Wire Fraud Scam Getting Worse: New Twist

Here is a recent situation which unfortunately impacted one of our clients and worth sharing in the hope that increased awareness will limit the chance of this happening again. This situation is a twist on the traditional wire fraud scam and shows how far the bad guys are willing to go to steal from your clients.

The title company involved on a transaction was breached by bad guys who found out the specifics of a closing coming up at our insured’s real estate agency.  Instead of the bad guys sending a fraudulent email posing as the title agency they called the agent of the buyer to communicate the updated wiring information for the funds needed to close.  The realtor took the telephone call thinking it was the title company and relayed the information to the buyer who in turned wired the closing funds to a fraudulent bank account.  Luckily a majority of the funds were recovered but not after considerable effort and expense. What makes this more concerning than most wire fraud situations is that neither the E&O policy or the Cyber Liability policy were willing to cover the lost funds.

What makes this different?

An important distinction here is that bad guys are learning that real estate agents are not trusting email as a communication tool for wiring instructions and are adapting by making telephone calls, falsely representing the title company. This is a disturbing new development. Please communicate this to your agents.

How did their liability policies respond?

  • Cyber liability policies are triggered when the insured has a situation where a breach is suspected. In this situation, the cyber policy triggered to provide forensic services to determine the origin of the breach which ended up being the title company. At that point, the policy stops covering any liability since the insured’s systems were not compromised. It is worth noting that even if the bad guys sent an email from the title company to the agent, instead of the telephone call, the cyber policy would not have provided cover for the same reason. No Breach No Cover.
  • The E&O policy has a specific exclusion for any liability resulting from wire transfers. These exclusions are becoming more common in E&O policies since carriers are not interested in the exposure related to wire transfer fraud.

What can you do to protect yourself?

  • Do not get involved in any communication of wire instructions to your client. This includes text messages, email and telephone calls.
  • Create a Fund Transfer Pledge with your clients.
  • If you receive communication regarding a closing, be sure to call the related party by dialing a number that is NOT part of the recent communication since it is likely that telephone number goes directly to the bad guys. Call another number you have on file.

Real Estate Cyberscams Continue: Average amount Stolen $130k

A study shows that Los Angeles area homebuyers are losing five million dollars a month to cybercriminals. In a scheme which started in 2013, and which shows no signs of slowing down, buyers are tricked into sending their down payments into the pockets of cyberthieves.

The thieves, after hacking into the email accounts of real estate agents, escrow offices, or title companies, are posing as legitimate parties and giving clients last minute money-wiring instructions, diverting the money into another account. By the time the crime is detected, sometimes just hours later, the money can be gone for good. The average loss to a homeowner is about $130,000.

The modern-day real estate transaction, with so many parties involved and so much money at stake, is a growing target. Many times, there is a rush by homebuyers, realtors, brokers, mortgage lenders, and escrow companies to close on a home sales contract quickly and efficiently. In many instances, the homebuyer has never met all the players involved. Instead, all the parties exchange information via text message or email, rather than by telephone or in face-to-face discussions.

This creates a great opportunity for a hacker to monitor the emails and text messages flowing between the buyer and the various players, and at the appropriate moment, usually hours before closing is to occur, insert themselves in the conversation, posing as the realtor or escrow company. It is then a simple matter to direct an unsuspecting homebuyer to wire-transfer the money to a different account. The homeowner, unaware of the switch, sends the money and, in most cases, never sees it again. Josie Huang “Cyberscams are bleeding millions from LA homebuyers” www.scpr.org (Jul. 07, 2017).

Shannyn, a financial blogger, was the victim of this type of fraud. She received legitimate closing information six business hours before her scheduled closing time. Minutes later, she received a follow-up email, purporting to be from the same title company, changing the account information. Suspicious, she called her real estate agents who were working the sale. One did not return her phone call, and the other dismissed her suspicions, suggesting such last minute changes were not unusual. Shannyn followed the bogus email instruction and sent her $50,000 down payment to the new account. Fortunately, after realizing she had been victimized, she was able to recover most of her losses after a few months of frantic phone calls, social media discussions, and with the FBI exerting pressure on the banks holding the money. This was a rare case in which the homeowner got the funds back.

In her matter, Shannyn called her real estate agent, who dismissed the change as routine. Based in part on that endorsement, Shannyn sent her money. It was later determined the real estate agents were aware of similar schemes, but neither one took the time to investigate the change or verify the authenticity of the email. In this case, it was the title company’s email account that had been compromised, but it could have just as easily been the email account of the real estate company.

Protecting your clients and yourself starts with cybersecurity basic that are too often ignored. Use strong passwords, regularly update computer systems, and install anti-virus software. If you supply the wire-transfer information to your client, do it in writing on paper and in person. Do not send the information via email or text. If your buyer is out of town and you must do this electronically, use a secure company portal such as DocuSign or SignNow.

Warn your client to be aware of last minute changes in financial accounts, amounts, or closing instructions. If your client calls you regarding last minute changes, take the time to investigate and confirm any changes and report your findings to your client.

When you investigate, use the phone, and do not confirm changes with a title company via email. If you use the phone to verify the information, look up the number yourself. Do not use the number listed on the email because that could be fake.

Hanover Insurance Group