Avoiding Cyber Fraud: What Title Companies Should Know About Internet Crime
For those who work in the title industry, few events can match the excitement of helping their customers to close on the home of their dreams. But, when cyber fraud enters the picture, it can quickly escalate into a nightmare scenario for buyers, sellers, and title companies alike.
Consider this example: After months of searching, Linda and Jim have just found their ideal house and are ready to make the purchase official. A couple of days before their closing, they receive an email from their title company with instructions on how to wire their down payment. They proceed with the wire transfer, unaware that the email was fake and that they have just sent tens, or possibly even hundreds of thousands of dollars to a bank account controlled by an organized crime group.
Scams like these are all too real and happen more than you may think. Let’s take a closer look at how to protect your title company and your customers from online fraud.
Online Real Estate Fraud Is a Growing Epidemic
There’s no question that technological advances have helped the title industry process orders faster, handle more closings and simplify complicated transactions. However, technology has also aided bad actors in their schemes to target such transactions. And these crimes can fool even the most diligent professionals and homebuyers.
According to the FBI’s Internet Crime Complaint Center (IC3), Internet crime includes any illegal activity involving one or more components of the Internet, such as websites, chat rooms, and/or email. It involves the use of the Internet to communicate false or fraudulent representations to consumers. These crimes may include, but are not limited to, advance-fee schemes, non-delivery of goods or services, computer hacking or employment/business opportunity schemes.
As the nation’s central hub for reporting cyber crime, IC3 received a total of 3.26 million complaints from 2018 to 2022, reporting a staggering loss of $27.6 billion. Clearly, this is much more than a casual threat — it’s an epidemic with the potential to affect millions of people.
When Internet crime affects victims involved in real estate transactions, it can be particularly devastating. “Unfortunately, we’re dealing with an individual’s or family’s money and the biggest purchase in their lives,” said Thomas Linehan, executive vice president at BankUnited, who educates title professionals about fraud.
Business Email Compromise Targets Real Estate Transactions
The most frequently reported type of fraud in the real estate industry is called business email compromise (BEC). The FBI describes BEC as a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is often carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds.
Criminals use three common approaches to carry out BEC scams, including:
· Phishing/Smishing Scams – Phishing is when criminals send many fake emails, hoping recipients will believe them and perform an action or click on malicious links/attachments, where smishing is a social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information or sending money to cybercriminals.
· Business Scams or Spoofing – A method where criminals make a fake email address, website or identity appear real and trustworthy.
· Ransomware – A type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid.
In 2022, a total of 21,832 BEC complaints were registered by victims with the FBI, reflecting estimated losses exceeding $2.7 billion. What’s more, the real estate industry suffered a whopping $396 million + in adjusted losses in 2022 as a result of BEC scams.
According to Linehan, title companies, attorneys, lenders, and related parties have become targets of BEC due to the large financial transactions that transpire on real estate deals. He explains that cyber criminals will compromise an email account, study the activity on the account and impersonate a related party, with the intent of deceiving a victim into originating a payment.
Often, a modified closing document is presented via email with payment instruction changes, or a business receives an email from whom they think is the lender, title company, realtor, buyer, seller or another employee with modified payment instructions.
Be Proactive to Defend Against Real Estate Fraud
BEC can be particularly difficult to spot in real estate transactions, due to the many stakeholders involved in a closing and the amount of trust they place in each other. While it’s easy for slight changes to go undetected, taking a proactive approach is the best way to avoid having your title company fall victim to a BEC scam.
Linehan encourages businesses to enhance employee fraud awareness and educate employees on how BEC scams and other similar attacks work. He also recommends carefully scrutinizing all emails, including unsolicited or irregular emails sent by high-level executives, as they can be used to treat employees into acting with urgency. Be extra cautious of emails requesting funds, he says, to determine if the request out of the ordinary.
In addition, you should verify any changes in vendor payment instructions by using a secondary sign-off by company personnel. Stay updated on customers’ habits, including the details and reasons behind payments, and be sure to conduct call backs using numbers on file, not email, on all payment requests.
Prohibiting access to personal emails from business computers is also recommended, as personal email accounts are known for receiving spam emails that contain potential malware. Encourage employees to only use business computers for business use and refrain from visiting unknown sites.
An extra amount of scrutiny can go a long way, so be on the lookout for these red flags:
· The sender’s email is similar to the legitimate email address. The changed email address could be often subtle (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com).
· Multiple sets of wire instructions or change of wiring instructions provided. Wire instructions should never change!
· Poor grammar or odd use of terms/phrases used in the body of the email.
· Sense of urgency — funds must be wired immediately.
· Seller contacts title company via email with payment instruction changes, as opposed to the lender.
· Recipient bank account doesn’t make sense (payee is not a party to the transaction; payee is a law firm not involved in the transaction; payee is in an unrelated location such as another state; and/or beneficiary bank is not a local bank).
· Email sent outside of normal business hours or using 24-hour clock (22:00 hrs. instead of 10 p.m.).
· Unexpected email with link to a document — likely a link with malware.
What to Do If and When a BEC Scam Occurs
What should you do if, despite your best efforts, your company ends up falling victim to a BEC scam? According to IC3, it’s important to act quickly to see if the funds may be recovered. Most importantly, work with your team at Proliant Settlement Systems. Together, you and they will:
· Contact your banking team immediately via telephone and email.
· Inform the banking team of the fraudulent transaction. Have sufficient details to relay what transpired.
· Provide a screenshot of the outbound wire, if possible.
· Once informed, the banking team should alert the corporate fraud division of the transaction.
· Request that a wire recall be submitted. The bank should submit a wire recall on the customer’s behalf to the beneficiary bank with a message indicating that the wire was unauthorized or as a result of a BEC.
· Gather all relevant information associated with the business deal (i.e., wire instruction emails) to provide to the bank’s corporate fraud division and complete any necessary forms as requested, such as affidavits.
· You can complete an online complaint form at IC3.gov or contact the FBI directly immediately. You may also file a police report with your local police department.
Proliant Works to Protect You from Fraud and Scams
At Proliant Settlement Systems, we’re always looking for ways to mitigate fraud. Not only do we offer our franchisees a simplified path to owning a title company, but we also protect their businesses by consistently adapting policies to defend and safeguard against fraud by keeping them up to date with training provided by thought leaders in the industry, such as Linehan.
We know that combatting fraud is a multilayered venture involving cutting-edge software, consistent training and responsive processes. Fortunately, our franchisees can rest easy knowing we won’t let our guard down. By remaining vigilant and proactive, we can ward off fraud and focus on the best customer experience possible.