Beware of Business Email Compromise – It Could Cost You!
If you are in the real estate industry, you probably know someone who has gotten the call – or unfortunately, you may have gotten the call. Sometimes the homebuyer is the victim; other times it is the sales agent or title company. In any case, the calls always end the same: “Wait what? Are you telling me that they wired $50,000 to some hacker? What do we do now? How do we stop this from happening again?”
“Business E-mail Compromise” scams target companies and industries, like real estate, that regularly transfer funds via wire. In the typical real estate industry version of the scam, the villain might pose as a title company employee and e-mail the buyer with a last minute change to the instructions on where to send money needed to close. Or they might pose as the seller and send an e-mail to the title company asking that seller’s proceeds be sent to a new account. In some cases the e-mail comes from the real account – because the villain has gained access somehow – or it comes from an account made to look like a real account: so instead of the e-mail being jane.agent@jane-realty.com it might add an extra letter – so it would have an extra “l” in realty.
The FBI reported that in 2015 and 2016 there was more than a 2000% increase in identified exposed losses due to Business E-mail Compromise. To protect yourself and your customers, the FBI recommends increased awareness and understanding. Some specific recommendations from the FBI are:
- Avoid free web-based e-mail accounts: Establish a company domain name and use it to establish company e-mail accounts in lieu of free, web-based accounts.
- Consider additional IT and financial security procedures, including the implementation of a two-step verification process.
- Immediately report and delete unsolicited e-mail (spam) from unknown parties. DO NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give subjects access to your computer system.
- Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been through company e-mail, the request could be fraudulent. Always verify via other channels that you are still communicating with your legitimate business partner.
- Confirm requests for transfers of funds. When using phone verification as part of two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
- Carefully scrutinize all e-mail requests for transfers of funds to determine if the requests are out of the ordinary.
If you or someone involved in the transaction falls victim to a scam, you need to move quickly, as the longer you wait, the less chance there is to recover the funds. The FBI recommends that you:
- Contact your financial institution immediately upon discovering the fraudulent transfer
- Request that your financial institution contact the corresponding financial institution where the fraudulent transfer was sent
- Contact your local Federal Bureau of Investigation (FBI) office if the wire is recent. The FBI, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds
- File a complaint, regardless of dollar loss, at www.IC3.gov
For more tips from the FBI on how to avoid being a victim, and what to do if you get scammed, go to www.justice.gov and look at the publication titled “Best Practices for Victim Response and Reporting of Cyber Incidents.”
Sadly, these types of scams are not going away and will likely get worse. Only through education and vigilance can you put you and your customers in the best position to avoid becoming a victim.
Note: This story originally ran in the June 2017 edition of RESPRO eNews.
Copyright 2023 RISMedia, The Leader in Real Estate Information Systems and Real Estate News. All Rights Reserved. This material may not be republished without permission.