While Cyber Criminals Continue To Target Real Estate Transactions, Take These Protective Measures

By Amie Niesen, Forbes Real Estate Council – July 11, 2018

John Dillinger, Jesse James, Bonnie and Clyde — these were some of the most notorious thieves in U.S. history. But for as much as these gangsters stole, they don’t hold a candle to the amount of money that can be lost due to acts of faceless online criminals.

Real estate transactions have become a target because they are lucrative. While the average bank robbery nets just about $6,500, a typical wire fraud nets a much higher payday. Traditional criminals are limited to how much money they can carry during a heist, but there’s no limit to the loot cyber crooks can snatch with the use of cyber mules.
A Growing Threat
Wire fraud in real estate is one of the fastest growing cybercrimes in the country. The FBI reportedly received 301,580 complaints in 2017 and losses exceeded $1.4 billion, and in the real estate/rental sector alone, more than 9,600 victims lost over $56 million in the same year.
The type of fraud with the highest reported loss last year was Business Email Compromise (BEC)/Email Account Compromise (EAC), with losses totaling more than $675 million. According to the American Land Title Association, of which I am a member: “In real estate transactions, fraudsters assume the identity of the title or real estate agent handling the sale. The criminals forge the person’s email and other details that appear specific and authentic. Next, posing as the real estate or title agent, the scammers send an email to the buyer, providing wire instructions to the criminal’s bank account, not the title agency’s legitimate account.”
On June 11, 2018, federal authorities announced a major coordinated law enforcement effort to disrupt international BEC schemes designed to intercept and hijack wire transfers. Called Operation WireWire, the six-month sweep culminated in 74 arrests (42 in the United States). The operation resulted in the disruption and recovery of approximately $14 million in fraudulent wire transfers. But this doesn’t mean the individual threat is over.
A good practice to avoid potential exploitation by scammers is to verify all email requests involving the wiring of funds or changes thereto by calling a verified phone number of the alleged sender. Phone numbers included in bogus emails may also be fraudulent. Legitimate changes to established wiring instructions are rare, and the receipt of a request for changes should be a red flag.
Difficult To Detect
Staying ahead of BEC scams is proving to be a serious and ongoing challenge for real estate and mortgage professionals nationwide. This is true despite significant investments by all sectors to prevent losses. While total prevention of BEC compromises seems a long shot at best, it is imperative for real estate and mortgage professionals to stay as abreast as possible of the ever-evolving schemes. The next step is to educate potential homebuyers on how these schemes work. A little caution can go a long way in preventing potentially catastrophic losses for unsuspecting consumers.
A scam involving wire fraud often begins with a fraudster finding its way into personal or business email accounts by way of phishing techniques. “Phishing” is when a hacker attempts to obtain personally sensitive information by way of phony emails, internet links or even phone calls, in order to commit acts of fraud. What may seem like a harmless click on a link could be all a hacker needs to breach a user’s computer system and email accounts.
Any party involved in a real estate transaction is a potential target for hackers, including the buyer, the seller, the real estate agent, the lender, the title company and the closing attorney. Once an email account has been compromised, hackers will quietly monitor messages and activity. They wait for the opportunity to enter the conversation, posing as an actual party to the transaction. Criminals will either use the victim’s actual email account or create a fake email account closely resembling it to send out fraudulent wire transfer instructions. Their goal is to divert the funds straight into their own hands. — and it often works.
Whether scammers try to hook their prey by phone call or email, they always seem very convincing. For example, what would happen if a loan processor received an urgent email asking to change funding details on the day of closing? The request appears to be from the title or settlement agent closing the loan. The email looks legitimate: The logo, the agent’s name and contact details, the loan number and the borrower name are all correct. Even a phone number is provided to confirm the last-minute change. However, the email is actually a scam. Even though every other detail looks correct, that phone number routes to the scammer.
What Businesses And Consumers Should Do
It is estimated that businesses worldwide will spend approximately $93 billion fighting cybercrime in 2018 with implementation and enhancement of internet security measures. What’s important to remember is that even with all the internet protections available today, humans are the primary targets and often the weakest link. The best defense is to be aware and prepared.
Businesses should update security practices frequently and train employees how to recognize and react to phishing attempts. Consumers need to be informed of the risks and aware of potential red flags, especially if they are involved in a real estate transaction. The American Land Title Association provides a helpful resource on how consumers can protect their money and offers advice on what to do if they have been targeted by a scam. Anyone who suspects they’ve been victimized by online fraudsters should report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Amy Niesen is the Senior VP and General Counsel for Land Title Company of Alabama, and has protected real property rights for over 25 years.