Sponsor Company Name Sponsor Company Name

Cyber Phishing for Wire Fraud

Managing the growing risk of attacks on real estate transactions.

April 13, 2017 Photo

There are many forms of cyber fraud, including stolen information, cyber ransom, and identity theft. In these situations, a perpetrator attacks a business and is able to steal third-party information or financial documents or even shut down business data in exchange for payment of a ransom. These forms of cyberattack are against the business with the intent of gathering general information that can be used later. However, since businesses are aware of possible vulnerability to cyberattacks, many companies regularly update their systems against viruses and malware, use encrypted data storage, and install firewalls. 

As defenses to cyber fraud are developed, perpetrators become more sophisticated as well. A new form of cyber fraud has emerged that is based on targeting a specific group of professionals. It involves spying on their activities and results in wire fraud. By default, this necessitates more creative ways by which to resolve the resulting multiparty, complex claims matters.

Cyberthefts around the globe grew last year to an alarming $1.2 billion, compared to $100 million in more traditional thefts from financial institutions. In the last few months alone, Southern California saw an increase in focused attacks on real estate transactions resulting in wire fraud. Real estate involves several parties that are eager to close transactions, which may cause the involved parties to pay less attention to detail. There are large amounts of cash that change hands, and waiting years for the court system to resolve issues is just not feasible. 

In a typical scenario, a perpetrator locates the emails of real estate agents and brokers working in a specific area. An inexpensive software can be used to run such a search and identify these targets. Then the perpetrator engages in phishing by sending emails to the agents and brokers with purported attached documents. A perpetrator can, for example, send a document through DocuSign or GoogleDocs. The email invites the recipient to log into what appears to be the sign-in page for the software (DocuSign or GoogleDocs). The perpetrator then records the password and uses it to start monitoring the real estate agent or broker’s email. 

Once the perpetrator learns of an existing escrow transaction, he can then pose as a party to the transaction. For example, he can send an email from the broker’s actual email account with wiring instructions to the buyer. The perpetrator is able to conduct an email exchange with the buyer unbeknownst to the agent or broker by changing the action in the inbox so that it will not show incoming emails—the agent or broker would not suspect that someone is communicating from their email account. The perpetrator also can send an email to the escrow company posing as the seller and instruct it on where and how to send the sale proceeds, providing a new routing number for a wire. To add credibility, the perpetrator copies other parties in the transaction but uses false emails that appear similar to the originals.

These new forms of scams are very sophisticated because they are not like an anonymous perpetrator penetrating the business firewall. In newer forms of scams, the perpetrator actually monitors an email account and learns valuable information about the account holder’s business. It’s like a burglar monitoring when a home’s occupants leave and when they go to sleep. These scams also are fast. The sooner they are discovered, the sooner it is necessary for one’s own protection, as well as recovery of funds, to mediate the matter, concomitantly obtaining a restraining order regarding the exporting of funds.

There are several ways to avoid phishing that results in wire fraud. Internet users are encouraged to use two methods of verification (e.g., when they log into their email account, it also sends a verification code to their phone that must be entered in to achieve access). They also are encouraged to take advantage of software updates when they are available and not to continue using older, less protected versions. Parties should include a phone conversation when a transaction involves a money transfer and always read emails carefully.

Most importantly, when a problem does occur, all parties must assist each other to immediately address the incident and prevent the spread of the information. Unfortunately, many have been reluctant to call the FBI’s Cyber Division due to concerns about the Internal Revenue Service and other regulatory bodies. The FBI informs us that if it learns of wire fraud within the first 72 hours, then it has the best chance of recovering the funds. Moreover, if detection occurs in the middle of a transaction, the parties should work together to remediate the loss. 

When parties work together, often sellers are willing to adjust the price, brokers are willing to waive part or all of their commissions, lenders are willing to extend loan terms, and the brokers’ errors and omissions carriers are willing to bridge a gap that they otherwise would not offer to bridge until a case is fully litigated. In instances in which all parties work together expeditiously, they are able to close a transaction that otherwise would have been lost to wire fraud, and everyone avoids further liability and damages. The parties should all work together to identify the source of the fraud, immediately put the relevant carriers on notice, and contact the financial institution that received the fraudulent wire. Contact the recipient financial institution so it can put a hold on the wire before it is released into the perpetrator’s hands. 

Society’s fast-paced approach to handling transactions and money has to be met with an equally fast-paced resolution. If parties start pointing fingers at each other and wait until the dust settles, the losses will only grow, and the damages will be much higher. You’ll end up with three outcomes: (1) a buyer will lose an interest rate lock and the property they wanted to purchase, (2) the seller will lose time on the market, and (3) the professionals in the transaction (brokers, escrow), and consequently their carriers, will have higher exposure to liability. 

Lastly, remember to consider the stage of the matter. Is notice required for people whose information is compromised? What will the damages be? There is a lot at stake and, hence, all the more reason to mediate as opposed to leaving things in the hands of a jury years down the road. As you can imagine, this type of case would not end up as a typical insurance mediation. You should consider mediators with applicable experience.

About The Authors
Multiple Contributors
Caryn Siebert

Caryn Siebert is vice president, carrier practice, with Gallagher Bassett, and previously was CLM’s litigation management professional of the year.caryn_siebert@gbtpa.com

Rinat B. Klier Erlich

Rinat B. Klier Erlich is a partner with Manning & Kass, Ellrod, Ramirez, Trester LLP.  

Sponsored Content
Daily Claims News
  Powered by Claims Pages
About The Community

CLM’s Insurance Fraud Committee identifies, analyzes, and offers education on emerging fraud schemes and tactics; monitors and reports on developments in case law, state fraud statutes and applicable regulations; collaborates with other anti-fraud industry organizations and associations; and seeks to provide amicus support in matters of importance in the fight against insurance fraud.

Community Events
No community events
Sponsor Company Name Sponsor Company Name