Wire fraud has hit the Tri-Cities. There have been several reports of fraudulent wire transfer requests in our area. Instances of local fraud include amounts up to $250,000 being lost. The hackers are sending out wire instructions that look like they are from a legitimate business with instructions on where to wire the transfer to. The one thing you need to remember to avoid fraud, is to always independently confirm wiring instructions in person or via a telephone call to a trusted and verified phone number. Do not use any phone numbers sent from an email.
How the Fraud Happens
This type of fraud is carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques. What happens is that an email account gets hacked. This could be the buyer, seller, brokers, or escrow companies email, for example. Then hackers continue to monitor the email account. Next, they wait for the time when the consumer needs to wire funds such as right before closing. At this point, none of the parties even know that they are being monitored.
The hacker then impersonates the escrow agent or broker; and requests the client to wire funds immediately. The email claims that there has been a last minute change to the wire instructions. Specific instructions are given which include an account that is controlled by the hacker. The hacker uses tactics to create a sense of urgency to the client that this, ” must be done right away.” They also add that they can’t be reached by phone, so any follow-up communication must be done by email. When the client replies to the email sent by the hacker, the hacker diverts the emails so it goes to the hacker and not the intended recipient. Because of the urgent nature of these emails, the client may fall for the scam and wire the funds. Those funds are then stolen by the hacker with no recourse tor the client. The money is gone.
FBI’s Public Service Announcement
In May of this year the FBI posted warnings including a Public Service Announcement about the sharp increase they are seeing in wire fraud using fake business emails. This has recently happened within the real estate industry here in the Tri-Cities. These emails look completely legitimate. The perpetrators are able to copy the letterhead , signatures, logos, and email addresses of legitimate local businesses.
This type of fraud has become so rampant that the FBI has had to start tracking these scams as a single crime type1 in 2017. These scams involve businesses and are now called ‘Business E-mail Compromise'(BEC) and ‘E-mail Account Compromise (EAC)’ scams. BEC/EAC scams typically, “target small, medium, and large businesses. Between January 2015 and December 2016, there was a 2,370% increase in identified exposed losses3.”
FBI Mentions Real Estate Industry
The FBI specifically mentions the real estate industry in particular as one of their examples:
“Real Estate Transactions
The BEC/EAC scam targets all participants in real estate transactions, including buyers, sellers, agents, and lawyers. The IC3 (The Internet Crime Complaint Center) saw a 480% increase in the number of complaints in 2016 filed by title companies that were the primary target of the BEC/EAC scam. The BEC/EAC perpetrators were able to monitor the real estate proceeding and time the fraudulent request for a change in payment type (frequently from check to wire transfer) or a change from one account to a different account under their control.”
According to the FBI, “Business E-mail Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The E-mail Account Compromise (EAC) component of BEC targets individuals that perform wire transfer payments.”
Two Precautions To Avoid Fraud In A Real Estate Transaction
It is important, when you are involved in a real estate transaction, to take two precautions if you are ever contacted about wiring any funds.
- Obtain the phone number of your real estate broker and your escrow agent at your first meeting
- Call the known phone number to speak directly with your broker or escrow officer to confirm wire instructions PRIOR to wiring any funds.
“Most victims report using wire transfers as a common method of transferring funds for business purposes. However, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices. The fraud has evolved to include the compromising of legitimate business e-mail accounts. They also request Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees, and may not always be associated with a request for transfer of funds.”
- Be suspicious of requests for secrecy or pressure to take action quickly.
- Immediately report and delete unsolicited e-mail (spam) from unknown parties. DO NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give subjects access to your computer system.
- Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient’s correct e-mail address is used.
- Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been through company e-mail, the request could be fraudulent. Always verify via other channels that you are still communicating with your legitimate business partner.
- Confirm requests for transfers of funds. When using phone verification as part of two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
- Carefully scrutinize all e-mail requests for transfers of funds to determine if the requests are out of the ordinary.
- A complete list of self-protection strategies is available on the United States Department of Justice website www.justice.gov in the publication titled “Best Practices for Victim Response and Reporting of Cyber Incidents.”
What To Do If You Are A Victim Of Fraud
Act quickly if funds are transferred to a fraudulent account:
- Contact your financial institution immediately upon discovering the fraudulent transfer.
- Request that your financial institution contact the corresponding financial institution where the fraudulent transfer was sent.
- Contact your local Federal Bureau of Investigation (FBI) office if the wire is recent. The FBI, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds.
- File a complaint, regardless of dollar loss, with www.ic3.gov or, for BEC/EAC victims, bec.ic3.gov
Provide The Right Information
When contacting law enforcement or filing a complaint with IC3, it is important to identify your incident as “BEC/EAC”; also consider providing the following information:
- Originating business name
- Originating financial institution name and address
- Originating account number
- Beneficiary name
- Beneficiary financial institution name and address
- Beneficiary account number
- Correspondent bank if known or applicable
- Dates and amounts transferred
- IP and/or e-mail address of fraudulent e-mail
Detailed descriptions of BEC/EAC incidents should include but not be limited to the following when contacting law enforcement:
- Date and time of incidents
- Incorrectly formatted invoices or letterheads
- Requests for secrecy or immediate action
- Unusual timing, requests, or wording of the fraudulent phone calls or e-mails
- Phone numbers of the fraudulent phone calls
- Description of any phone contact, including frequency and timing of calls
- Foreign accents of the callers
- Poorly worded or grammatically incorrect e-mails
- Reports of any previous e-mail phishing activity
As always, thanks for reading and we welcome any additional information or comments you may have. And thanks to the FBI for their continued work and detailed information to help the public. The information obtained herein is from: FBI’s Alert Number I-050417-PSA.
Questions regarding this PSA should be directed to your local FBI Field Office.
Local Field Office Locations: www.fbi.gov/contact-us/field
1920 N. Pittsburgh St., Suite A
Kennewick, WA 99336