According to the U.S. Federal Bureau of Investigation’s 2019 Internet Crime Report, more than two-hundred and twenty million dollars were lost in 2018 to real estate wire fraud. In 2019, there were 11,677 victims suffering more than $220,000,000 in losses. In 2018, there were 11,300 reported victims and $150,000,000 in losses.
Wire fraud is on the rise. Hackers and Phishers are targeting title companies and real estate agencies to perpetrate these crimes.
In what is known as a “phishing” attack, the criminal will send correspondence, usually by email, to anyone that works for or with a title company or real estate agency. This correspondence often references a transaction or various transaction details. The correspondence is designed to look real. The correspondence is often designed to be so generic that the viewer may mistake it for being applicable to the viewer’s currently pending transaction. Often, the domain name on the sender’s email address is very similar to the real domain name for a real title company, real estate agency, or other legitimate business. However, unless the domain name is identical to the real domain name, the sender of the email is probably a criminal, likely who lives or works in some other country, who is trying to deceive the recipient of the email into thinking that the domain name is the real domain name of the real company when the domain name is slightly different from the real domain name. These similar domain names are owned by criminals that use them to try to trick people into thinking that they work for real companies when they do not.
The U.S. Federal Trade Commission has published an article advising the public on how to avoid phishing scams here: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Sometimes, a hacker will compromise a real company’s domain name and send fake wiring instructions from a real domain name. The hacker may either have gained full access to the real domain name or the hacker may be “masking” the domain name in the email headers to make the email appear as if it came from the real domain name when the email did not, in fact, come from the real domain name. Sometimes, when this masking occurs, it is only possible to discovery the masking by looking at the raw email data rather than looking at the email itself, depending on the graphical user interface system that is being used to view the email. Many email users do not know how to do this.
In any transaction, before you send a wire, make sure to double and triple-check the wiring instructions. At Ghrist Law PLLC, you should not send wires unless you received the wire instructions through an encrypted messaging portal instead of email or you received the wire instructions in person from a Ghrist Law PLLC employee or you met the employee previously in-person and recognized the employee’s voice on the phone when the employee called with the instructions. Even if the foregoing occurred, you should still confirm those wiring instructions by speaking to at least two different Ghrist Law PLLC employees prior to sending the wire, confirming the wire instructions with both employees, and confirming by email as well. Do not send a wire based on unconfirmed wire instructions. Please always confirm each set of wire instructions by at least three different methods (such as phone, email, fax, or in-person) with at least two different Ghrist Law PLLC employees so as to ensure that the wire instructions are legitimate. Make sure that each Ghrist Law PLLC employee who verifies or confirms wire instructions is an employee that you previously met in-person so that you know that person’s identify. If in doubt, come visit us at one of our offices.
Even phones can be used in phishing attacks. Sometimes, hackers and phishers will set up a fake phone number and a fake website. These can appear to be very realistic and the criminals on the phone may seem to work for Ghrist Law PLLC or another title company or real estate agency. Even Caller Identification can be faked. The phone companies do not police the use of Caller ID very well. As a result, a criminal can make a Caller ID on a phone call appear to come from a real title company, law firm, real estate brokerage, or financial institution when it does not, in fact, come from a real business.
DO NOT EVER USE ANY WIRING INSTRUCTIONS TO SEND MONEY UNLESS YOU PREVIOUSLY MET ONE OF OUR EMPLOYEES IN-PERSON AND YOU RECOGNIZE THAT PERSON’S VOICE ON THE PHONE AND YOU VERIFY THAT THE PERSON THAT YOU ARE SPEAKING WITH ON THE PHONE IS, IN FACT, THE PERSON THAT YOU PREVIOUSLY MET. ALSO, CONFIRM THOSE WIRE INSTRUCTIONS WITH AT LEAST ONE OR TWO OTHER EMPLOYEES. COME VISIT OUR OFFICE WHEN IN DOUBT.
Copyright, Ian Ghrist, 2021, All Rights Reserved. Unauthorized reproduction strictly prohibited.
Disclaimer: This document is for informational purposes only. Do not rely on any part of this document as legal advice. Instead, seek out the advice of a licensed attorney with regard to the particular facts and circumstances of your legal matter. Also, this information may be out-of-date or wrong and is not intended to be comprehensive or to address any potential or specific factual or legal scenario.