Follow by Email

Wednesday, October 5, 2016

Wire fraud reaches new depths.

The crooks of this world are nothing if not resourceful and clever about finding ways to steal from innocent victims. Wire fraud in reals estate transactions are a recent but growing and serious problem.

The way this form of fraud works is that the bad guys hack into the email accounts of either the Buyers’ Realtor involved or the Buyers’ title company. Changes to closing policies over the last few years have dictated that all funds to be used in a real estate transaction about a threshold of $25,000 must be wired in at closing. That usually means that the Buyers’ bank or Mortgage Company sends an electronic wire from itself to the title company, effectively transferring the funds into the title company’s account.

In order to facilitate these transfers,  the Buyer arranges with his bank for the transfer by sending them the “wiring instructions” from the title company. Those instructions provide the bank routing numbers and account numbers of the title company accounts into which the funds are to be wired. In some cases the Sellers may also provide wiring instructions for the transfer of proceeds funds into their banks. Even the companies holding the mortgage on the property use wiring instructions to instruct were the mortgage payoff is to be deposited. All of those instructions are usually sent to the other parties involved in the transaction using email.

It is the use of email that the fraudsters have seized upon as an opportunity to game the system. They hack into the email accounts of the parties involved, usually the Buyers or the real estate agent, but is could also be the title company or even the banks. They basically hijack the email account and use it to send fake emails that change the wiring instructions. The emails look like they are coming from a trusted party and are passed on to the bank. The fake emails re-route the wire transfer into an account owned by the fraudsters. They immediately clean out the account and are gone with the money. Things can also get nasty as the defrauded parties try to figure out who’s on the hook for what in the loss.

We are now advising clients about this issue and warning them about the techniques that the bad guys are using. We will shortly be having buyers sign a release document that specifies that they understand this crime and what they need to do to prevent falling victim to it. the advice being given includes:

  • ·         Realtors should never be involved in forwarding wiring instructions or closing packages with wire instructions in them to anyone. Consumers should only get wire instructions directly from their title or mortgage company.  
  • ·         Buyers should never accept any email wire instructions (often included in closing packages) that are not encrypted from their title or mortgage company.
  • ·         Wiring instructions never change in mid-transaction.  Any email talking about a change should be considered fraudulent.
  • ·         Before authorizing any wire, buyers should use a 2-step verification that includes a voice-to-voice conversation with a known individual to confirm the information.
  • ·         If you are concerned about using a wire, ask the title company if they will accept a cashier’s check (typically brought in 2-3 days prior to closing to give time for the funds to clear). 
  • ·         Buyers should change their passwords to their email accounts often and use strong passwords that cannot be easily guessed by the bad guys.

It certainly seems that the very technologies that are supposed to make life easier in this case also make it much more fraught with danger.  This is yet another example of a form of identity theft (your email identity in this case) that can cause great harm

If you are about to enter into a real estate transaction; take the warnings and instructions outlined above to heart.  As the use of technology become more ubiquitous, unfortunately we must also become more and more cynical about cautious about it and concerned and careful about not letting the bad guys assume our electronic/technology identities, even for a moment.  Be safe out there!