Ross and Melinda F. were purchasing a home to live closer to their daughters and new granddaughter in the Kansas City area.
Ross, a retired pastor of 46 years and Melinda found the perfect home in Independence, MO and were planning to pay for it with cash they had saved up.
During the home buying process, the couple received an email from someone they thought was their real estate agent.
The message was sent from an iPhone and was signed with their agent’s name. The email read:
Hello Ross and Melinda, In preparation for your closing on the 30th of November.
The closing balance will be required to be wired 26th of November.
I would like to know if you will be able to perform the wire on the 26th, so I can inform the title company.
Melinda replied that they’d be bringing their checkbook. She then received this message back, again signed by her real estate agent:
Hello Melinda, Due to the increasing incidence of fraud with certified bank checks, we will require all funds needed for closing to be tendered in the form of a wire transfer.
We no longer accept certified checks as good funds.
Ross and Melinda wired the money. The money is now gone with little chance of getting it back.
Sadly, someone had been monitoring the emails between the couple and their realtor.
When the time was right, the hacker sent the e-mails with instructions for wiring money to a bank account that they controlled.
The scary thing is, the scammer knew the address of the home they were buying, their realtor’s name, email address, title company’s name, and closing date.
Unfortunately, this type of scam is growing and is commonly referred to as the Business E-mail Compromise Scam.
The way it works is that it targets both businesses and individuals performing wire transfer payments.
The scam is frequently carried out when a hacker compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
This scam continues to grow and targets transactions of all sizes.
Between December 2016 and May 2018, there was a 136% increase in losses to this type of fraud.
The scam has been reported in all 50 states and in 150 countries.
Based on the financial data, Asian banks located in China and Hong Kong remain the primary destinations of fraudulent funds, however, financial institutions in the United Kingdom, Mexico and Turkey have also been identified recently as common destinations.
The bad actors behind these scams have heavily targeted the real estate sector in recent years.
This includes title companies, law firms, real estate agents, buyers and sellers.
Victims often report a spoofed e-mail being sent or received on behalf of one of these real estate transaction participants with instructions directing the recipient to change the payment type and/or payment location to a fraudulent account.
Here’s the thing, this type of scam can come in many different formats.
What I mean is, if the CEO of your company e-mailed you asking that you wire money to a specific account, and you can see that the e-mail came from their address, chances are you will do as the e-mail asks.
Why wouldn’t you if that’s part of your job?
With that in mind, I want to share a few tips to prevent falling victim to this scam and losing a lot money like Russ and Melinda.
Pick up the phone. If your boss sends you an e-mail asking you to wire transfer someone a lot of money, you should pick up the phone.
Anytime you conduct a wire transfer, call your boss and verify it’s legitimate.
Another thing is, oftentimes, these types of hackers may e-mail an HR department and ask for a specific employees W-2, or social security number.
Again, if this is an unusual request, you should call to verify.
Establish a code word. These days, phone conversations are one of the most common ways thieves will try to get your personal information.
Many victims of this scam have reported receiving phone calls from bad actors requesting personal information for verification purposes.
Even financial institutions have reported phone calls acknowledging a change in payment type and/or location.
Some victims report they were unable to distinguish the fraudulent phone conversation from legitimate conversations.
The best way to counteract this activity is to establish a code word that would only be known to the two legitimate parties.
For instance, if you are working with a realtor, you could ask them the code word at the beginning of the conversation to make sure you are speaking with the right person.
When I call my bank, they ask me for my phone password and this is definitely a good thing.
Don’t change plans. Like the couple mentioned above, if your boss or real estate agent calls or e-mails you at the last second to change bank account information you should be cautious.
The fact is, these types of transactions happen all the time and people should typically be accurate with their banking information.
This isn’t something that usually changes on a regular basis.
When these types of changes occur last minute, you should consider the way the information was communicated to you and you should verify for yourself that the updated information is legitimate.
It’s estimated that last year alone, over $12 billion was stolen through this type of business e-mail scam, where unsuspecting victims thought they were sending legitimate wire transfers.
The reality is, these days you must verify anytime you send money and most importantly, verify a second time using a different method such as a phone call.