Wire Fraud and Phishing Scams Persist - Broker Risk Management

BROKER RISK MANAGEMENT

WEEKLY PRACTICE TIP

Wire Fraud and Phishing Scams Persist

BOTTOM LINE: BECAUSE WIRE FRAUD IS INCREASING YOU SHOULD PROVIDE ALL CLIENTS WITH THE ATTACHED “WIRE FRAUD AND PHISHING SCAM ALERT”

Despite repeated efforts to alert consumers, including people involved in real estate listings and sales, our office continues to hear about efforts to fraudulently misdirect buyers’ initial deposits and sellers’ proceeds from escrow into the hands of criminals. The most common scheme involves e–mails allegedly sent by the Escrow Officer providing wire transfer information for the buyers to transmit initial or increased deposits for their purchase transaction. Unfortunately, hackers intercept legitimate escrow company e–mails and then slightly modify the account and contact information in the e-mail transmissions so as to re-direct the buyers’ funds to the hacker’s untraceable, off-shore account.

“Phishing” is the term used to describe acquiring sensitive information such as user names, passwords, and credit card details for malicious purposes. Cybercriminals often design their e-mail messages to make it appear that they are coming from an easily recognized entity (such as the IRS or the Better Business Bureau) or a legitimate enterprise (such as your bank, your internet service provider or your school’s reunion committee). Cybercriminals have been known to use social engineering to convince people to provide their personal information so they can steal their money; the first indication of these scams is requesting that the victim click on an embedded link or to go to a spoofed website.

We have uncovered several variations of these scams including, but not limited to, hacking into real estate agents’ e–mail accounts and, in some cases, the e-mail accounts for lawyers. When the Broker’s client receives the instructions regarding where and when to send the money, the hacker intercepts that e–mail and changes the wire routing address. Once the funds are wired by the client to the fake account, the money is gone and is usually not recoverable.

It appears that hackers monitor the e-mail traffic of various individuals and companies who are involved in real estate and other types of businesses where funds are routinely wired. The altered e–mails from the hacker appear to be genuine, containing sufficient information about the transaction, including the names and logos of the entities involved in the deal, so as to confuse the unsuspecting victims.

In some recently reported cases, the compromised e–mail accounts were the personal/individual e-mail accounts for the real estate Sales Associates themselves, not the brokerage accounts of large brokerages which typically have better firewall protections.

PRACTICE TIPS:

1. Real estate Brokers and Sales Associates should never provide their clients with wire transfer instructions for depositing money into escrow via e-mail or text. Clients should be told that wire transfer instructions should only originate from the Escrow Officer or Escrow Company and that all such instructions should be verified by contacting the person at the telephone number that the REALTOR® provides, preferably on paperwork supplied by the Escrow Officer or Escrow Company.

2. Clients should be warned that, if they receive communications indicating there has been any type of change in how their funds are to be handled, they should not take action until after they have personally contacted you by telephone. Clients should be specifically warned that changes in routing numbers, how funds are to get to escrow (e.g., using a wire transfer instead of a check) or changing where the money is to be deposited (e.g., directly to a bank or other institution rather than the Escrow Company) are “red flags” of a possible scam. Clients should not attempt to verify the validity of any of these changes by using the contact information in the phone call, e-mail or text that they receive.

3. Although many Local and Statewide Advisories (such as the C.A.R. Statewide Buyer Seller Advisory and the PRDS San Mateo Santa Clara Counties Advisories) include warnings about this topic, the best practice is to always deliver the attached REVISED “Wire Fraud and Phishing Scam Alert” to all sellers and buyers and obtain proof that the clients received that information by obtaining a signed copy for your broker files. Alternatively, this Alert can be incorporated into your brokerage’s in-house documents regarding privacy and record storage that are delivered to your clients at the inception of the agency relationship.

4. The Alert (Advisory) following this Tip should be provided to your own clients; it is not necessary to track receipt of any advisory by other brokers’ clients.

WEEKLY PRACTICE TIP: DO NOT FORWARD TO CLIENTS. This Weekly Practice Tip is attorney client-privileged and for the exclusive use of clients of Broker Risk Management and their agents. It may not be reproduced or distributed without the express written consent of Broker Risk Management. The advice and recommendations contained herein are not necessarily indicative of standards of care in the industry, but rather are intended to suggest good risk management practices.

[INSERT BROKER NAME]

WIRE FRAUD AND PHISHING SCAM ALERT

Cybercrime is an unfortunate reality of the modern world and it is a potential threat in real estate transactions. Notwithstanding the increased number of scams, wiring funds directly to or from escrow is still viewed by most of the real estate industry as a better practice than having real estate agents physically transporting clients’ checks. Lenders continue to fund their loans using wire transfers.

Over the last few years, when buyers and sellers are sent e-mails from their Escrow Officer or lenders regarding how to transmit money into or out of escrow, computer hackers have intercepted these e–mails before the buyers and sellers receive the correct information. The cybercriminals alter the wire transfer instructions and account numbers to re-direct the funds to the hacker’s account and then forward the altered e-mail to the buyers and sellers. In some cases, the “bad guys” created phone numbers that were similar to the escrow company’s phone number; the fake phone numbers were provided to encourage the victims to contact the cybercriminal to verify that the wiring instructions were valid.

Cybercriminals gain access to the e–mail accounts of individuals and companies by a variety of techniques; the most frequent form is called “phishing.” Cybercriminals design their e-mail messages to make it appear as though they are coming from an easily-recognized entity (such as the IRS) or a legitimate enterprise (such as your bank or your internet service provider). Cybercriminals have been known to use social engineering to convince people to provide their personal information to steal their money; the first indication of a scam is requesting that the victim click on an embedded link. Many unsuspecting buyers and sellers have been duped in this fashion and the thieves then wait until the real wire transfer information is sent to their victims before sending the altered communications.

DO NOT EVER WIRE FUNDS PRIOR TO CALLING THE ESCROW OFFICER AT THE PHONE NUMBER PREVIOUSLY PROVIDED TO YOU. ALWAYS confirm verbal wire transfer instructions before taking steps to have any funds transferred. Never wire funds to an entity other than the Escrow Holder and never outside the State of California. It is critical that you obtain the telephone number of the Escrow Officer at the inception of the escrow; do not use any contact information in the e-mail message containing the wiring instructions. You are also encouraged to take appropriate, immediate steps to secure your home and office computer systems along with all e–mail accounts.

If there is any indication that you have received a “phishing” communication and/or questionable wiring instructions, promptly notify your bank, your real estate agent and the Escrow Holder. There are many online sources that can provide additional useful information including, but not limited to:

The Federal Bureau of Investigation @ www.fbi.gov; The National White Collar Crime Center @ www.nw3c.org; On Guard Online @ www.onguardonline.gov

If you have inadvertently wired money based upon suspicious or fake instructions, IMMEDIATELY CONTACT THE FBI FINANCIAL CRIMES UNIT which is open 24/7 to accept your call. The sooner they are contacted, the better the chance of recovering your money.

FBI FINANCIAL CRIMES UNIT (310) 477-6565

The undersigned acknowledge receipt of this Advisory:

Seller: _________________________________ Date: __________________

Buyer: ________________________________ Date: __________________