The New Jersey Department of Banking and Insurance (NJDOBI) issued a bulletin last month warning all banks, credit unions, mortgage lenders, title insurers, real estate brokers and other such institutions licensed to conduct mortgage loan transactions in the state of NJ of the increasing danger posed by wire transfer fraud. Issued by NJDOBI Acting Commissioner Marlene Caride, the bulletin goes into detail about the nature of wire fraud and how it can affect these types of businesses. It also offers some tips for decreasing their viability as a target for scammers.
The NJDOBI’s warning is not the first of its kind, nor is it the only one issued by a government agency for the mortgage lending sector. In 2016, both the Federal Trade Commission (FTC) and the National Association of Realtors published one alerting consumers of phishing campaigns targeting mortgage closings to commit wire fraud. They issued another the following year, and were joined by several other parties in doing so, including the American Land Title Association (ALTA) and a US Senator. There was also a push for the Consumer Financial Protection Bureau (CFPB) to release their own warning.
These wire transfer fraud schemes involve the use of business email compromise (BEC) techniques such as phishing to exploit victims’ trust and vulnerability. They will often use information gathered either by profiling potential targets or extracting identification data from their systems to be able to send believable messages asking for funds to be transferred to a designated account. This will be done towards the closing portion of a negotiation to take advantage of the buyer’s guard being let down by posing as someone involved in the process. The message may indicate that there has been a change in the destination for the funds, and the account they provide may lead to an overseas location that will make it very difficult to track and more so to recover.
Social engineering has become a particularly dangerous technique for hackers to employ in phishing and wire fraud due to the widespread availability of personal information through tools such as social media. Scammers will extract enough data from these applications to mimic one of the parties involved to an extent that unsuspecting victims will detect anything amiss at first glance. The message will appear virtually similar to a legitimate email and will be complete with a seemingly credible subject line. Even cross-checking message senders by phone may not be successful as hackers have employed technology that allow them to redirect calls to the actual party towards their own line to ensure their actions are not revealed.
This issue is not confined to the Garden State and it has garnered an increasing amount of attention as the number of reported incidents expands across the country. However, home buyers all over the US seem to have become a favorite target for this type of scam, and according to Forbes, it is siphoning almost $5.3 million a month from the marketplace. Title agencies and other financial institutions involved in transactions affected by these attacks can face serious repercussions, either financially if they are found liable by a government agency or to their reputation with partners and clients. Wire transfer fraud cases, phishing and social engineering tactics represent a threat not only to individual agents and agencies, but to the ability of the entire real estate industry to function effectively.
Wire fraud attempts in the real estate sector are reliant on information extracted from network breaches that pertains to ongoing contract negotiations and impending wire transfers. Maintaining vigilant network security can help prevent the factors that lead to successful transfer fraud attacks and safeguard your clients from losing thousands to millions of dollars. The best defense against wire fraud and other phishing attempts is to have the proper security awareness training and monitoring. Contact us to learn how we can help provide you with the training you need to protect yourself from these threats.