Red Flags to Protect Your Company Against Wire Fraud

July 25, 2017

Title and settlement companies can protect themselves by increasing staff awareness of these scams. According to the FBI, businesses that deploy robust internal prevention techniques at all levels (especially training front-line employees who may be targeted by initial phishing attempts), have proven highly successful in recognizing and deflecting email scam attempts. Some financial institutions reported holding their customer requests for international wire transfers for an additional period of time, to verify the legitimacy of those requests. Here are some red flags:

  • A customer’s seemingly legitimate emailed transaction instructions contain different language, timing, and amounts than previously verified and authentic transaction instructions.
  • Transaction instructions originate from an email account closely resembling a known customer’s email account; however, the email address has been slightly altered by adding, changing, or deleting one or more characters. For example:
    • Legitimate email address: john-doe@abc.com
    • Fraudulent email addresses: john_doe@abc.com or john-doe@bcd.com
  • Emailed transaction instructions direct payment to a known beneficiary; however, the beneficiary’s account information is different from what was previously used.
  • Emailed transaction instructions direct wire transfers to a foreign bank account that has been documented in customer complaints as the destination of fraudulent transactions. Emailed transaction instructions direct payment to a beneficiary with which the customer has no payment history or documented business relationship, and the payment is in an amount similar to or in excess of payments sent to beneficiaries whom the customer has historically paid.
  • Emailed transaction instructions include markings, assertions, or language designating the transaction request as “Urgent,” “Secret,” or “Confidential.” Emailed transaction instructions are delivered in a way that would give the financial institution limited time or opportunity to confirm the authenticity of the requested transaction.
  • Emailed transaction instructions originate from a customer’s employee who is a newly authorized person on the account or is an authorized person who has not previously sent wire transfer instructions.
  • A customer’s employee or representative emails a financial institution transaction instructions on behalf of the customer that are based exclusively on email communications originating from executives, attorneys or their designees. However, the customer’s employee or representative indicates he/she has been unable to verify the transactions with such executives, attorneys or designees.
  • A customer emails transaction requests for additional payments immediately following a successful payment to an account not previously used by the customer to pay its suppliers/vendors. Such behavior may be consistent with a criminal attempting to issue additional unauthorized payments upon learning that a fraudulent payment was successful.
  • A wire transfer is received for credit into an account, however, the wire transfer names a beneficiary that is not the account holder of record. This may reflect instances where a victim unwittingly sends wire transfers to a new account number, provided by a criminal impersonating a known supplier/vendor, while thinking the new account belongs to the known supplier/vendor. This red flag may be seen by financial institutions receiving wire transfers sent by another financial institution as the result of email-compromise fraud.

ALTA’s Title Insurance and Settlement Company Best Practices details policies and procedures title and settlement companies should follow to protect money and non-public personal information (NPI).

Gregory McDonald, chief executive officer of Cloudstar Corp., said educating all parties involved in the transaction is vital, and keeping wiring instructions on paper is the best solution.

“Title companies should talk to their customers after a deal comes in, and during the process, and let them know that nobody will email changes to wiring instructions,” McDonald said. “This is a human problem that cannot be resolved by technology. No fancy lock—no matter how high tech—will stop a thief that identifies themselves as a police officer when knocking on your front door.”

Companies should use fraudulent emails as a reminder to update security practices and as a staff training opportunity. Criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims, which makes constant awareness and education a necessity.

“Data security isn’t just a one-and-done checklist as threats are ever-evolving, so defenses need to be nimble,” said Jack Rattikin III, president and chief executive officer of Texas-based Rattikin Title Company. “My company has yet to lose any money due to wire fraud—knock on wood—but we receive these wire fraud attempts several times a month. Make sure your employees ask questions. There are no stupid questions when it involves money.”


Contact ALTA at 202-296-3671 or communications@alta.org.