What does the chairman of MIT’s board of trustees and a Supreme Court judge for New York State have in common with the Weintraubs of Lebanon, Oregon? They were all victims of real-estate spoofing scams, a form of cyber-security fraud that has grown from $19 million in 2016 to over $1B in 2017. Thieves have learned that large sums of money change hands when people purchase a new home. According to the US census bureau, the median price of a home on the U.S. West Coast today is $390,000. With a 21% average down payment, transfers of over $82,000 are a regular occurrence. These funds are transferred under the exclusive control of buyers and would be transferred without the checks and balances present when banks fund the remainder of the loan. This makes the home purchase process a high-value, soft target. Rather than being forced to outwit banks and insurance companies who are protected by security professionals and sophisticated monitoring systems, thieves recognize that a local realtor is not meaningfully defended in most cases. They simply have to fool the buyer into transferring the funds into an account that is under their control. The scam starts with an email to the realtor or title agent. These individuals are trusted by the buyer and are in a position to trigger a transfer. The spear-phishing email results in the delivery of malware that permits the thief to monitor all email exchanges. From this point, the thief watches the normal flow of business until a suitably large transaction is found. When the home purchase is just about to close, the thief sends email messages from the infected PC to the buyer that appears to be from the realtor. The spoofed email contains detailed information such as transaction sums, bank names, seller names and other data that convince the buyer as to the email’s authenticity. In the final step, the spoofed message instructs the buyer to wire the funds in order to begin the transaction. The buyer does as instructed. Instead of going to the title company or to an account held by the seller’s, the money is sent to an account controlled by the thieves. In some percentage of cases, the victim is saved by delays instituted by banks in an effort to control money laundering. The thief can’t just bounce the money straight to Nigeria, China or Russia. If the victim acts very quickly, it is possible to stop the transfer. If the victim takes too long to recognize the problem, the money is transferred to a foreign bank account beyond the reach of the legal system. In most cases, the money is never seen again. The Weintraubs were one of the fortunate ones. They notified their realtor that the wire had been sent. The realtor, realizing that a fraud was in progress, was able to alert the Weintraubs in time to get the wire transfer stopped. The Weintraubs were able to get all but $17,000 of their $379,000 back. They settled with their realtor for the remainder. The MIT Board of Trustees chairman initially lost $1.9 million dollars that was intended as a down payment on a $20 million Manhattan apartment. In this case, the couple’s real estate attorney was compromised. The couple received an email purporting to be from the lawyer. It advised them to send the down payment to a Chinese bank. They did. Ultimately, the amount and uniqueness of the transfer raised enough attention from banking officials that it was delayed. The couple and their lawyer were able to respond in time to recover all but $200,000. The New York Supreme Court judge was not so fortunate. In her case, the fraud was not detected by an alert realtor or a bank employee. The transfer went through and the judge lost more than $1 million. Thieves focus on penetrating any location where money concentrates and are more attracted to places that have sub-optimal security precautions in place. Any time you are asked to pay or move a large sum of money, it is prudent to verify that transaction in person or on the phone. A simple phone call to verify the transfer specifics would have saved all of these victims from potentially devastating losses. Unlike crimes against corporations and the headline-grabbing losses by a few wealthy people, the majority of instances of real estate spoofing fraud involve middle class individuals who lose life changing sums of money.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
