Written by Michael Cooke
IMAGINE THIS SCENARIO:
You’re buying a house. You get an email from your real estate agent telling you to wire the down payment of $91,000 to a title company right away. She tells you she’s tied up in meetings and can’t talk at the moment and will explain details later but tells you that you need to get that money wired immediately to keep the deal moving forward.
This is exactly what happened to an older couple buying a house in Utah. They complied with the agent’s instructions. Tragically, the email was a fraud. A criminal was impersonating the buyer’s agent. These buyers lost their sizable down payment to wire fraud.
This is not just happening in real estate transactions but also in business in general. In a business context, it often takes the form of the Ops Manager or an Accounts Payable employee at a firm getting an email that looks like it comes from his boss saying to wire some money right away to secure a great deal he just negotiated with a new vendor. The boss says he is unavailable to talk but will provide additional details the next day. The staff person complies only to find out later that the email was not from his boss and the company is out thousands of dollars.
How do crimes like this happen? The bad guys hack into computer systems and learn details of a transaction. It might be that they hack into your email account. However, it could be that they’ve hacked into the email of your agent or your lender or your title company.
The thiefs learn pertinent details of the transaction from reviewing email history. In the case of the Utah couple, the criminals learned the amount of the down payment and the buyer’s agent name and the title company involved. This enabled them to craft a credible email that looked like it came from the agent and with details that matched what was going on in the transaction.
At other times, the hackers intercept a legitimate email with wiring instructions while it is in route from the sender to the recipient and change the information on where to wire the money. You are expecting wiring instructions and you get them and you send the wire but the money goes to the thief’s account.
There is no way to protect yourself from this criminal activity by beefing up your cyber security. When large companies like Experian Credit Bureau and Target spend millions of dollars for state-of-the-art online security and still get hacked, you realize that there is no way to be completely secure online.
THERE IS, HOWEVER, A FOOL-PROOF WAY TO PROTECT YOURSELF:
- Be aware of common elements in these fraudulent emails with an unexpected wiring request. They look like they come from someone you know right down to their email signature block being correct but they frequently say (a) the wire needs to be sent immediately and (b) the requesting party is not available to talk with you.
- Even if you think the unexpected wiring request is legitimate, talk with the person sending the email. Confirm that the party actually sent you the email and wants you to wire money.
- For both unexpected wiring requests and for requests you were expecting, don’t’ rely on the wiring instructions contained within the email.
- Instead of relying on wiring instructions in an email, do an internet search and find a phone number for the company you need to pay. Call and get their wiring instructions. If those instructions match what you received in the email, you know everything is okay. If not, you know the email was hacked in transit and you can use the correct wiring instructions that you obtained directly by phone from the company.
- Don’t email your bank to request a wire be sent. The wiring instructions you send them can be hacked in transit. Always call the bank to order the wire.
We urge all of our clients to follow these precautions when doing a real estate transaction. Beyond that, it’s important to stay vigilant in all your personal and business financial transactions to thwart these corrupt schemes.