Be Careful with BEC Scammers

An escalating problem known as Business Email Compromise (BEC) scam has plagued our industry in recent months. The BEC scam is a highly sophisticated email fraud scam. In fact, a fraudster recently attempted to perpetrate a BEC scam against McMichael & Gray. Two weeks ago, one of our pre-closers came to me and said, “Randy, I think you need to read an email from this builder’s agent.” The email stated that ABC Builder (ABC Builder is not their real name, I am protecting the innocent) requested we wire their funds rather than issue a check at closing, which is our normal practice with ABC Builder. As with most of our clients, we have a personal relationship with ABC Builder. So, we called ABC Builder’s owner and agent. After a brief conversation, it became clear a fraudster compromised the email account of ABC Builder’s agent and attempted to have McMichael & Gray wire ABC Builder’s funds into an account controlled by the fraudster.

So, how does a BEC scam work? The typical BEC scam begins when a fraudster hacks the email account of a party to a closing. The fraudster monitors that email account without that party’s knowledge during the closing process. This allows the fraudster to identify the parties to the closing and learn the details of the closing (e.g., the who, what, when, how, and where). Then, the fraudster sends an email which appears legitimate and from a proper party related to the closing, directing the closing attorney to wire the seller, buyer and/or agent funds to an account controlled by the fraudster. Really, the fraudster could impersonate anyone who receives funds or a payoff in connection with that closing. Because everything appears appropriate, the closing attorney wires the requested funds as instructed by the fraudulent email and the fraudster has control over the stolen funds.

As a closing attorney, it makes me realize how difficult it is to detect and prevent against a BEC scam. Fraudsters who initiate a BEC scam are typically computer hackers and have a working knowledge of the real estate closing process. In our case above, the email address and email signature lines were identical to the legitimate emails
sent from ABC Builder’s agent. But for the awareness and subsequent action of our pre-closer, McMichael &
Gray may have become a victim of a BEC scam.

So, how can I avoid becoming the victim of a BEC scam? Nancy Bowman, Georgia State Manager of Old Republic Title, suggests the following to avoid BEC scams:

1. Be wary of last-minute changes to wire instructions: You should (i) be suspicious of last-minute changes to wiring instructions, especially if the sender emphasizes a need for secrecy or pressures you to act quickly; (ii) be particularly alert on Fridays and on days before holidays – fraudsters use the resulting delays to create openings for their scheme; and (iii) be very cautious if the email or wire instructions are sent outside normal business hours or direct the funds to be sent to a bank or account located outside the state where the subject property is located.

2. Know the transaction and know the parties: You should study the transaction carefully. The larger an outgoing wire, the more incentive a fraudster has to target it, and the more scrutiny you should apply. You should note the habits of the parties to a transaction and be mindful of any divergence from those habits.

3. Use two steps to verify wire instructions: You should use a two-step process to verify and confirm
the wire transfer instructions. First, if a request for a transfer of funds comes in through email, the email
directing the transfer of funds must be verified by using a valid phone number for the party from whom the
e-mail was supposedly sent. Do not rely on the phone number or other contact information shown in the
suspect email or its attachments. Second, do not reply to the suspect email. If the email is fraudulent, a reply to
the email may give the fraudster valuable information needed to maintain the BEC scheme.

4. Confirm receipt: Immediately after the funds are disbursed, you should follow-up with the intended
recipient of the wire to confirm receipt of the funds. As always, you should confirm that you are communicating
with a legitimate party to the transaction. If a BEC scheme hits, the sooner the errant wire is detected, the more
likely law enforcement can trace, or even recover, the funds.

5. Practice good “cyber hygiene”: You should not click on links or attachments in suspicious emails.
These links and attachments may be used to install malware on your computer system, which may allow the
fraudster to monitor your communications, learn your business practices, and learn the details of upcoming
transactions. As additional safety precautions, at a minimum, we strongly recommend that you: (1) close your
browser when your computer is not in use; (2) use strong passwords and change them frequently; (3) be aware
of and report unusual situations or possible virus attacks; (4) install and keep anti-virus software on all your
computers up-to-date; (5) install a firewall on all your computers; (6) avoid websites you do not trust; (7) not
send wire information or other business sensitive data from a personal email account; and (8) encrypt all emails
that contain wire instructions or other sensitive information.

Please, please let your broker know if you believe your email account is ever compromised. Fraud prevention is a TEAM effort.

«               »