WHAT STEPS ARE YOU TAKING TO PREVENT WIRE FRAUD IN CLOSINGS? DOES YOUR COMPANY MEASURE UP TO INDUSTRY RECOMMENDATIONS? READ BELOW AND DECIDE FOR YOURSELF.
Wire fraud thieves are targeting Frederick County closings. If your company has avoided being scammed, this is not the time to rest easy. Security breaches from cyber attacks are on the rise, especially at the end of a month when realtors and title companies are the busiest. Cyber hackers are getting better at phishing for passwords, monitoring real estate transactions, assuming the identity of a buyer, seller, realtor or settlement attorney, and misdirecting the wiring of funds. How does a cyber thief commit wire fraud? How might your company be susceptible to it? What can be done as prevention measures? Keep reading for the answers below!
How the Cyber Thief Works
The cyber thief has many techniques. One includes sending you fraudulent e-mails. Because they look legitimate, you believe the e-mails are safe to open. You open them, click on a link or two, and maybe enter personal information when prompted, not knowing that you just provided the hacker access to your e-mail account. Then, the hacker logs into your e-mail, without your knowledge, and monitors it for home buying or selling, targeting buyers, sellers, real estate agents, and title company attorneys and personnel.
Also, the hacker routinely monitors MLS and other public sources for the information. Once a sale in process is discovered, the thief waits for incoming or outgoing wiring instructions, intercepts the e-mail, and using either your e-mail account or a very similar fake e-mail account, changes the wiring instructions to direct funds to their own account. When the fake wiring instructions are sent, the thief directs that the wire transfer is “urgent” to get the Title Company (or in other cases, the Buyer) to act quickly and without examining the e-mail and instructions carefully.
Wire Fraud Is Close to Home
Our company has run into several wire fraud attempts that we intercepted. We encountered the following situation: A Seller’s e-mail account was hacked by someone who had been following the details of the sale of his home for some time. On the day of settlement, the Seller was given a check representing his proceeds from the closing. Not long after that, the settlement attorney received an e-mail from the “Seller” in broken English indicating that his bank had put a hold on the check and refused to deposit it, and asked if we could instead wire him the funds, and provided instructions. The settlement attorney called the Seller to discuss the e-mail only to find that the Seller had already deposited the check. The attempted scam was reported to our local F.B.I. office who tracked the wiring instructions to a New Jersey bank account that was set up to wire funds to the hackers in Nigeria. Our procedure was to never accept wire instructions via e-mail, and by having this process in place, we were able to avoid being scammed.
In another case, a Buyer was planning to wire his earnest money deposit for a sales contract to our company to hold. His agent picked up a paper copy of our wiring instructions, scanned them to his e-mail address, and forwarded the instructions to the Buyer. In the process, the e-mail was intercepted by hackers who changed the wiring instructions, on company letterhead that was very similar to ours, but the instructions included a different account. Upon the Buyer receiving this e-mail, and noticing that the name on the account was not our company (For example, “ABC Company”), he called our office for clarification, to which we were able to prevent the transfer and report the attempted fraud.
Another local report of attempted wire fraud: Cyber thieves operating out of Nigeria hacked into a Frederick County Realtor’s e-mail account, intercepted wiring instructions for Seller proceeds in the amount of Three Hundred Thousand Dollars ($300,000.00), and changed the recipient bank account to their own. At the closing, the Realtor noticed that the instructions directed the transfer of funds to an unknown bank account rather than the Seller’s relative as the Sellers had intended. Fortunately, the Realtor showed the error to the Seller who corrected the instructions for the title company in the nick of time.
All cases though do not have a happy ending. In Montgomery County, Maryland, cyber hackers successfully intercepted and changed a Buyer’s wiring instructions, causing the Buyer to wire approximately One Hundred Fifty Thousand Dollars ($150,000.00) to the thief’s bank account. The Buyer never recovered the stolen funds.
Require Handwritten and Notary Acknowledged Wiring Instructions Instead of Instructions Provided Electronically.
This is the best protection against wire fraud. E-mail is not a secure way to send financial information. Our company refuses to wire any funds unless the party asking for the wire handwrites the instructions on our form and signs it in front of a Notary Public, including out-of-state sellers.
2. Educate Clients and Realtors on Wire Fraud and Company Policy for Wiring Funds.
Parties to a closing should not unnecessarily place themselves at risk for wire fraud, especially based on assumptions about your company policy. Even if your company has a handwritten wiring instructions policy in place, what happens if a party gets an e-mail that appears to be from your company instructing them to do otherwise, all of which can happen without the title company or agents knowing about it? Inform clients and realtors early on how monies will be transferred and that they will not be asked to do anything via e-mail (if that is your policy). Alert them to the possibility of accounts being monitored and hacked and advise that they report to you any suspicious e-mail and call to confirm any e-mail with money wiring instructions.
3. In the Disclaimer Below E-mail Signatures, Include a Wire Fraud Advisory that States the Company Policy on Sending Wiring Instructions.
If Your Company Sends and Accepts Wiring Instructions Via E-mail:
a. Keep your operating system, browser, and security software up to date.
b. Change passwords frequently.
c. Open e-mail attachments only when you are certain of who sent them to avoid computer viruses.
d. Once wiring instructions are received (from a Seller, for example), double check the Seller’s e-mail address for any slight variations that might indicate it is fraudulent.
d. Examine the bank account name on wiring instructions for anything suspicious.
f. Call the Seller, the real estate agent, and the receiving bank to the wire to verify the instructions, especially in the case where instructions are sent by someone supposedly on behalf of a party.
5. Report Cyber Scams to the FBI Internet Crime Complaint Center (www.ic3.gov) and Phishing E-mails to the Anti Phishing Working Group (www.antiphishing.org).
Once money is sent to a cyber thief, the chances of getting it back are slim. In addition, the failure to be vigilant could harm a company’s good reputation if it facilitated the transaction, not to mention costs of liability to the victim. Wire fraud and attempted wire fraud happens more often than one may think and can be accomplished with very little giveaway to the parties to the transaction until it is too late. Therefore, it is crucial for all parties—the buyer, seller, agents, and settlement attorneys to keep a suspicious eye when it comes to electronic wiring instructions. The most foolproof way to avoid a cyber attack is to not send financial information electronically, and instead, require handwritten, notary acknowledged instructions, as we do, creating substantially less risk to all parties. Our general rule is that we assume that all e-mail communications regarding wires are fraudulent and then we work our way back through verbal, handwritten, and in person confirmations to verify that the instructions are indeed accurate.
On the other hand, if exchanging financial information over the Internet is preferred, (which we believe is a bad idea), informing all parties of the company policy regarding wires and the increase in wire fraud is the key to avoid being a victim. Likewise, verbal and in person confirmations are essential. It is not enough to simply include a disclaimer as part of an e-mail signature, though it is helpful. There needs to be an understanding between the parties early in the process to be suspicious of all e-mails related to wire, funding, deposits or payments related to a transaction. The ease in which a hacker can monitor e-mails secretly and mimic the identify of another warrants spending a few extra minutes to carefully review wiring instructions to confirm and be confident that due diligence is satisfied before hitting “Send.”
– Brianne Paugh
Readers with questions about this or any real estate legal matter can reach Brianne at 301-698-9300.
*Brianne Paugh is an Attorney with Village Settlements, Inc. and The Law Offices of Parker, Hollman, Simon, Hahn & DeLisi, LLC, in Frederick, Maryland.