E-commerce, over the past several years, has integrated itself into nearly every aspect of Mortgage & Real Estate transactions. It has enabled us to communicate more quickly and efficiently and engage in transactions across great distances. As E-commerce has grown more prevalent, Cyber-Hackers have identified weak-points in the E-commerce chain and are successfully stealing billions of dollars from Buyers, Sellers, Title Companies, and Lenders in Real Estate Transactions. Due to the large amount of funds being transferred between banks, individuals, realtors, and Title Companies; hackers have identified real estate transactions as an easy target for cyber/wire fraud.
Last year alone, the FBI reported that in the 2nd half of 2016 hackers stole over $2.2B through wire fraud. Wire Fraud in Real Estate Transactions looms as one of the predominant challenges facing Corporate and Governmental Cyber-Security professionals in their attempts to maintain a healthy e-commerce platform that consumers and businesses can trust and confidently transact in. The coming years will be tough as changes in tactics target the weak points in the transaction chain described below. Understanding these risks is the best counter-measure and will help you conduct your own transactions with confidence and security.
Hackers target real estate transactions through the use of telecommunications or information technology to steal or misdirect the transfer of funds from the point they are wired from one party to another. A couple of years ago hackers would attempt to penetrate elaborate cyber-security systems of Banks and Lenders, which often failed due to the stringent regulatory requirements and money spent by these institutions on protecting their systems from attack. More recently, they have focused their efforts on softer targets: i.e. Realtor and title company/attorney email accounts and intranets that are often unsecured. They will penetrate these accounts and setup phishing scams (discussed below) to target wire transfers at the following points of the transaction:
- Deposits on purchase contracts
- Transfer of cash-to-close proceeds
- Lender fundings of the transaction
- Wiring of borrower or seller proceeds from Title Company to seller
Phishing Scams – A Definition and How They are used to Compromise the Transaction
What is a phishing scam? Phishing is the attempt to obtain sensitive information such as usernames, passwords by disguising as a trustworthy entity in an electronic communication.
In real estate transactions, hackers make their way into unsecured personal accounts of title agents, realtors, in some cases lenders, and attorneys alike. They will sit back, watch and gather data regarding every detail involved in a transaction. Names, addresses, sales prices, participants and the transaction flow, etc.
When the hacker obtains all information needed, they will sit and wait until an opportune time to impersonate one of the participants and then send a fraudulent/fake email stating that the wire instructions for this transaction have changed and the funds should be sent to a completely different bank account (controlled by the hacker).
Example Scenario:
John Doe has received an email the day before closing from the title company stating that the wire instructions have changed on his transaction. The email is coming from, what appears to be the same person the buyer has been speaking with at the title company throughout the transaction. Unsuspecting, John follows the directions and updates/changes the outgoing wire information with his bank and sends the money out to the title company for what he believes will finalize his closing. The money though never makes it to the title company and disappears into cyberspace and is stolen by the hacker.
Typically this is accomplished through a slight change in the email address of the sender: i.e.: janedsmith@123title.com changes to janedsmith@123title.com.xos or some strange extension. To the untrained eye, or someone reviewing very quickly, it is easy to mistake the two, especially when only seeing this email address for a very short period of time in regards to this real estate transaction
What are the Vulnerable Points in a Transaction?
1. Purchase:
- Buyers sending a deposit to Title Company or Realtor escrow account.
- Buyer wire of cash-to-close to title company/attorney.
- Lender wire of loan proceeds to Title Company.
- Proceeds from sale of home wired to seller by Title Company.
2. Refinance (no cash out)
- Borrower sends money to title company for any monies needed to close loan.
- Lender sends proceeds of new loan to pay current mortgage on property.
- Refinance (Cash out)
- Lender sends proceeds of new loan to pay off current mortgage on property
- Title Company wire of cash-out proceeds.
3. Refinance (cash out)
- Lender sends proceeds of new loan to pay off current mortgage on property
- Title Company wire of cash-out proceeds.
How to Protect Yourself?
1. Be Vigilant
- For borrowers, in the beginning of the process, it is important to make contact with the title company/attorney and form a relationship with whoever is handling the closing. The more direct communication you have with the individual handling the closing the better intuitive feel you will develop when something seems “off”.
2. Dual Authentication
- Dual authentication is an alternate method of confirmation to confirm true and legitimate requests. (Typically banks will use texting to a verified phone # instructions or changes to accounts).
3. Ask your Loan Officer/Realtor/Title Agent if there are any new threats or scams going around that you should be aware of.
4. Trust your gut and if you aren’t sure ask questions and communicate with other people involved in the transaction. Direct communication will almost always thwart these attempts.
Please share this information and reach out to me if you have any additional comments or questions. Knowledge and communication is the best means we have to protect ourselves and manage our transactions securely and smoothly in this dynamic and changing security environment.
