The past decade has seen the growth of an especially painful and pernicious type of fraud. Criminals have been inserting themselves into the middle of real estate closings, sending believable money transfer instructions to the buyer’s bank or the escrow agent, and absconding with the money. This money was supposed to pay off the remainder of the seller’s mortgage, and has the potential to affect any mortgage banker.
Court cases in this space describe a third party pretending to be a known and trusted vendor and instructing purchase payments sent to a supposedly new account, and the payer bank following that instruction without verifying the account change.1
This article will define and explain this problem, legal underpinnings of claims against the criminals, and how companies are guarding against this type of disaster. We also discuss what mortgage bankers should do to minimize their risks of taking the loss for such thefts at the end of the day.
How could this happen and how can we stop it?
Consumers, real estate agents, and closing lawyers are vulnerable to these attacks through automated phone calls and phishing text messages. Sophisticated versions of these attacks will trick the recipient into clicking a link or installing or downloading an infected attachment. Bad guys gather information that will make their fraudulent instructions look like they genuinely arise from the appropriate parties, such as the lawyer handling the closing or the agent representing the buyer. Fraudulent email or other official-seeming correspondence contain wire transfer payment instructions usually regarding the down payment or closing costs.
With the money gone, all the parties scramble to avoid being left holding the bag for the error, and forced to pay for their mistakes by paying the home buyers back their missing money. The bank paying the money or the lawyer/agent who was impersonated by the fraudsters are the most likely patsies in the chain, as they dealt most closely with the wrongdoer and had the greatest opportunity to catch the fraud before money was lost.
For buyers’ bankers, a confirming phone call to the right party, not using the number on the fraudulent request, but looking up that number directly, is the best move to minimize risk for all parties and to avoid liability for the loss. At this stage, ANY change of payment data or suspicious looking payment request should be questioned with a follow-up call before payments are made. Adding this one step to the mortgage payment process can save immeasurable heartbreak and entirely measurable money losses.
What laws are violated?
In 2018, cyber-crime victims across the United States billion. In the last quarter of 2018, the companies most targeted received approximately 120 fraudulent emails. In fiscal year 2017, $969 million was either diverted or attempted to be diverted from real estate purchase transactions to fraudulent accounts.2
This criminal conduct falls squarely into the wire fraud statute, but the accounts receiving the payments usually belong to criminals overseas, and out of the reach of U.S. law enforcement according to Rahul Gupta.3 Federal law “prohibits, during and in relation to felony violations of certain laws (including, but not limited to, embezzlement or misapplication of bank funds; fraud or false statements; mail, bank, and wire fraud), the knowing use, transfer or possession, without lawful authority, of a means of identification, such as an individual’s social security number or date of birth, of another person with the intent to commit a crime.”4 This statute has been used in the past to prosecute fraudulent real estate transaction schemes, upholding wire fraud conviction for transferring $22,000 via wire with the intent to defraud their creditor.5
Why do they target real estate transactions?
The Gentleman Thief, Willy Sutton, claimed that he robbed backs because “that’s where the money is.” Think how much money can be skimmed by stealing the final payouts of residential house sales, at least hundreds of thousands of dollars each time. And if you convince the buyer’s bank to transfer to a safe account overseas, or you can quickly move the money to one remotely, then the risks are minimal.
Home sales involve significant amount of money that can be easily diverted. The median price of homes that have sold now exceeds $220,000.6 The market value of the commercial and industrial real estate in the United States is approximately $2.655 trillion, according to the Real Estate Investor’s Deskbook § 1:5 (3d ed.). Because there are multiple parties in every real estate transaction with no definite party to always provide payment information, that data may come to the payor bank from the closing lawyer, the alleged receiving bank or mortgage company, any real estate agent in the transaction, or from the buyers themselves; fraudsters can rely on the confusing array of options to fool a payor bank. Much of the information a bad actor needs to impersonate the parties and launch this fraud can be found online.
The issue of wire fraud in real estate is metastasizing. The FBI reported that from 2015 to 2017, there was over an 1,100 percent rise in the number of crimes using business e-mails in the real estate transaction context and an almost 2,200 percent rise in the reported monetary loss. The FBI also reported nearly $150 million in real estate fraud losses in 2018. According to the FTC, consumers reported losing $1.48 billion to fraud in 2018, which marks an increase of 38 percent over 2017. The FTC defines wire fraud is any event where an individual is tricked into sending money via wire transfer to a fraudster.
As participants in real estate transactions, lawyers and real estate brokers are vulnerable to information theft leading to impersonation. According to the Ponemon Institute’s report, 2017 State of Cybersecurity in Small and Medium Sized Businesses, 61 percent of small businesses experienced a cyberattack in 2017, up from 55 percent in 2016. That same research indicated that 43 percent of malware victims are small businesses. During the course of a recent real estate transaction, an associate of a large North American law firm wired $2.5 million of a client’s money to a Hong Kong bank account.7 Cybercriminals had set up the account and induced the associate to send the funds by pretending to be employees of a legitimate mortgage company.
What about insurance?
Victims of this type of crime may expect their insurance to assist in compensating for the stolen payment. However, the insurance industry has made adjustments as a result of the prevalence of this crime. Direct mail or email fraud is generally not covered under cyber insurance policies, even though the crucial information to impersonate a legitimate party may have been secured through hacking or phishing. A payor bank’s errors and omissions policies may cover this, although more insurance companies are requiring a set of procedures to confirm payment destinations before money is sent. If your bank does not have the right procedures, it may not be insured for the loss.
Insurance companies have reacted to this wave of crime by adjusting coverage types and caps to minimize their exposure. Bankers, buyers, brokers, and lawyers should carefully review their insurance policies to find coverage, risk allocation, and coverage limitations.
What is being done about it?
State and local governments are beginning to raise awareness of the issue of wire fraud in the real estate industry. The Utah Division of Real Estate, for example, launched a campaign to call attention to email scams that “target property transactions to force people into wiring down payments and other high dollar real estate proceeds to con artists’ accounts.” According to its website, the Colorado Division of Real Estate at the Department of Regulatory Agencies also warned Colorado consumers to “beware of a national cyber-scam currently taking place that steals money directly from home buyers and sellers.”
In July 2019, American Land Title Association, Community Mortgage Lenders of America, American Escrow Association, Real Estate Services Providers Counsel, created a group called a Coalition to Stop Real Estate Wire Fraud. The group has a stated goal of educating consumers and real estate professionals about the risks of wire fraud.
However, much of the risk of these crimes can be reduced or eliminated by a few extra incidences of careful communication between the payor bank and either its client or the client’s representative in the transaction. The bad guys profit from the complexities of the payment instruction process and lazy assumptions made by all parties. Minimizing your risks of this fraud may be as easy as a phone call.