Home buyers: You need a closing fraud attack plan
It’s a stressful situation—buying a new home. The looking, the haggling, and the mere thought of moving can add up to burnout for shoppers. They put down thousands of dollars in earnest money to initiate the sale, then even larger amounts at closing to pocket the keys. That earnest money—showing you’re in earnest about buying the property—should be escrowed with a title company until closing. That way, no one can pocket the funds. Most buyers don’t realize that hackers have their hands out hoping to snag that cash, and they often succeed.
The past decade has witnessed a surge in wire transfer fraud involving home sales. One government estimate stated that real estate transaction scam losses topped $1 billion in 2017 after a 10-fold jump in mortgage closing scams occurred in just a span of 24 months.
In 2018, California’s Ventura County District Attorney issued a wire fraud advisory reporting that over half of his wire fraud complaints involved real estate transactions. Those thefts represented over $20 million in statewide losses for one year.
“The fraudulent email provides instructions on wiring the funds (e.g., a down payment for a house) and the consumer wires money to an account under the suspect’s control. Once received, the funds are rapidly–sometimes within minutes or hours–wired overseas or converted to cryptocurrency such as Bitcoin,” said D.A. Gregory Totten. “Too often, these funds represent the consumer’s life savings.
Losses can be sizeable. Federal laws that protect credit cards against fraudulent use don’t apply to wire transfers. The Ventura office did succeed in reversing a $142,770 house down payment misdirected by one victim. Most damages are harder to remedy; few scam victims wind up with a happy ending.
Act immediately if you suspect you’ve wired funds to the wrong account. Many banks provide 24-hour customer care, so alert them regardless of the time of day.
The stealth approach
Hackers need just one legit-looking email address to launch an attack. Step one is utilizing an email extractor program to grab valid email addresses for a particular industry; it might be real estate sales or title insurance, for example. Phishing tactics can also compromise the original sender’s account. From there, it’s a short hop for the imposter to send emails to buyers. They research more about individual buyer transactions by diving deep into the realtor’s email records.
The scammer could choose to impersonate your realtor, a lender, the seller, the closing coordinator, a title firm or even an attorney involved in the transaction. The email in your Inbox directs you to wire funds to a specific destination, and it probably requests what appears to be a slight change in wiring instructions. That’s when you should see red as in red flag!
Business Email Compromise attack emails steal an estimated $3 billion annually in the U.S. alone. Don’t respond to that email—even if you’re expecting one—without comparing it to top spearphishing methods. Also, contact several players in the transaction by phone including the seller’s realtor and your own, to verbally confirm new emailed instructions.
Related hacks
A second route into your wallet occurs could begin at the mortgage firm you select. Last year in New York, a firm was fined $1.5 million for failing to promptly report a data leak that hit hundreds of consumer files. Emails were part of that compromise adding fuel to the phishing that is epidemic in America.
E-signing services like DocuSign have been under attack for years. In 2017, DocuSign experienced a massive hack that stole customer email addresses for real estate transactions and others. In April 2021, the company used by most realtors nationwide experienced a second hacker intrusion that compromised their own email service sent out tainted word documents full of malware to DocuSign users. The trend is alarming and prompted the e-signing firm to issue an alert on detecting phishing scams.
The closing isn’t the end of your potential risk. In early 2021, Flagstar Bank mortgage holders and other clients received notice of a data breach involving its file transfer system. Accellion, the transfer company, experienced a breach related to one of its older systems—once again underscoring how vital it is to keep all your computer systems up to date. Accellion’s data breach hit dozens of universities, including Stanford and the University of Colorado. The City of Chicago, financial groups and law firms also had files compromised.
Shield yourself
Today, home sales are on fire in many locales. Fierce competition and multiple offers add intense pressure that can open the door to more fraud.
First-time buyers who haven’t been through the process before can be easily hoodwinked. Even longtime homeowners are top targets. The FBI, the Consumer Finance Protection Board (CFPB) and many realtor associations urge caution.
Follow these commonsense steps to minimize risk and protect your hard-earned cash:
- Don’t discuss any home-buying plans on social media.
- Never wire funds without checking out the destination independently.
- Discuss wire fraud with your realtor—voice your concerns.
- Don’t rush through the process even if the seller or agent applies pressure.
- Call the sender to confirm any funds transfer detail changes by phone before you authorize a wire.
- If you’ve made a mistake, act fast. Call your financial institution and request an immediate wire reversal. Record all verbal confirmation and the names of everyone you speak to about the recall. Then file a complaint with the FBI’s internet crime division. Your only opportunities to claw back funds evaporate over time.
The CFPB publishes a home closing checklist to help you do it right. Home buying should be an exciting step into your future, and it can be if you’re aware of all the traps scammers might throw in your way.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.