds directly to the foreign bank account, where it’s difficult to trace.
When title companies, real estate agents, and the FBI started to catch on to these specific BEC crimes, the hackers evolved. They started to change their scams in small ways so that they were still tapping into the real estate market, but stealing the monies from a different side of the transaction.
Because title companies have started to take preventative measures, including in-depth education of employees, hackers have set their sights on the unassuming and innocent homebuyers. And although the buyer is typically sending less money than the title company is wiring, thanks to a mortgage, hackers have discovered that buyers are much less educated about the process than title companies, and much easier to scam. In addition, the title industry is largely educated on this issue, while the 5.5 million home buyers each year are not.
According to the BuyerDocs’ market surveys, 52.2 percent of 200 recent homebuyers are completely unaware of wire fraud in real estate. On top of that, 74 percent of those surveyed believed their title company or bank can recover funds that are wired to the wrong account.
Fraudsters are using social engineering to trick property buyers into wiring their money to the wrong accounts. By copying email signatures and using realistic-looking fake email addresses (think firstname.lastname@example.org instead of email@example.com), hackers are having an easy time of tricking naïve home buyers into wiring their money to the wrong account. And, again, the outward-bound money is immediately withdrawn or transferred to a second account, making it difficult to reverse the transaction. Remember, for the hacker, it doesn’t matter which account they hack (Realtor, title company, lender, etc.), it only matters that they get the information. So, a title company could have the most robust email security in the world, but if the Realtor is hacked, it doesn’t matter. The chain is only as a strong as the weakest link.
The weak link can come from many places. According to ValueWalk, about seven out of 10 people use the same passwords for their social media accounts as for their corporate email. If a hacker can get into your employee’s Facebook or Twitter account, it’s extremely likely the criminal can then log in and gain access to your email system. Along that same note, in 2015 more than 160,000 Facebook accounts were compromised each day. Over the last few years, 160 million LinkedIn accounts have been hacked, and 71 million Twitter accounts have been infiltrated, according to ValueWalk’s study.
In addition to vulnerabilities due to employee social media accounts, businesses haven’t been near vigilant enough when it comes to internet security enforcement. Despite most attacks against small to medium business being web-based, 59 percent of businesses polled have zero visibility or access into their employee password practices, according to a study by Ponemon Institute. To make matters worse, 65 percent of these businesses have a password policy—which they don’t bother to enforce—the study found.
Even though hackers are attacking unsuspecting homebuyers more frequently, all hope is not lost. There is still plenty of action the real estate world can take in order to protect this industry from escalating BEC and social engineering attacks. You may not be able to educate and train each homebuyer extensively, but you can be proactive and teach them to stay on the offensive. Continue to educate your employees—the more they know, the more knowledge they can pass on. Obtain the services of a company focused on protecting title companies and homebuyers from social engineering and email hackers.
Simple policies to follow:
- Implement a password policy and then back it up
- Use dual-factor authentication for password updates
- Use your email client’s audit logging features so you can track any data breaches which do occur
- Employ the services of a company which can monitor the dark web and alert you if your employees’ identities or credentials are stolen
- Use firewalls, anti-malware software, phishing detection and a secure internet gateway.
These easy-to-implement and relatively inexpensive steps will allow you to protect your company even when the ball is in the homebuyers’ court. By taking the initiative and arming yourself with the proper knowledge and business tools, the hackers’ ever-evolving schemes will become a thing of the past, while your brain and business can rest easy.
Abigail White is cofounder and vice president of business development of BuyerDocs, which provides a platform to securely send wire transfer instructions. She can be reached at firstname.lastname@example.org.
Contact ALTA at 202-296-3671 or email@example.com.