Homebuyers targets of ‘spear-phishing’ emails
SCAMS,
“It’s doubled year-over-year, and as we put procedures in place, these criminals adapt,” Fitz said. “Half our game is playing defense.”
Fitz said the majority of perpetrators hail from West Africa and Eurasia and conduct their schemes from overseas. They often work, he said, as part of a transnational organized crime network and take advantage of their connections in different countries.
He added that victims, real estate agents and title companies may not report cases of business email compromise out of fear of appearing incompetent or unreliable, meaning the number of victims affected and the amount of money lost could be much higher than what the data show.
Maryland real estate and title companies have resorted to holding regular training sessions, seminars and lectures designed to educate staffers. David Thurston, president of the Maryland-based Crown Title Corp., said his company first witnessed scam David Thurston, president of Maryland-based Crown Title Corp. attempts via email around two or three years ago, but has not suffered any losses.
He attributed the shift from paper checks and phone calls to bank wires and emails as the reason behind the hike in crime.
“What [we] didn’t count on was technology changing everything,” Thurston said. “It’s been a traumatic and dicey few years.”
But, despite efforts to boost awareness, the amount of money reported stolen this way continues to grow.
Typically, real estate-related email fraud follows a basic formula.
At some point before the sale closes, one of the parties’ email accounts is hacked by an outsider. The criminals often look for entry into an unencrypted email account, one without a multilayer security system built in, or send targets emails with malware attached and breach the account by “infecting” it with a virus.
Upon completing a successful hack, the fraudster then monitors the internal correspondence within the email account, taking note of the person’s signature and, in more recent cases, copying the warning note attached to the subject line and the bottom of the email that cautions clients of possible spoofs.
Often with a new, nearly identical email address, the criminal will then target a consumer, copying the agent’s signature or the title company’s logo. As in Wiesand’s case, the hacker typically asks for an advance or changes the wiring instructions.
Valerie Grandin, North American Title Insurance Co.’s executive vice president and chief underwriting counsel, said the same few “red flags” surface in the majority of these scams.
“Any kind of rush or last-minute change, those are the biggies,” Grandin said. “And at the month’s end, you’re very busy, so that’s when they’re going to attack.”
Not all victims of wire fraud qualify for reimbursement after losing money from such phishing scams, Grandin said, making the stakes even higher. She encourages all homebuyers to verify their wire transfers over the phone.
“It’s a constant threat,” she said. “Consumers may only do one or two of these [transactions] in their entire lifetime, so it’s hard to impress the urgency and potential for tragedy.”
Fortunately for Wiesand, a bank manager at his Wells Fargo branch prevented him from wiring the money. But he remembers the experience as both invasive and painful.
“It’s a very emotional situation,” he said. “I wanted to kiss that manager. I was so thankful he was on the ball with that.”