In this year of horrendous cyberheists — Equifax the most prominent — you've probably taken at least a few precautions: changed passwords, stopped opening files and links from unknown senders, upgraded your computer security measures, maybe put a freeze on your credit reports.
But if you're buying a house and heading to settlement, you still may be far more vulnerable than you think to the fastest-growing form of real estate cybercrime in the United States: thefts of home-purchase money wired to complete closing transactions.
The scam generally works like this: Hackers find an opening into a title company's or realty agent's email account, track upcoming home purchases scheduled for settlements — the pricier the better — then assume the identity of the title agency person handling the transaction.
Days or sometimes weeks before the settlement, the scammer poses as the title or escrow agent whose email accounts they've hijacked and instructs the home buyer to wire the funds needed to close — often hundreds of thousands of dollars, sometimes far more — to the criminals' own bank accounts, not the title or escrow company's legitimate accounts. The criminals then withdraw the money and vanish.
According to new data provided for this column by the FBI, in fiscal year 2017, nearly $1 billion ($969 million, to be precise) was "diverted or attempted to be diverted" from real estate purchase transactions and wired to "criminally controlled" accounts. That figure is up explosively from fiscal 2016, when the FBI counted $19 million in wire-transfer frauds affecting home buyers. The bureau describes the growth rate of this type of theft as "steep," though the sharp statistical rise may be partially attributable to increased reporting of such hacks by consumers, banks and real estate industry participants. It's also shocking and devastating to the home buyers involved. Consider two recent cases involving substantial losses:
●Last May, a Washington, D.C., couple lost $1.57 million when their wire transfer of settlement funds was hijacked after cyberthieves reportedly penetrated a title and escrow company's email system and steered the money to their own account.
●In January, a Denver couple signed a contract to buy a $504,000 new home. They had sold their previous house and planned to use the $272,536 in proceeds as a down payment. Somewhere along the path to the scheduled closing in April, hackers gained access to the email system of the title company, realty agent or mortgage company — no one seems to know which. The couple received genuine-looking email instructions on wiring the down payment cash in preparation for the settlement. But the instructions were bogus and the money disappeared. Nothing has been recovered.
Although cyberthefts involving home settlements have been occurring for several years, the number of attacks and the dollar amounts stolen during the past year are stunning realty industry experts, who expected that greater public awareness of the problem — and efforts by title and realty firms to better secure their systems — would thwart the hackers.
"It's unbelievable how often this is happening," said Jessica Edgerton, associate counsel for the National Association of Realtors in Chicago. And now real estate clients who have been scammed are fighting back, seeking recovery of funds through the courts and turning to an FBI weapon little known to the general public, the "Financial Fraud Kill Chain." The bureau says that it may be able to stop the transfer and recover consumers' funds if the wire transfer amount is $50,000 or more, the bank transfer is sent internationally, the bank issues a recall notice and the FBI is informed of the details within 72 hours. Ian T. Hicks, who is suing the title agency, real estate agent and mortgage lender on behalf of the Denver home purchasers for negligence and other alleged misdeeds, is also suing the bank that transferred the money for not reporting the fraud to the FBI quickly enough to initiate a "kill chain" effort to get back the money.
So what does this surge in real estate wire fraud mean to you? If you plan to go to settlement on a house, be on alert. Red-flag any closing or wiring instructions sent to you via email, especially if they involve last-minute changes to previous instructions. Verify by phone or in person with settlement personnel that they sent the instructions and that they are correct. If you are victimized, call the local field office of the FBI immediately and visit ic3.gov, the bureau's Internet complaint center.
Ken Harney's email address is firstname.lastname@example.org.