Warning: Email Wire Instruction Fraud Scam Hitting Real Estate Industry
Warning to the real estate industry: a widespread fraud is currently underway that could cost you and your client tens, or even hundreds, of thousands of dollars.
The scam is simple: the scammer obtains access to information concerning a pending real estate transaction, using this information to impersonate a party to the transaction to provide fraudulent wire instructions.
Often times, this scam involves a compromised email account of an individual to a real estate transaction (e.g., the agent, escrow, lender, broker, title insurer, seller, buyer, etc.), which the scammer uses to obtain information concerning a pending transaction.
To assume the identity of a party to the real estate transaction, the scammer may send an email that appears to be from a legitimate sender (firstname.lastname@example.org). It is commonly believed that an account must be compromised to send an email that appears to be from that account. This is not the case.
The scammer may also purchase a domain name (e.g., email@example.com) that appears very similar to the legitimate domain name (firstname.lastname@example.org). The scammer may also have control of a compromised email account of a party to the transaction. Under either of these two scenarios, the scammer can send and receive communications with the victim.
Fraudulent Wire Instructions Email
The email will generally inform the buyer/lender of the wiring instructions (or new wiring instructions). With the wiring party expecting an email with escrow instructions from escrow, the broker or the agent, the wiring party may have no reason to think twice about this email.
If the scammer has an ability to read all emails with a buyer, they may be able to convincingly assume the identity of a party to the transaction, picking up where the last email left off (“I’m glad the terminate inspection went well. The new wire instructions are attached.”). With the wiring party having no reason to believe the e-mail to be fake, the wiring party may act on the email without any further confirmation.
This scam can cause a buyer’s deposit, down payment or even the entire balance of the contract to be wired to the scammer’s bank account. The resulting loss of hundreds of thousands of dollars may give rise to legal liability. Lawyers may consider negligence and breach of fiduciary duty claims, in addition to other causes of action.
How the Hackers/Phishers Compromise an Email Account
Although some may refer to the scam artist as a hacker, they may simply have gained access to the email account by phishing, which involves any number of methods to gain a username and password. This can include sending a link to a website that appears to be a login page to Google, Yahoo, Hotmail, AOL or other popular services. Phishers may be able to determine an email password by using a program to repeatedly guess the password (cracking). They may also utilize spear phishing techniques where the recipient receives an email that appears to come from someone that they know. Another technique is to load a virus on the recipient’s computer, which may come by way of an email attachment or even a download from a website that appears to have a legitimate purpose (Trojan horse).
Professionals should take steps to ensure the security of email communications, including, but not limited to:
Avoiding business with any party that uses a free email service
Using encryption in emails and attachments
Warning buyers/lenders of this potential fraud before it occurs
Consulting a computer security expert
Training employees on computer security
Installing appropriate software to prevent or detect the security issues that give rise to this scam
If you’ve been victimized by this scam, consult an attorney to discover if you may have legal rights.
The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. No information contained in this post should be construed as legal advice from Reid & Hellyer, APC or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.