For more than a decade, the real estate industry has been a rich target for cybercriminals - and recent research reveals the trend has continued to increase.
Real estate transactions have become a prime target because they are highly lucrative. A down payment on a new home can be thousands, even millions of dollars. That amount of money gets passed from buyer to agent, and agent to seller, leaving many opportunities for fraudsters to intercept that money.
The Growing Threat
Wire fraud in real estate is one of the fastest growing cybercrimes in the country. The FBI reportedly received 301,580 complaints in 2017 and losses exceeded $1.4 billion. In the real estate/rental sector alone, more than 9,600 victims lost over $56 million in the same year.
In a new public service announcement released on July 12, the FBI Internet Crime Complaint Center (IC3) reported that the real estate industry has become especially susceptible to business email compromises (BECs) and email account compromises (EACs).
From 2015 to 2017, there was over a 1100% rise in the number of BEC/EAC victims reporting the real estate transaction angle and an almost 2200% rise in the reported monetary loss.
Victims most often reported a spoofed email being sent or received on behalf of one of these real estate transaction participants with instructions directing the recipient to change the payment type and/or payment location to a fraudulent account. The funds are usually directed to a fraudulent domestic account which quickly disperse through cash or check withdrawals. The funds may also be transferred to a secondary fraudulent domestic or international account. Funds sent to domestic accounts are often depleted rapidly making recovery difficult.
The attacks impact all levels of the industry, including title companies, real estate agents, law firms, and home buyers and sellers. Real estate transactions typically include electronic signatures, countless exchanges of documents via email, and a variety of interactions with potentially unfamiliar contacts.
How to Protect Your Money
Consumers need to be informed of the risks and aware of potential red flags, especially if they are involved in a real estate transaction. Businesses should update security practices frequently and train employees to recognize and react to phishing attempts. The best defense is to verify all requests for a change in payment type and/or location.
Other tips for mitigating the risk of this type of attack include:
- Be aware that BEC/EAC actors often request that payments originally scheduled for check dispersal be made via wire instead. BEC/EAC actors may also request changes to the original recipient’s financial information.
- BEC/EAC actors use publicly available information on real estate listing sites to target victims. This may include homes that are for sale and the progress of the sale such as “under contract” as well as the contact information of the real estate agent. Be wary of any communication that is exclusively e-mail based and establish a secondary means of communication for verification purposes.
- Be mindful of phone conversations. Victims have reported receiving phone calls from BEC/EAC actors requesting personal information for verification purposes. Financial institutions report phone calls acknowledging a change in payment type and/or location. Some victims report they were unable to distinguish the fraudulent phone conversation from legitimate conversations. One way to counteract this fraudulent activity, is to establish code phrases that would only be known to the two legitimate parties.
What to do if You are Targeted
1. Contact your financial institution.
IC3 states that if you discover a fraudulent transfer, time is of the essence. First, contact your financial institution and request a recall of the funds. Different financial institutions have varying policies; it is important to know what assistance your financial institution will provide when attempting to recover funds.
2. Work with a local security specialist.
If you are a real estate agency, title company, law firm, or any other business entity impacted by wire transfer fraud, the next step is to contact your local cybersecurity specialist. A key to solving cybercrime incidents is preserving digital evidence. There is a high rate of evidence decay when dealing with cybercrime, and involving your local security firm is a critical step in your response strategy. A security firm, like Breadcrumb Cybersecurity, will help you identify how you were compromised, preserve evidence and ensure you’re not still infected.
3. Contact the FBI.
Contact your local FBI office and report the fraudulent transfer. Law enforcement may be able to assist the financial institution in recovering funds.
Also, regardless of dollar loss, file a complaint with www.ic3.gov or, for BEC/EAC victims, bec.ic3.gov. The IC3 will be able to assist both the financial institutions and law enforcement in the recovery efforts.
Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.