Note: The following is for educational purposes only. We are not law enforcement or lawyers and this is not legal advice. You should always consult with law enforcement, your legal counsel, insurance providers, and respective underwriters to make sure you adhere to the policies they have set forth related to wire fraud emails.
I was both delighted and horrified to receive an unexpected email in my inbox the other day.
I received what appeared to be a fraudulent real estate closing email – complete with wire instructions and all!
I realized the email was bogus immediately for two reasons.
First, we are not a title company so we cannot receive a “New Title Order” as the subject exclaims.
Second, I am not in the process of purchasing any property so by default, the email does not apply to me.
However, as I re-read the email, I began to think about all of the people I know who might mistake this as a legitimate email; especially if they are currently in the closing process.
This realization was horrifying…
Below you’ll find the both the red and green flags that we found while analyzing the email, and best ways to train your staff, partners, buyers and sellers so they don’t become a victim.
At first blush the email appears it might be legitimate. Especially if you deal with similar emails day in and day out for your law firm, mortgage company, real estate business or title company, or if you are in the process of buying to selling real estate.
Subject Line: New Title Order
Nothing unusual here if you work for a title company and currently receive orders via email or your website.
Here are some other common industry terms that the sender used that made the email appear legitimate.
- “E & O Policy”
- “chain of title”
- “Wiring instructions”
- “Prelim CD”
- “CPL” or Closing Protection Letter
In addition to the terms used above, the sender also specifically references that “page 3” contains “tax pro-rations, Realtor Commissions, and HOA Dues”.
Other Subtle Details
Besides the industry jargon, the sender did a good job wording the email in a casual but professional way. Below are a few subtle details and phrases that one might see in legitimate emails like this.
- “Attached is the new title request with contract.”
- “Contract is enclosed via encrypted secure OUTLOOK365 PDF format.” This type of security is common in the industry.
- “Realtor” is correctly capitalized.
- The area code in the phone number matches the city and state that is listed on the address in the signature line
- “Florida” is where I’m located.
- The law firm and the logo appear to be legitimate.
As you can see there are many factors working against the recipient of this email. All the sender needs is for one person to believe the email in order to steal funds.
This email is obviously fraudulent, or at least a mistake at best if you are not buying or selling real estate.
But theoretically let’s say you and your clients do have some real estate transactions pending.
If that is the case, what are some ways you can spot that this is a fraudulent email?
The first subtle clue for me was that I didn’t recognize the person’s name.
So next look at the sender’s job title of ”Loan Officer Assistant” and I think maybe this is the assistant of the person who I was working with.
The mention of the “Melbourne Processing” being “cc’d” is a little strange to me because I don’t see any other email addresses copied on the email.
Because I am from the land title industry, the huge red flag for me was the mention of a wire transfer followed by all caps: “AS SOON AS POSSIBLE, PLEASE”.
But what if I was a first-time homebuyer? That phrase alone might cause me to take quick action on the email.
It is scary to think that your clients could potentially lose their life savings from an email like this.
Out of curiosity I visited the website URL in the signature block (I manually typed it in; I did not click) to see if it was an actual company. One thing that I noticed immediately was that the signature has the address in Nevada, whereas the website only mentions North Carolina.
A few other subtle red flags
There are several other subtle red flags that appear as we studied the email critically but might go unnoticed.
One of which is the reference to the PDF attachment. The actual attachment appears to be an HTML, not a PDF.
Next, when we looked at the signature line and who actually sent the email in the headers (To, From, CC, etc.) the email addresses don’t match. The email in the signature appears legitimate but the sender email is very strange.
Often times email clients like Outlook or Gmail don’t show the sender email address by default. They typically only show the person’s name so this one might be difficult for many to catch.
How to recognize a fraudulent email
The bottom line is to have one consistent way throughout your organization to give wiring instructions and make sure all parties involved are aware of this. It is also important to warn them about the fraudulent emails that have been circulating.
To make this easier for you we condensed this article into a PDF summary and example of a wire fraud email and how to recognize it.
View and download it here and share it with your staff, buyers, sellers, Realtors, Lenders, and other partners!