When Baltimore County resident Bill Wiesand set out to help his daughter buy a home, he never imagined he’d risk losing thousands of dollars as the subject of a targeted cyber scam.
A few weeks before the settlement, Wiesand, 65, received an email from the agent selling the home that said the title company required an immediate $10,000 deposit “to ensure a smooth and early closing.” She included wiring instructions and a routing number for the title company’s bank account.
But it wasn’t actually the agent who emailed him; an impersonator had hacked into her account. And the routing number belonged not to the title firm, but to someone else unaffiliated with the settlement.
As the housing industry relies more heavily on email and mobile communication to facilitate transactions, unsuspecting homebuyers like Wiesand are more vulnerable to fraud than ever before. Real estate agents and companies are scrambling to both handle and lessen the risk to their firms and their clients.
The FBI calls the kind of fraud Wiesand experienced “business email compromise,” which is when a hacker gains access to a corporate email account and uses it to defraud other employees or customers. This is known more commonly as “spear phishing,” when someone uses a trusted email account to try to defraud someone else. Since 2013, more than 22,000 people have lost nearly $3 billion via business email compromise in the United States, according to the FBI’s Internet Crime Complaint Center.
In Maryland last year, such crimes resulted in victim losses amounting to a reported $6.3 million to 325 people, according to FBI data. The state ranked 8 out of 57 states and U.S. territories last year in the total number of victims affected by internet-related crimes per state, with over 3,100 victims affected.
Sixty victims in Maryland reported losses amounting to over $2 million combined from January 2017 through November 2018 as a result of a party in a real estate transaction unknowingly transferring money to the wrong account, FBI spokesman David Fitz said in an email.
Fitz said while all businesses are susceptible to this kind of scam, the real estate industry proves especially attractive to fraudsters due to the volume of large, one-time transactions handled over wires and discussed via email.
“It’s doubled year-over-year, and as we put procedures in place, these criminals adapt,” Fitz said. “Half our game is playing defense.”
Fitz said the majority of perpetrators hail from West Africa and Eurasia and conduct their schemes from overseas. They often work, he said, as part of a transnational organized crime network and take advantage of their connections in different countries.
He added that victims, real estate agents and title companies may not report cases of business email compromise out of fear of appearing incompetent or unreliable, meaning the number of victims affected and the amount of money lost could be much higher than what the data show.
Maryland real estate and title companies have resorted to holding regular training sessions, seminars and lectures designed to educate staffers. David Thurston, president of the Maryland-based Crown Title Corp., said his company first witnessed scam attempts via email around two or three years ago, but has not suffered any losses.
He attributed the shift from paper checks and phone calls to bank wires and emails as the reason behind the hike in crime.
“What [we] didn’t count on was technology changing everything,” Thurston said. “It’s been a traumatic and dicey few years.”
But, despite efforts to boost awareness, the amount of money reported stolen this way continues to grow.
Typically, real estate-related email fraud follows a basic formula.
At some point before the sale closes, one of the parties’ email accounts is hacked by an outsider. The criminals often look for entry into an unencrypted email account, one without a multilayer security system built in, or send targets emails with malware attached and breach the account by “infecting” it with a virus.
Upon completing a successful hack, the fraudster then monitors the internal correspondence within the email account, taking note of the person’s signature and, in more recent cases, copying the warning note attached to the subject line and the bottom of the email that cautions clients of possible spoofs.
Often with a new, nearly identical email address, the criminal will then target a consumer, copying the agent’s signature or the title company’s logo. As in Wiesand’s case, the hacker typically asks for an advance or changes the wiring instructions.
Valerie Grandin, North American Title Insurance Co.’s executive vice president and chief underwriting counsel, said the same few “red flags” surface in the majority of these scams.
“Any kind of rush or last-minute change, those are the biggies,” Grandin said. “And at the month’s end, you’re very busy, so that’s when they’re going to attack.”
Not all victims of wire fraud qualify for reimbursement after losing money from such phishing scams, Grandin said, making the stakes even higher. She encourages all homebuyers to verify their wire transfers over the phone.
“It’s a constant threat,” she said. “Consumers may only do one or two of these [transactions] in their entire lifetime, so it’s hard to impress the urgency and potential for tragedy.”
Fortunately for Wiesand, a bank manager at his Wells Fargo branch prevented him from wiring the money. But he remembers the experience as both invasive and painful.
“It’s a very emotional situation,” he said. “I wanted to kiss that manager. I was so thankful he was on the ball with that.”