An old trick is coming back and working. It is a wire fraud scheme targeted at homeowners instead of businesses, and it is happening at an alarming rate.
Here’s how it works:
An individual is in the process of purchasing a home. Most of the communication in real estate transactions these days is done via email, including between the real estate broker and the homeowner, or the real estate broker and the mortgage broker, bank or title insurance company, or lawyer.
As is often the case in wire fraud scams, a hacker targets the real estate broker, mortgage broker or bank or title insurance company or lawyer, with a phishing scheme or campaign and is able to get into their system and insert malware so the scammer has access to emails. While monitoring the email traffic, the scammer is able to insert himself into the conversations and to identify all of the parties’ email addresses.
Just before the closing, when all of the wiring details are being shared via email, the fraudster emails the buyer posing as the broker or lawyer, telling the buyer where the down payment is to be wired. The scammer provides wiring instructions, directing the funds to his bank account (which he purports is the seller’s bank account) and the funds are wired overseas to the criminal’s bank account.
The money is gone and very unlikely to be recovered.
The FBI has indicated that email compromise crimes have spiked over the past year, thus the need for caution when purchasing a home.
Some tips to consider:
- Be vigilant, suspicious and cautious about emails during a home closing and verify any suspicious correspondence received during the transaction.
- Use the phone to verify important details, including wiring instructions and transfers.
- Request that your bank not allow wire transfers without voice verification.
- Carefully consider responses to emails requesting some type of action and don’t respond until you have spoken directly to the person requesting the action.
Discuss cybersecurity precautions with your broker, title insurance provider, mortgage broker, attorney and bank to make sure they are all on alert during the transaction, and instruct them to confirm monetary details with another form of authentication other than email.