Business Email Compromise (“BEC”) is a fraud scheme targeting industries that regularly wire funds. According to the FBI, BEC has been reported in all 50 states and in 150 countries. From June 2016 to May 2018, 19,338 victims have reported this crime in the United States, alone resulting in $1,629,975,562 in losses. The title issuance and settlement industry is combatting this fraud every day. When you buy or sell a home, you most likely are dealing with a title agency. Through BEC, fraudsters gain access to a transaction participant’s email account and impersonate either that participant, or any other participant in the transaction, in efforts to financially defraud. In a real estate transaction, the fraudsters target buyer’s funds, seller’s funds, lender’s funds, as well as broker’s commissions.
According to the FBI’s May 2017 Public Service Announcement, fraudsters gain information on participants by trolling realty-based websites, such as Zillow, Flipkey and Loopnet, in order to target and identify real estate agents, brokers and other real estate professionals that market within those sites. Once the target has been identified, the fraudsters begin social engineering or other computer intrusion techniques, such as malware and spear phishing, to gain access to the target’s email account. The fraudsters will also attempt to gain access to others whom the target corresponds with via email, such as the title agent, buyer, seller, lender, and/or other brokers in the industry. The fraudsters tend to target email accounts.
Once the fraudster has the participant’s information, they send spoofed emails in order to gain control of the communication. The fraudster starts communicating with the transaction participants in order to gain additional information needed to perpetuate the fraud. An example of a spoofed email address would be replacing one letter in the email address with another one (email@example.com becomes firstname.lastname@example.org, replacing the lower case “i” with a lower case “l” in “smith”). If the recipient of the spoofed email does not recognize the change in email address, the recipient will respond to the email and provide additional information to the fraudster about the transaction, such as buyer’s contact information or the actual date of closing.
The fraudsters may try to hijack funds at the beginning of a transaction, if the initial deposit is big enough, or they wait until just before closing and hijack the funds needed from the buyer to buy a home. For example, let’s assume a fraudster has successfully hacked buyer’s real estate agent’s email account. The fraudster monitors the email traffic and sees that the agent has sent an email to the buyer indicating the contract has been signed, and the buyer needs to send an escrow deposit to the title company. At that point, the fraudster sends an email to the buyer purporting to be the title company, directing the buyer to wire funds to an account. Unfortunately, the account is not the title company’s real account. Alternatively, the fraudster may wait to the actual closing date, and attempt to hijack the funds the buyer has to bring to the closing, which may be 20-100 percent of the purchase price.
The fraudster may help bolster its request by providing copies of documents provided in the transaction, such as the closing disclosure or closing statement, along with the wire instructions. The buyer then initiates the wire to a bank account that is controlled by the fraudster in some manner. The fraudster, either directly, or through its mule, immediately withdrawals the funds from the account once confirmation of receipt has been received. The funds are then sent through multiple transfers to multiple accounts, normally outside the United States. Once these transfers occur, the likelihood of recovery is minimal, if at all.
Buyers and Sellers can help protect themselves from these thieves by instituting a few safety measures.
Directly communicate with your title company. Visit your escrow officer in person to discuss how funds will be transferred.
Never react to emails that provide wire instructions. Call your title agency at a known, trusted number from a verified website or business card prior to wiring any funds.
If you receive an email indicating a change to the title agency’s bank account, that’s a red flag. Title agencies rarely change bank accounts. Contact your title agency immediately at a known, trusted number.
Study emails carefully. Look for discrepancies in email addresses, font variations and poor grammar. Do not use the “reply to” button on emails, instead, use the “forward” button and type the designated email address for the person you wish to communicate with. This will help you recognize a spoofed email address.
Immediately after wiring funds, call the title agency to confirm receipt. ♦
Vincent J. Cassidy is the president of Majesty Title Services, a division of LandCastle Title Group LLC, a title insurance and settlement company servicing the needs of national mortgage lenders and real estate professionals on the East Coast of the United States. Majesty has six offices in Tampa Bay.