If we could offer only one piece of advice to our customers and their clients, it would be, “Don’t trust everything you read in your email.” As technology has advanced, hacking techniques have grown more sophisticated, meaning criminals can now target individuals with increasingly realistic phishing emails that draw from details of victims’ personal lives.
This tactic, known as social engineering, is at the heart of a recent spate of cybercrime targeting the title industry: wire transfer fraud. Wire fraud—along with other email hacking techniques—is almost certainly the biggest digital threat to real estate brokers and title companies today. Fraudsters have used customer naivete to scam millions of dollars from potential buyers, upending sales and draining millions from Americans’ collective savings.
The problem has been so pervasive that just this spring, the federal government arrested more than 75 individuals connected to wire fraud scams, many of whom were directly targeting the real estate industry. Although justice will be served in those cases, the shadow of wire fraud still looms large for many other would-be homebuyers, brokers and title agents.
Here’s what you need to know to protect yourself and your clients from wire transfer fraud—and how you can keep criminals from stealing payments from under your nose.
Wire fraud on the rise in the title industry
Closing on a home should be a dream come true, but for victims of wire fraud, it can quickly transform into a living nightmare. Wire fraud in the title industry has surged in recent years, with a 480% increase in reported incidents in 2016, according to an FBI warning.
The scam works like this: A hacker infiltrates the email account of a real estate agent, title agent or homeowner, then skims through sent and received emails to gather details of upcoming home sales.
Once familiar with the specifics of the transaction, the criminal sends an email to the homebuyer, posing as the title or real estate agent and requesting an immediate wire transaction. However, the account details provided in the email to complete the wire aren’t connected to a legitimate business account, but to the fraudster’s account instead. Once the wire transfer clears, the hacker withdraws the funds and closes the account, making off with thousands or even millions in stolen funds.
What’s so devastating about this tactic is how difficult it is to recover funds once they’re sent. Money transferred via wire is available almost instantaneously, meaning that senders typically have less than an hour to report fraud before funds are gone. And unlike checks or credit card transactions, wires can’t be canceled or reversed once they clear.
In some cases, victims lose the entire down payment on their home—money that, in many cases, was carefully saved over years or decades. And this is by no means an isolated problem. In fact, The Washington Post reported that criminals diverted or attempted to divert $969 million in fraudulent real estate transactions across the country last year. Imagine it: thousands of lives changed (and sales lost) with the click of a button.
What you can do to prevent cyber criminal activity
The only good response to increased wire fraud is to be proactive. For both your and your clients’ sakes, consider implementing a few policies and digital controls to keep fraudsters at bay, including the following:
- Eliminate wire transfers. If possible, do not require clients to send money via wire. At the very least, inform clients that you will never request wire transfers through email.
- Be wary of suspicious emails. Phishing emails are one way that hackers gain access to title company email accounts. Look for typos, incorrect details or overly formal language, which are telltale signs of scam emails. Never click on a link directly from an email; instead, hover on the link with your cursor to see where it directs.
- Enforce strong passwords or implement two-factor authentication. Wire fraud attempts often originate with title agents’ email accounts, so protecting these assets is key to avoiding scams. Be sure to use strong, unique passwords for email accounts, or consider investing in two-factor authentication—an IT solution that requires an additional step, such as a code texted to your phone—in order to access your account.
- Implement email filtering tools. There are many IT solutions that can assist with cybercrime prevention. Your IT support team can help you install email filters to catch phishing emails before they catch you off guard. Using these tools, you can create all kinds of custom rules to blacklist senders, block attachments or tag emails with certain phrases.
- Create a cybersecurity policy. When hackers attack, it can be difficult to know what to do. Working with your IT support provider to build a cybersecurity procedure will both give you a protocol to follow in the event of fraud and help you review IT solutions and controls for future protection.
- Do your part to report potential scams. Report suspicious activity to the FTC by filing an official complaint on the agency’s website. Complaints help federal agencies identify patterns of activity and build cases against fraudsters.
In today’s security landscape, you can never be too wary of fraud. Title companies—like other organizations—need to consider expenses related to cybersecurity literacy and associated IT solutions as simply a cost of doing business in the digital era. To get yourself up to speed quickly, be sure to review our Essential Cybersecurity Bundle. Trust may be hard to come by these days, but this is one read you can count on.