How to guard against losing your assets to wire fraud: A growing cybersecurity threat

GARY QUACKENBUSH
FOR THE NORTH BAY BUSINESS JOURNAL

Cybersecurity Watch

This series is sponsored by Comcast Business, which had no input into the editorial content of this article. See more stories on this topic.

Financial institutions continue to battle cyberattacks, particularly hackers who tap into the fiscal electronic freeway used to move large sums of money for real estate deal closings and other large-price-tag transactions.

For the past six years, the financial sector has been ranked No. 1 as the most cyberattacked industry. In 2020, attacks against banks and other financial institutions climbed 238% (with 19,369 cases of wire fraud reported by victims of real estate transaction scams to the Internet Crime Complaint Center), followed by an additional 118% increase in 2021, according to Aunalytics, a secured managed service provider.

In 2021, the Modern Bank Heists 4.0 threat report from VM Ware Carbon Black, a cloud-to-endpoint protection security provider, found that 57% of surveyed financial institutions revealed an increase in wire fraud.

Wire transfers facilitate fast and convenient direct digital money transactions between two bank accounts. To make a wire transfer, the sender communicates with his or her bank, provides the name and number of the account funds will be drawn from, and the amount of the transfer, along with the recipient’s name, bank account number and the recipient’s American Banking Association routing number — and in some cases, the recipient’s bank address and phone number.

“Those trying to rob wire transfer funds are smart, subtle and often demonstrate a high degree of sophistication,” said Irshad Hirani, vice president and information security officer for Exchange Bank in Sonoma County.

“Exchange Bank is not seeing a lot of wire fraud because we implemented a three-prong approach to thwart malicious practices,” Hirani said. “Controls were put in place to protect customers, we adopted advanced technologies to make internal systems secure, and developed programs to increase awareness among customers and employees on ways criminals try to obtain private information they can use to trick customers into making costly mistakes.”

He said the bank setup stringent requirements, more manual processes (instead of automated), multiple approval levels for branch managers and others who handle fund transfers, as well providing guidance to customers on how to protect themselves.

Demands to move quickly can mean fraud

Experts say being “fraud smart” begins by being sure you know people who are reaching out to you. If you can, call back the bank or title company to confirm. Also, hackers typically gain access to personal emails via social media connections that involve asking a person to reply or click on a link allowing malware to be implanted.

Once access is gained to a personal computer, Hirani said “bad guys” can move within files on the desktop to review emails, study patterns used in closings and, using what they collect, craft urgent appeals.

By capturing the names of escrow agents and others, they impersonate them, sending emails instructing that funds be sent instead to the imposter’s account.

In one wire fraud attempt, a buyer’s real estate transaction was set to close in a few days, but she received an email that “appeared” to come from a trusted escrow agent she had been working with saying the date was moved up and the closing is tomorrow. The customer was urged to act quickly to avoid losing the property. New wire transfer instructions were included as an attachment.

This was a scam. It is very uncommon for escrow agents to send closing instructions via email.

In a separate incident, a person received an email saying that instead of wiring funds to an escrow agent at a title company, they wanted him to send the funds to an escrow account at their law firm instead. Another scam.

The typical practice among title companies is to send customers written wire transfer instructions and then call them back to verbally confirm that these details have been received so they will know what to expect before the closing.

Hirani believes two-factor authentication can also help prevent wire fraud. This is a security system that requires two separate and distinct forms of identification to access a file or computer data. The first factor is a password and the second is a text with a sent to a smartphone, or biometrics using unique fingerprint, facial or retina features. He said other safeguards on the drawing board include using an algorithm designed to detect fraud.

Wire transfers can be completed in 24 hours, but the first 4-6 hours after transfer are critical if fraud is detected and efforts are made to reclaim part, if not all, of the funds.

With many more financial transfers being done virtually these days, all parties to a real estate transaction are susceptible to falling victim to a wire fraud scheme, according to Krista Christensen, risk manager for cyber and wire strategies for Fidelity National Title Company.

“Fraudsters target buyer’s funds, seller’s funds, lender’s funds as well as broker commissions, she said.

Christensen observed that cybercriminals are highly adaptive. They have found ways to use COVID-19 in their schemes by reaching out to customers even earlier in transactions, sometimes shortly after the opening of escrow, stating that due to COVID, closing funds must be wired that day to avoid delay. Other false communications may state that due to COVID, checks cannot be accepted.

Sometimes a buyer receives a spoofed email purportedly from the lender with a copy of the final closing disclosure statement attached. The email further references dates, times and figures, which the fraudster learned from an email compromise, as well as false wire instructions the buyer should use to send closing funds to the settlement company. The fraudster monitors the “mule” account and withdrawals shortly after the funds have been credited to the account.

Text of one fraudulent email

“Good Morning: Due to the COVID-19 pandemic, all closing funds should be wired to our trust account today to avoid a delay at closing, so that funds can clear in our account on time for closing. I will send wire instructions once you have acknowledged the receipt of this email. I will be busy with limited access to my phone. You can send an email if you need anything else. Thank You.”

Anti-fraud phone messages

More financial institutions are including anti-wire-fraud messages in recorded announcements customers hear when contacting an escrow officer at a title company:

• Call, don’t email, the title company using the phone number on its website or a title company’s business card;

• Be suspicious. Confirm all fund wiring instructions with the title company by phone before transferring funds;

• Confirm everything. Call back to confirm the account number and name on the account where funds are to be sent; and

• Verify immediately. Call the title company to determine that funds were received by the appropriate company.

Tony Hildesheim, Redwood Credit Union’ chief operating officer said, “We’re especially careful with wire transfers, as they’re final and it’s important to know exactly who you are doing business with. We have a three-checkpoint process to validate the legitimacy of the wire transfer that includes speaking directly with our members and use several data-driven systems to identify and capture suspicious activity.

Tom Kemper, Santa Rosa branch manager with residential real estate brokerage Coldwell Banker Real Estate, said, “Wire fraud is on everyone’s radar screen these days, but we are not seeing a lot of wire scams locally that have succeeded.”

He estimated that a few out of every thousand emails going through the real estate industry each day may not be legitimate, are not caught or may slip through.

Kemper said that some bogus emails appear to be genuine, and people could be fooled unless they know what to look for.

“We make sure our clients review and sign California Association of Realtors forms that include a wire fraud advisory,” Kemper said. “Emails that appear to be authentic are crafted to look like the real thing, with a person’s correct name and actual address — but can still be fake.

“During the escrow process, every transfer step must be confirmed: When initial payment deposits are made by wire, when increased deposits are provided and before the balance is due at closing.”

He said real estate clients should receive calls from a confirmed escrow officer in advance of each transaction, with a follow up call to verify amounts paid and other aspects of this process.

“We inform clients that if someone other than a known escrow agent calls or sends you an email asking you to send funds, that call wasn’t from us — do not respond. No one else should be calling to make changes or alter details pertaining to the close,” Kemper said.

12 ways to protect yourself from wire transfer fraud

Never give bank account information, credit card or Social Security numbers to advertisers, unsolicited callers (someone trying to sell you something over the phone) or to anyone via a text message or email. This information can be used to steal money from your account via a wire transfer.

Never wire money to anyone you don’t know or have not met in person, or anyone who says they are with a government agency, IRS, SSA or from a major company.

Know what to expect before closing a real estate loan by confirming the process with the lender. Do not comply with an urgent or last-minute change or request to wire money to avoid losing the property. Contact your mortgage consultant.

Confirm your fund wiring instructions by phone using a known number before transferring funds — don’t use unfamiliar phone numbers or links from an email. Never wire money to anyone who pressures you into paying immediately or who says a wire transfer is only way to pay.

Ask your bank to confirm the name on the account before sending a wire transfer. Before wiring money, confirm instructions with your mortgage consultant or title company by calling a phone number and a person you trust.

Verify Immediately. Call the title company or real estate agent to validate that the funds were released. The sooner it is detected that money has been sent to a wrong account, the better chance you may have of recovering the money. Transfers can occur within 24 hours.

Don’t fall for a change of wiring instructions. It is uncommon for title companies to change wiring instructions and payment information via email. Do not call a new number or respond to an email with new instructions.

When responding to a suspicious email, hit “Forward,” not “Reply,” and then type in the sender’s email address. Criminals use fake email addresses that are very similar to real ones for a company. By typing in the email address, you will make it easier to discover if a cybercriminal is after you.

Be alert to spot common scams such as work-from-home offers, deals on products for sale or news that you have won a prize or lottery.

Check your bank statement regularly and look for suspicious transactions. Inform your bank as soon as possible if you see anything questionable.

If you believe you have been a victim of wire fraud, contact your bank immediately and ask if the bank can stop the transaction or recover your money from the person’s or company account. Tell the bank your reason for wanting to stop the transfer and give them the bank account number your money was sent to. Don’t wait.

If you think you may have wired money to a scammer, file a complaint with the Federal Trade Commission online or call 877-FTC-HELP. You can also file a complaint with the federal Consumer Financial Protection Bureau, or contact the local U.S. Secret Service field office Cyber Fraud Task Force to report the suspected fraud. You can also send a complaint to the FBI’s Internet Crime Complaint Center.

Sources: Federal Trade Commission, American Land Title Association and MagnifyMoney

The No. 1 threat

“We don’t want to see those trying to purchase homes derailed by wire transfer fraud. To help prevent this, we launched a campaign to inform homebuyers and policymakers about the dangers, along with signs of what may taking place when closing on a new home or refinancing a mortgage,” said Jeremy Yohe, vice president of communications for the American Land Title Association.

He said cybercriminals can hack into unsecured email accounts and search for upcoming real estate closings. They then pose as legitimate representatives of financial institutions emailing homebuyers with fraudulent wire transfer instructions.

Nationwide, 76% of 550 title insurance agents reported cyber criminals attempted to trick employees to wire funds to a fraudulent account in 33% of all real estate and mortgage transactions, based on a wire fraud and cybercrime survey released in March 2021 by The ALTA Research & Analytics Group. In 71% of these incidents, stolen funds were not fully recovered.

Correction, April 27, 2022: Irshad Hirani’s name was misspelled.

Cybersecurity Watch

This series is sponsored by Comcast Business, which had no input into the editorial content of this article. See more stories on this topic.

Show Comment