In recent years, internet fraud is one of the top growing concerns in residential and commercial real estate transactions. Today’s modern thieves, also known as “hackers”, are constantly inventing new ways to defraud both real estate professionals and their clients out of their hard-earned money.
Unfortunately, the ease of cyber communications often brings substantial financial vulnerability. Scammers prey on our willingness to sacrifice our personal and financial security for the convenience and efficiency of unsecured email, unverified wire information, and cloud storage. However, the good news is the ongoing battle against these schemes can be won with additional awareness and a few preventative steps.
The first step in protection is for you to familiarize yourself with these scams and learn how to spot the red flags. As a law firm, we experience attempted cyber-theft daily in these main categories:
- Wire Fraud
- Compromised Email Communications
Fake Identity: The most prevalent scam I have faced is when a hacker falsely identifies himself as a party to a legitimate real estate transaction, such as a buyer, seller, realtor or even the closing attorney. In actuality, the hacker has obtained access to a party’s email account and requests the closing attorney change the way their funds be delivered. The hacker either requests a wire instead of a check or wants to revise the wiring instructions. This allows the criminal the opportunity to divert closing monies into their account instead of the intended recipient. If the breach is discovered after the wire has been sent, there is little that can be done, and the funds cannot be recovered.
Deceptive Interception: Another variation of this scenario is when a hacker intercepts wiring instructions being sent from one party to another. The swindle is simple really – the hacker replaces the attorney’s or client’s wiring instructions with their own, leaving the sender and recipient none the wiser. Again, the trap isn’t revealed until the wire is sent and the funds are never received. Alas, by then the thief is long gone.
Compromised Email Communications
Unsecured Duplication: As if the threat of wire fraud isn’t enough, these criminals have also found a way to harvest data and money without the use of wires. All that is needed is a copy of a signed check, and they can produce duplicates using the account information and signature from the original check. These counterfeit checks are usually cashed in different states under fake identities making it extremely difficult to recoup the loss or prosecute the offender. While the amounts stolen using checks is typically much less than wire scams, those duped have reported having multiple fraudulent checks written from their accounts prior to the fraud being noticed.
As a result of cyber-attacks, settlement agents, banks, realtors, insurance providers, and information technology teams are constantly training on ways to identify these scams and implement preventative steps. Anyone involved in a real estate transaction needs to take the necessary precautions to avoid wire and email theft just as you would lock doors and set your alarm before leaving home for an extended vacation.
Fortunately, most of these scams can be thwarted by being vigilant when communicating by email and adhering to the following recommendations:
- Obtain valid contact information from all parties at the beginning of the transaction and make sure the email addresses and phone numbers match exactly before you send anything! Savvy criminals will replace contact information with their own in an attempt to intercept verification attempts. They may use a very subtle change such as swapped letters, a zero in place of an “o,” or an easy-to-overlook misspelling such as jenny.jockel which can be hard to catch.
- Always communicate that wiring instructions will only come from the closing attorney, and you must call and verify those instructions with the closing attorney before wiring funds. IMPORTANT: Verify with the phone number you already have for the firm, never a number received in an email or on the wiring instructions.
- Wiring instructions and checks should always be sent through secure email, secure client portal, or hand delivered, never through an unsecured email. This is especially important for non-attorneys as hackers know a layperson may not have ready access to encrypted email technology. If you do not have the ability to encrypt the email and need to provide a copy of a check, hand-deliver it, or use a secure client portal.
- Wiring instructions will not abruptly change; if you receive an email that wiring instructions have changed, it is a red flag. Always call and verify with the recipient before sending funds.
- In the case of seller proceeds, the closing attorney will not accept a change to the seller’s wiring instructions through email or phone calls without extensive verification of the information.
Published by Jenny Joeckel on February 26, 2019.