Real Estate Wire Fraud Has Devastating Effects

by SEORG on September 9, 2019

Like a wildfire, real estate wire fraud has devastating effects. Within minutes your assets can be lost. How would you feel if you lost everything in a literal wildfire, then were victimized afterwards by wire fraud? Colleen Kahle knows how this feels firsthand. On November 8, 2018, she had just minutes to evacuate as the Camp Fire swept through Paradise, California. Colleen made it out safely. But all that remained of her 2,000 square foot home and 50 years of memories were ashes.

Colleen decided to return to her hometown Ojai, California and stay with relatives. Understandably, life felt temporary for her. However, things were about to change. Imagine Colleen’s emotions when her insurance arrived. At last, she can look for a new place to call home. Her search leads her to a charming two-bedroom condo for sale in Ojai. Everything appeared to be falling in place for a smooth purchase. Life looked up again for Colleen! With a home of her own, she hoped to regain a feeling of permanency to her life.

With just a week away from her closing date, Colleen received an email from her ‘escrow agent.’ It was good news; the sellers wanted to close early. And if she wired the payment immediately, she’ll save money. As a result, Colleen made two wire transfers, totaling $408,000 on two consecutive days.

However, the day after the last wire transfer, she received a phone call from her bank, Wells Fargo. The bank believed she wired money to a fraudulent account. By the time Colleen arrived at Wells Fargo, her escrow company confirmed the bad news. She was horrified to learn the email she received was fraudulent. Again, Colleen has lost everything, first to fire and now to fraud.

What is Real Estate Wire Fraud?

Real estate wire fraud is a complex scheme that targets individuals making wire transfer payments during the home buying process. Typically, the homebuyer receives an email from attackers pretending to be real estate professionals and title agencies involved in the transaction. The fraudulent email contains wire transfer payment instructions usually regarding the down payment or closing costs. Unwittingly, the homebuyer sends the wire transfer payment to the criminal’s account.

Real estate wire fraud is on the rise. Notably, the FBI reports that since 2015, there has been an 1100% increase in the number of victims reporting and nearly a 2200% increase in money lost.

Why the Rise in Real Estate Wire Fraud?

There appears to be several factors contributing to the dramatic rise in real estate wire fraud. For instance, real estate transactions involve numerous people and entities, such as attorneys, real estate agents and brokers, mortgage lenders, title companies, buyers, and sellers. So, criminals have multiple targets vulnerable to compromise, the odds are in the criminal’s favor.
Another contributing factor is homebuyers who are not adequately educated on the risk of real estate wire fraud. According to a BuyerDoc’s market survey, approximately 52 percent of homebuyers have no knowledge of real estate wire fraud. And significantly, criminals know that purchasing a home puts a buyer on an emotional rollercoaster, with numerous ups and downs. These intensified emotions, make the homebuyer more vulnerable and give attackers an advantage.

What Makes Real Estate Wire Fraud So Convincing?

For Colleen, everything in the fraudulent email looked real. It used the correct names of the escrow officers, the correct purchase price, and the address of the condo. How do attackers get this type of information? They search out and compromise one or more email accounts belonging to the parties in the transaction. It’s a scam called Business Email Compromise or Email Account Compromise (BEC/EAC). In fact, the FBI reports that BEC/EAC bad actors are targeting the real estate sector.

To compromise email accounts, criminals search Multiple Listing Services, as well as Zillow and Trulia for pending home sales. Next they identify and profile the parties. Because social media platforms, like LinkedIn, or Facebook, and publicly available websites, contain troves of information, this is quite easy. However, they still need the login credentials for the email accounts. For this reason, they send the target a phishing email. Perhaps it’s a phony Office 365 password reset request, or a malware laden attachment designed to capture login credentials. When the bait in the email is taken, and the infected document is opened, or the requested credentials are entered, the criminals have what they need to compromise the email account. Now with access to the email account, the criminal monitors communication between the parties involved. Finally, the bad actor has the information needed to send an authentic-looking email to the homebuyer.

The Execution of the Attack and the Devastation

The execution of the attack typically occurs when the down payment or closing costs are scheduled to be paid. The criminal sends an email with wire transfer payment instructions to the homebuyer. They‘ll either use the email account they’ve compromised to send the communication, or they’ll copy the email signature and then use a fake email address such as [email protected] instead of [email protected]. Then, a similar and tragic storyline will unfold as it did for Colleen. The homebuyer will be devastated that thousands of dollars have been wired unknowingly to a bad actor.

In light of the increase surrounding real estate wire fraud, how can you as a homebuyer protect yourself? It’s also important to realize that professionals in the real estate sector have also been victimized. So how can real estate professionals better protect their clients?

Homebuyers — Protect Yourselves

Homebuyers, the first step towards protection is acknowledging that you are already a target for real estate wire fraud. It’s also important to realize that professionals in the real estate sector have also been victimized. So, if you or someone you know is buying a home, please research and educate yourselves on real estate wire fraud. This research to protect yourself and your family is even more important than researching which properties you’ll view.

In view of the abundant and severe risks, what should you do if you receive an email instructing you to make a wire transfer payment? Consult these important tips from The Coalition to Stop Real Estate Wire Fraud:

Call don’t email: Confirm your wiring instructions by phone using a known number before transferring funds. Don’t use phone numbers or links from an email.  
Be suspicious: It’s uncommon for title companies to change wiring instructions and payment info by email.  
Forward, don’t reply: When responding to an email, hit forward instead of reply and then start typing in the previously known email of the requestor. Criminals use email address that are very similar to the real one for a company. By typing in email addresses, you will make it easier to discover if a fraudster is after you.

Confirm everything: Ask your bank to confirm the name on the account before sending a wire.  
Verify immediately: Call the title company or real estate agent to validate that the funds were received. The sooner it is detected that money has been sent to a wrong account, the better chance you have of recovering the money.

Real Estate Professionals — Protect Your Clients

Real estate professionals, to protect your clients you must first educate your employees to the dangers of wire transfer fraud. Are your employees aware that criminals are targeting the real estate sector? Do your colleagues realize that attackers actively seek to compromise their email accounts via phishing attacks? Therefore, to protect your clients and your firm, it’s first vital to develop a continuous assessment and training process for all employees. Trained, aware employees who understand the threats posed by phishing attacks are less likely to click malicious links, open unknown attachments, and are more likely to report suspicious activity.

Second, to protect your clients, communicate with them and educate them on real estate wire fraud. As you know, home buying is an emotional process for your clients. They are coping with feelings like fear, anxiety, and sometimes with a sense of eagerness and urgency. Therefore, educating your clients may help them to avoid a devastating loss like Colleen’s. After losing everything in the Paradise Camp Fire, and then falling for a catastrophic scam, Colleen describes how she feels after the attack, “…it really makes my heart hurt that someone could be so evil, and I don’t know where we go from here.”

So, what steps can you take to protect your clients? The Coalition to Stop Real Estate Wire Fraud has the following tips:

Warn Early and Often: Make sure your clients know about the growing and looming threat of real estate wire transfer fraud.  
Educate: Remind your client that you will not send changes to wiring instructions or payment information.  
Call: Tell your client to call you to confirm all wiring instructions, and soon after they make any wire transfers.
Create: Within your company establish a rapid response plan for wire fraud incidents.

Tools to Educate

At Social-Engineer.org, our mission statement is “Security Through Education.” We are therefore, committed to providing reliable, up-to-date information about social engineering tactics used by malicious attackers. To this end, our website provides free, searchable information designed to address specific areas of social engineering.

Are you concerned about current social engineering attacks and want tips to stay safe? Then don’t miss our blog. It also reports on social engineering news involving relevant science, research, and studies. Would you like to learn more about the psychological, physical and historical aspects of social engineering, then please explore the Framework. Are you interested in how the physical, psychological or physiological principles of social engineering apply to everyday life? You’ll want to browse and subscribe to our free Newsletters delivered via email the first Monday of each month. Do you want the inside track on what experts in the fields of security and psychology are saying about social engineering? Then tune in for our monthly Podcast.

Whether you’re a homebuyer or a real estate or title company professional, the more you know about social engineering and malicious attacks, the better–equipped you are to protect yourself and your loved ones from the devastating effects of real estate wire fraud.

Sources:
https://www.actionnewsnow.com/content/news/Camp-Fire-survivor-loses-400K-to-wire-fraud-511017281.html
https://www.theatlantic.com/photo/2018/11/camp-fire-ravages-paradise-california/575461/
https://www.ic3.gov/media/2018/180712.aspx
https://www.buyerdocs.com/real-estate-hackers-pivot-target-from-title-company-employees-to-homebuyers/
https://stopwirefraud.org/protect-your-money/
https://vimeo.com/335958367
https://www.social-engineer.org/framework/attack-vectors/phishing-attacks-2/
https://www.social-engineer.com/phishing-service/
https://stopwirefraud.org/protect-your-money/
https://www.social-engineer.org/category/general-blog/
https://www.social-engineer.org/framework/general-discussion/
https://www.social-engineer.org/category/newsletter/
https://www.social-engineer.org/category/podcast/