If you missed or would like to watch/listen again here is the webinar recording with the presentation slides.
Here is a recent situation which unfortunately impacted one of our clients and worth sharing in the hope that increased awareness will limit the chance of this happening again. This situation is a twist on the traditional wire fraud scam and shows how far the bad guys are willing to go to steal from your clients.
The title company involved on a transaction was breached by bad guys who found out the specifics of a closing coming up at our insured’s real estate agency. Instead of the bad guys sending a fraudulent email posing as the title agency they called the agent of the buyer to communicate the updated wiring information for the funds needed to close. The realtor took the telephone call thinking it was the title company and relayed the information to the buyer who in turned wired the closing funds to a fraudulent bank account. Luckily a majority of the funds were recovered but not after considerable effort and expense. What makes this more concerning than most wire fraud situations is that neither the E&O policy or the Cyber Liability policy were willing to cover the lost funds.
What makes this different?
An important distinction here is that bad guys are learning that real estate agents are not trusting email as a communication tool for wiring instructions and are adapting by making telephone calls, falsely representing the title company. This is a disturbing new development. Please communicate this to your agents.
How did their liability policies respond?
- Cyber liability policies are triggered when the insured has a situation where a breach is suspected. In this situation, the cyber policy triggered to provide forensic services to determine the origin of the breach which ended up being the title company. At that point, the policy stops covering any liability since the insured’s systems were not compromised. It is worth noting that even if the bad guys sent an email from the title company to the agent, instead of the telephone call, the cyber policy would not have provided cover for the same reason. No Breach No Cover.
- The E&O policy has a specific exclusion for any liability resulting from wire transfers. These exclusions are becoming more common in E&O policies since carriers are not interested in the exposure related to wire transfer fraud.
What can you do to protect yourself?
- Do not get involved in any communication of wire instructions to your client. This includes text messages, email and telephone calls.
- Create a Fund Transfer Pledge with your clients.
- If you receive communication regarding a closing, be sure to call the related party by dialing a number that is NOT part of the recent communication since it is likely that telephone number goes directly to the bad guys. Call another number you have on file.
A study shows that Los Angeles area homebuyers are losing five million dollars a month to cybercriminals. In a scheme which started in 2013, and which shows no signs of slowing down, buyers are tricked into sending their down payments into the pockets of cyberthieves.
The thieves, after hacking into the email accounts of real estate agents, escrow offices, or title companies, are posing as legitimate parties and giving clients last minute money-wiring instructions, diverting the money into another account. By the time the crime is detected, sometimes just hours later, the money can be gone for good. The average loss to a homeowner is about $130,000.
The modern-day real estate transaction, with so many parties involved and so much money at stake, is a growing target. Many times, there is a rush by homebuyers, realtors, brokers, mortgage lenders, and escrow companies to close on a home sales contract quickly and efficiently. In many instances, the homebuyer has never met all the players involved. Instead, all the parties exchange information via text message or email, rather than by telephone or in face-to-face discussions.
This creates a great opportunity for a hacker to monitor the emails and text messages flowing between the buyer and the various players, and at the appropriate moment, usually hours before closing is to occur, insert themselves in the conversation, posing as the realtor or escrow company. It is then a simple matter to direct an unsuspecting homebuyer to wire-transfer the money to a different account. The homeowner, unaware of the switch, sends the money and, in most cases, never sees it again. Josie Huang “Cyberscams are bleeding millions from LA homebuyers” www.scpr.org (Jul. 07, 2017).
* Hanover Insurance Group