The Anatomy Of A Real Estate Wire Fraud Email

The Anatomy Of A Real Estate Wire Fraud Email

Note: The following is for educational purposes only. We are not law enforcement or lawyers and this is not legal advice. You should always consult with law enforcement, your legal counsel, insurance providers, and respective underwriters to make sure you adhere to the policies they have set forth related to wire fraud emails. I was both delighted and horrified to receive an unexpected email in my inbox the other day. I received what appeared to be a fraudulent real estate closing email – complete with wire instructions and all! I realized the email was bogus immediately for two reasons. First, we are not a title company so we cannot receive a “New Title Order” as the subject exclaims. Second, I am not in the process of purchasing any property so by default, the email does not apply to me. However, as I re-read the email, I began to think about all of the people I know who might mistake this as a legitimate email; especially if they are currently in the closing process. This realization was horrifying… Below you’ll find the both the red and green flags that we found while analyzing the email, and best ways to train your staff, partners, buyers and sellers so they don’t become a victim. Green Flags At first blush the email appears it might be legitimate. Especially if you deal with similar emails day in and day out for your law firm, mortgage company, real estate business or title company, or if you are in the process of buying to selling real estate. Subject Line: New Title Order Nothing unusual here if...
How Hackers Target Real Estate Transactions

How Hackers Target Real Estate Transactions

Real estate transactions are some of the higher value transactions commonly done by individuals and companies.  As such, they have become an increasing large target for hackers. The way a typical scam works is first the hacker gains access to the email of one of the involved parties – the buyer, seller, real estate agent, lender, attorney or title agent.  Next, they take note of important transaction details such as down payment amounts and closing dates. As the closing date approaches, the scammer poses as one of the other parties and sends new instructions for wiring funds.   For example, if the law firm’s domain is www.somelawfirm.com the hacker might register the domain www.s0melawfirm.com and send the email from that domain. Most people wouldn’t notice the “O” in the word “some” is actually the number “0” in the second domain name. The unsuspecting victim then mistakenly sends funds to the scammer and not the correct party.  By the time everyone realizes that a mistake has been made, the scammer is long gone. How to help protect yourself, your company, and clients: Use Secure Passwords We usually recommend 10-12 characters minimum with a mixture of capital letters, lower case letters, numbers, and symbols. 6 to 8 characters may not be secure enough anymore. Never Click Links In Email Instruct your staff, partners and clients to never click links or buttons in email, even if they know the sender.  Emails can easily be spoofed to appear legitimate. Secure Your Email and Website If your email isn’t secure, your data could be compromised if someone were to hack your email server.  Also,...