Real estate wire fraud on upswing
Sun Title Agency owners create fraud protection company after losing nearly $200,000.
Sun Title Agency learned about elaborate wire fraud schemes the hard way when the title company was hit in 2015, costing it nearly $200,000.
Following the attack, owners Lawrence Duthler and Thomas Cronkright spent two years recovering about $145,000 of what was stolen. The recovery process gave them insight into the elaborate, two-monthlong scheme that had compromised their security.
“The sophistication of these schemes — it’s come a long way from that Nigerian prince story you hear about,” Duthler said. “These are white-collar guys like you and me.”
Bill Kowalski, director of operations for Rehmann Corporate Investigative Services, said the process starts when a fraudster hacks into a realtor’s email. In Sun Title’s case, the hacker was camped out in a realtor’s email for two months without anyone’s knowledge.
“Realtors, or anybody, might download an app that gives (fraudsters) access,” he said. “They know when you’re showing houses, which houses you’re showing, and they know when a buyer is going to wire the money.”
The hacker then sends a fraudulent email, which may differ only slightly from the realtor’s actual email, to the buyer on the transaction date and claims the wiring instructions have changed. Kowalski said, nine times out of 10, once the buyer wires the money to the fraudster’s location, it’s never recovered.
“It is surprising how far these attacks can get,” said Richard Maloley, OST security consultant. “Often, they are only discovered because a secondary authorizer has to finalize the transfer(s) and asks the pertinent questions that uncover the fraud.”
Maloley added sometimes the victim would have no idea they were targeted or successfully attacked. Generally, attackers will disguise their online presence behind a proxy or VPN connection with endpoints in foreign nations.
Duthler and Kowalski both noted a “tremendous uptick” in wire fraud, particularly in real estate, in recent years. Because of the large amounts of money transferred by wire, real estate transactions have become an attractive target for hackers. Duthler said Sun Title moved almost $3 billion in real estate transactions last year.
“If you pick somebody’s pocket, you’re going to get maybe $7 on average. If you rob a bank, you get an average of $7,000. If you rob somebody’s wire you could get $160,000,” Duthler said.
“Since real estate has been such a high-value target for attackers, we counsel clients to never send information over emails,” Kowalski said. “Realtors, when they sit down with their clients, need to tell them, ‘You will never get wiring info from me by email. If you do so, call me right away.’”
The simple act of making a phone call to ensure the realtor’s identity can ease grief on the human end, but Sun Title also has been at work providing a tech-based security solution.
Duthler and Cronkright founded their own technology company, CertifID, following the attack on Sun Title. The CertifID platform enables business users to confirm identity and bank account information through a three-step process.
Duthler said the first step is digital verification. CertifID creates a digital fingerprint based on “billions” of records to ensure a given smartphone, tablet or laptop is being used by its rightful owner.
“When you’re about to hit send on a wire, you have to make sure the person you’re dealing with is truly the person you think you’re dealing with, even if you call somebody at a number you think you know,” Duthler said.
Secondly, the system provides a list of knowledge-based questions to verify the user’s identity. Lastly, the system shows users the wiring instructions they specified, and they have the opportunity to confirm them. The entire process takes about 60 seconds.
CertifID also insures transactions up to $500,000.
But Duthler added companies still must train their realtors to have a “high level of skepticism.” Even as his and other firms focus on continuously updating their systems, fraudsters focus mainly on tricking the person behind the screen.
Kowalski said, as firms continue to up the arms race with added security measures, attackers have become bold enough to call buyers directly posing as the realtor.
“They’ll call the buyer and say, ‘I can’t hear you,’ and hang up,” he said. “And they send a text with (wiring) instructions, and the buyer will think, ‘Well that must be the realtor. (Realtors) should be counseling their clients never to accept that.”
Fraudsters also have taken to copying interfaces like DocuSign and Google Docs to try to trick targets into handing over their login information.
Maloley warned Office 365 is a popular vector for fraudsters because of the standardization of the login interface and the likelihood that an end user will recognize the login form and immediately enter credentials without much forethought.
“The default configuration for Office 365 is to enable very minimal logging/auditing, resulting in a limited account of actions taken by authorized and unauthorized users,” he added.
“You could be the most educated person, but these fraudsters are so sophisticated, and the emails look identical. It’s really convincing,” Duthler said.
Duthler said the players who are ultimately at risk and need the most education regarding wire fraud are buyers and sellers, because unlike realtors, banks and title companies who handle these transactions every day, the risk isn’t always apparent.
“You’ve got to educate your clients from the beginning: If we ask for money, it will never be in the form of an email. Wiring instructions will never change,” he said.