A Practical Guide to Wire Fraud Defense
April 16, 2020
It’s common today to receive phishing emails or phone calls from the “Social Security Administration” saying that the police will arrest you and revoke your citizenship if you don't pay the outstanding debt in the sum of $10,000 by credit card immediately.
Those are easy enough -- you press the hang-up button and laugh it off. But new wire fraud schemes don't rely on your gullibility so much as the complexity of your processes and the lack of transparency in your organization.
In real estate alone from 2015 through 2017, wire fraud scams have risen 1100%. In fact, one of the fastest growing cybercrimes in the U.S. is wire fraud in real estate. About 11,300 people were victims of wire fraud in the real estate and rental sector in 2018 (a 17 percent increase over 2017), with losses of more than $150 million, according to FBI data.
Wire fraud is getting more complex, targeting more people in the value chain with new, much more subtle strategies.
Scammers target nearly everyone with fraud attempts
Hackers have targeted realtors, title agents and borrowers as well, usually during closing when emotions are high and buyers are trustworthy.
Attorneys are often targeted as they play a crucial role in the purchase process. A scammer could send an email to a bank as an attorney, asking them to amend the wiring instructions. As any delay can make the difference between securing or losing a property, often banks will act quickly to accommodate these requests – realizing only too late that they are actually transferring hundreds of thousands of dollars into a hacker’s account.
It’s not just the bad PR and loss of money that should be worrying when something like this happens; legislation requires that institutions take considerable precautions to ensure that they behave in a way that protects their customers from hackers.
There is a lot at stake when it comes to wire fraud
In the mortgage world, errors like the one the bank made are not only costly and frustrating, but they can have lasting impacts on real people. The couple in question buying that house? They could have been moving out of their own home, moving vans en route, but unable to take possession of their new home because of the hundreds of thousands that were stolen.
What’s more, FBI statistics indicate that these types of scams have increased by more than 1000% since 2015, and this may be just the tip of the iceberg. Mortgage wire fraud or data compromise will only increase and the actual patterns or practices which hackers attempt will continue to become more sophisticated.
As the risk in mortgage fraud or identity compromise migrates away from the lender or bank level, it’s important to realize there is a Trojan horse aspect at play and that many key processes are now outsourced to third, fourth or fifth parties. For instance, in the Capital One data breach, it was a former Amazon Web Services employee, not a Capital One employee, who gained access to consumer data. Experts suggest that each third-party involved in the process creates more potential for security breaches, and fraud.
Avoiding the scams
How closely do you look at your bank statement and miss the $100 transfer? Small transfers will add up, but also act as indicators that your system is compromised. Plus, if you can’t retrieve those funds, that hits your bottom line and financial health.
Emails can be hacked. They also can be masked and spoofed. The next generation of internet malefactors have sophisticated systems at their disposal, and the know-how to understand who within an organization has ownership of budgets and how they use them. They can send a COO a note from the CEO asking to process payment for a vendor for an upcoming employee team building event, or to pay a printer for pamphlets.
In order to avoid these costly and embarrassing mistakes, communication is key. For consumers, servicers should build stronger education around phishing scams within the closing process. It’s important that controls are in place to mitigate any potential risk by researching and validating data requests. However, communication is important within the business as well. If there is effective and efficient cross department communication, the stakeholders in question can follow set procedures to ensure they are double-checking all changes made to outgoing money transfers by vetting wiring instructions, or looking at how long escrow accounts have been open. Be sure that all emails are sent with business accounts with strong IT infrastructure to mitigate risk. And sometimes, even picking up the phone can be the difference between helped and hacked.
Technology can provide protection
Many businesses tend to operate within siloes and often tend to focus only on their core competencies, the parts of the business that they are most passionate about. Fraud, though, spares no one. This problem happens on a global scale, often in granular details that many financial professionals spend too little time considering.
Before the regulators come and sit in your office to review procedures, take the proper steps to build processes that protect your organization – and invest in the right tools to help support those processes.