Business email compromise (or BEC) is a huge problem and growing rapidly – the Internet Crime Complaint Center of the FBI received BEC-related complaints with claimed losses exceeding $1.4 Billion in 2021 (up from $360 million in 2016). According to the FBI report, BEC actors have targeted organizations in every U.S. State and 150 countries around the world.
Real Estate Wire Fraud (REWF) is a sub-category of BEC, but has a disproportionate impact, as the dollar amounts in real estate transactions are large, and the affected party – typically the buyer – may lose their life savings in one wire fraud transaction. Wire fraud is typically committed by the fraudsters inserting themselves into the transaction at the point where money changes hands – typically using email as the means – and redirecting the funds to their own accounts.
The figure shows fraud loss in 2021, and the two of the largest categories are Bank transfers or Payments ($756M in losses) and Wire Transfers ($482 Min losses) – these two are inherently part of all financial and real estate transactions, respectively.
In addition to financial losses, firms must deal with the effects of wire fraud on company operations, corporate reputation, and a loss of trust in payment systems.
How a typical real-estate wire fraud works
By use of compromising participants' emails or any other digital interactions, the thief finds a means to get involved in real estate deals. As money starts exchanging hands in the process, the criminal steps in and redirects the money to accounts under their control, frequently using an email that seems to be from the title company, real estate business, or another relevant party.
The money is routed to the offender before the customer is even informed of the fraud. The loss of such funds might be disastrous for the victims as well as their families.
After obtained, the money is often transferred to a bogus domestic account before being immediately disbursed via cash or cheque transactions. The monies may be moved to a separate fraudulent local or foreign account, as seen in numerous BEC (Business Email Compromise) frauds. Money transferred to domestic accounts is sometimes exhausted quickly, rendering recovery challenging.
Criminals that get cash unlawfully, especially via BEC and certain other forms of deceit, should find a means to relocate and conceal their finances. Money laundering usually occurs in three steps. Criminals may first "deposit" the monies in a financial structure. The following stage, "layering," is moving money across, sometimes between various financial institutions & frequently between accounts maintained in fake names or sham corporations, in order to conceal the cash from its criminal sources. The final stage, concealment, aids in keeping the scammers from being discovered. Funds are frequently sent through wire transfers, different types of cheques, money service businesses, virtual currency, or other forms of payment.
There are other fraud methods that affect financial intuitions and may indirectly lead to Wire fraud – typically by either collecting account information (voluntarily or via software on computers). These are to be guarded against as much as Wire Fraud – some of these are:
Phishing - where criminals attempt to influence people into providing information, like bank account information via the internet or by email. Or they can impersonate the bank or any other financial institution, ask for business bank account details – and use the information to commit wire fraud.
Ransomware – restrictingaccessing vital computer networks or documents, and demanding a ransom to avoid expensive business interruptions – which they may or may not honor.
Malware – use of rogue software to gather financial or account information, t use for fraudulent activity against the targeted company.
4-step Wire Fraud Response
If your company is the victim of wire fraud, you need to be ready to act quickly. You'll need a complete incident response strategy, and it is advisable to have this in place and working smoothly just in case such an incident does occur.For small and mid-sized businesses with limited resources, it may be best to have a simple but effective plan in place. An example of this would be these four steps
Detection and analysis
Containment, eradication & recovery
as laid out in a short article by JP Morgan Chase directed at small businesses.
Even better, try to avoid Wire Fraud
You should be prepared for a response in case an incident does occur – however, prevention of wire fraud is obviously a much better option. It may not be possible to completely fraud-proof any business operation, but training and active monitoring of transactions can help significantly reduce the chance of occurrence of such an event, and make you better prepared in case it does happen.
The Federal Trade Commission, and even organizations like the American Land Title Association (ALTA) whose members are directly affected by wire fraud, have created multiple lists and guidelines to prevent such fraud from occurring.
Never give up your bank account, credit card, or Social Security number to advertisements, uninvited callers (those attempting to offer you something through the phone), or anybody by email or text message. Such data can be exploited to steal funds from your account through wire transfers.
Never send money to someone you don't trust or haven't seen in person, or to anybody claiming to be from a government department, IRS, SSA, or a significant corporation.
Verify the procedure with the lender so you understand exactly what to anticipate before finalizing a real estate transaction. Do not agree to a hasty or last-minute adjustment or demand to transmit money in order to keep the asset. Make contact with your mortgage advisor.
When sending funds, confirm your fund wiring procedures by phone incorporating a recognized number – do not utilize unknown phone numbers or URLs over an email. Avoid sending money to anyone who puts you under obligation to pay promptly or claims that a wire transfer is the only option to pay.
Before initiating a wire transfer, request your bank to validate the account's identification. Verify recommendations with your real estate consultant or title business by dialing a phone number and an individual you know before transferring money.
Check it right away. Contact the title company or real estate broker to confirm that the money have been released. The quicker it is discovered that funds has been deposited to the unauthorized account, the higher your chances of retrieving the funds. Transfers can take place around 24 hours.
Don't be fooled by an update in wiring guidelines. Title companies seldom update wire procedures and payment details through email. Do not dial a different phone number or react to an email with fresh instructions.
When replying to a dubious email, select "Forward" rather than "Reply," and thereafter enter the sender's email id. Criminals utilize bogus email ids that look just like the actual ones used by businesses. By entering your email address, users will enable it simpler to determine whenever a cybercriminal is targeting you.
Be on the lookout for popular hoaxes like work-from-home proposals, sales on items, or announcements that you've been awarded a prize or jackpot.
Examine your bank record on a routine basis for any questionable activity. If you see something suspicious, notify your financial institution as soon as possible.
If you suspect you are a target of wire fraud, call your bank instantly and ask whether the bank can block the transfer or reclaim your cash from the person's / company's account. Inform the bank why you wish to halt the transaction and provide the account number to which the funds were sent. Don't put it off.
If you believe you inadvertently wired funds to a fraudster, you can submit a report with the Federal Trade Commission online or by calling 877-FTC-HELP. To address fraudulent activity, you may also register a claim with the federal Consumer Financial Protection Bureau or call the local U.S. Secret Service field office Cyber Fraud Task Force. In addition, you can file a complaint with the FBI's Internet Crime Complaint Center.
Similarly, based on their extensive experience with fraud, and analysis of incidents reported to them, The FBI has also created a short list of suggestions as protections against fraud, especially linked to financial transactions where email or wire transfer is involved:
Use the following steps to protect yourself from wire fraud:
Use secondary channels or two-factor authentication to verify requests for changes in account information.
Ensure the URL in emails is associated with the business/ individual it claims to be from.
Be alert to hyperlinks that may contain misspelling of the actual domain name.
Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
Ensure the setting in employees’ computers are enabled to allow full email extension to be viewed.
Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits. (Source: FBI 2022 Congressional Report on Business Email Compromise and Real Estate Wire Fraud).
Wire fraud is a reality in the financial services world today – and it is growing as the use of electronic information and money transfer is increasing. There are ways to protect a business to prevent wire fraud from occurring, and also to prepare in case such an incident does occur.
In many cases, the effort and resources needed to both prevent and act on wire fraud incidents seem overwhelming, or too difficult to implement in-house. To ease this, businesses have been outsourcing the design, implementation, and even the execution of information security activities to organizations like ours – which is ISO certified for Information security and business continuity and have been helping address fraud issues for the financial services industry for over two decades. Customers of Coforge BPS, for instance, have outsourced Wire Instructions review and this is completed before any Wire Transfer is carried out by the Bank or Mortgage Company. In other cases, customers have consulted with Coforge to put in place information security practices and technology, and also to maintain and audit processes so that they are always up to date with the latest threats in this space. You can get more information on this and other services by emailingCoforgeBPS@coforge.com