Author Archive

Business Email Compromise/Email Account Compromise

Business Email Compromise/Email Account Compromise (BEC/EAC). (part2)

(It’s a lot to say – SupercaliFRAUDulisticexpialidocious)

Email can be sinister. It can encourage changes (not authorized, not legitimate), it can “warn” recipients of dire circumstances if instructions are not followed, it can be shaped and branded to look like an institution all parties are familiar with, and it can assist in fraud that involves any number of untoward outcomes – like clients’ and institutions’ funds being pilfered.

The U.S. Government has a phrase for such criminal action: Business Email Compromise/Email Account Compromise (BEC/EAC). That wordy title speaks to two crimes.

Download Our Fraud Detection Guide for Agents

BEC scams are carried out by compromising legitimate business email accounts. The EAC component of the scam refers to the targeting of consumers and the lenders, real estate professionals, attorneys and others who serve them.

More information on BEC/EAC fraud prevention and recovery can be found on our Education page.

It can be daunting to try to wrap one’s brain around every single possibility and scenario that could trip someone up – and trick someone into giving away information that affords a thief the opportunity to steal funds.

Below is a list that, while not necessarily “completely memorizable” – even if studied, can serve as a red flag for knowing when something is awry.

It can serve as warning to be wary of the many and various paths that crooks can take to defraud legitimate people conducting real estate transactions.

  • Exercise extreme caution when weighing any request to change wire instructions. Encourage all parties to do the same.
  • Be wary of any email, phone call or other communication that involves threats, high pressure language (e.g. markings, assertions, or language designating the transaction request as “Urgent,” “Secret,” or “Confidential,”) or warns of “dire consequences” if immediate action isn’t taken.
  • Be wary of emails with missing or unusual subject lines.
  • Be wary of any request to change wiring instructions, especially any last-minute requests.
  • Be wary of emails that include poor spelling or grammar, are overly formal or that are written in a style uncharacteristic of the purported sender. Also, beware of emails that misuse industry terminology, for instance, references to the “HUD” instead of the “Closing Disclosure”.
  • Be wary of any unexpected emails or requests, including internal requests purportedly from executives or others.
  • Be wary of emails sent at odd hours.
  • Be wary of any communication seeking to confirm information the purported sender should already have.
  • Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via a personal email address, it’s best to verify the legitimacy of the request via other channels.
  • Review monthly escrow statements from the Receiving Bank (the one holding the agent’s escrow account) as soon as available to verify that all expected funds have actually been received.
  • Have a written agreement in place with the Receiving Bank (the agent’s bank which holds the escrow account and receives the agent’s payment order) that the Receiving Bank will match all names, addresses, account numbers, routing number and beneficiary bank name on the payment order with where and to whom the funds are actually sent. Or put instructions on the payment order for the Receiving Bank to verify authorization by matching all of this information.
  • Emailed transaction instructions directing wire transfers to a foreign bank account that has been documented in customer complaints as the destination of fraudulent transactions.
  • Emailed transaction instructions directing payment to a beneficiary with which the customer has no payment history or documented business relationship, and the payment is in an amount similar to or in excess of payments sent to beneficiaries whom the customer has historically paid.
  • Emailed transaction instructions delivered in a way that would give the financial institution limited time or opportunity to confirm the authenticity of the requested transaction.
  • Emailed transaction instructions originating from a customer’s employee who is a newly authorized person on the account or is an authorized person who has not previously sent wire transfer instructions.
  • A customer’s employee or representative emailing financial institution transaction instructions on behalf of the customer that are based exclusively on email communications originating from executives, attorneys, or their designees when the customer’s employee or representative indicates he/she has been unable to verify the transactions with such executives, attorneys, or designees.
  • A customer emailing transaction requests for additional payments immediately following a successful payment to an account not previously used by the customer to pay its suppliers/vendors. Such behavior may be consistent with a criminal attempting to issue additional unauthorized payments upon learning that a fraudulent payment was successful.

Review and revisit this list of tips when handling suspicious wire requests, before the exchange of funds takes place.

  • Verify all wire instructions with an alternate method of communication.
  • Check emails to ensure the sender’s address has not been altered. Fraudsters typically use email addresses that closely resemble a seller’s (or any party’s) actual email address.
  • Do not open unknown or unverified hyperlinks or downloads. Tip: Hovering your mouse over the sender’s email address may reveal a different email address. Caution: Do not hover over unknown links within the body of a suspect email. Security experts formerly recommended hovering as a way to determine the validity of such links. However, newer strains of malware may infect a computer when the user merely hovers over the link.
  • Delete unsolicited emails from unknown sources.
  • In the case of an invoice, verify any changes in vendor payment location and confirm requests for transfer of funds.

Download Our Fraud Detection Guide for Agents

Mortgage Fraud Red Flag

Flagging Fraud (Part I): Know These Indicators of Transaction Fraud

Every year the U.S. government comes out with a growing list of warnings on cyber fraud, real estate fraud, email fraud – the list goes on.

on cyber fraud, real estate fraud, email fraud – the list goes on.

Some warnings are common sense: delete suspicious-looking emails, don’t give away banking information or social security numbers, never wire anyone money without triple checking – and then checking again.

We’re committed to ensuring that all independent agents have every new (and standard) information source available, even as the rules and the threats multiply and expand almost every month.

Download Our Fraud Detection Guide for Agents

In this first installment of a multi-part series on Flagging Fraud, we take a look at some of the red flags involving parties to a real estate transaction.

Red Flags

Learn or at least become familiar with red flags that could well indicate something is awry in any real estate transaction.

Some title fraud may be detected by agents before the transaction closes.

Rather than memorize, regularly reviewing this list will help you and all those involved in your transactions be aware of potential fraudulent components:

  1. Releases of prior mortgages recorded before or independently of the closing of a new loan with no source of payoff funds.
  2. Many recent transactions and/or re-recordings.
  3. Recent change in title, especially one without concurrent financing.
  4. Releases recorded out of sequence.
  5. Sale of property subsequent to or concurrent with a divorce.
  6. Quitclaim deeds with no consideration.
  7. “Intra-family” deeds.
  8. Parties to the transaction are affiliated.
  9. Document not prepared by an attorney or title company.
  10. Document looks non-standard.
  11. Power of attorney with Grantee signing as Attorney-in-Fact.
  12. Prior signatures indicate failing health or physical deterioration followed by a healthy, strong signature.
  13. Bargain purchases—policy amount much higher than purchase price.
  14. New mortgage amount much higher than purchase price.
  15. Property seller is an LLC/entity/corporation.
  16. Appraisal looks questionable (e.g. indicates recent sale/listing activity at significantly lower price; comparable sales are previously flipped properties).

Download Our Fraud Detection Guide for Agents

fraud

3 technology solutions helping to fight back against wire fraud

The success of wire fraud has reached unbelievable loss statistics.

Numerous articles, videos, newsletters, television broadcasts and other forms of media are constantly publicizing successful scams with the goal of spreading awareness so that we escrow officers and customers know how to recognize attempted fraud and can take the necessary precautions to avoid becoming a victim.

Fraudsters are fluid, ever-creative and extremely clever in their efforts to breach computer systems with false pretenses and technology tools to interject themselves into the electronic communications channels.

For those unsuspecting and vulnerable persons, the consequences can be devastating. Lifetime savings can be lost within seconds. And, even the most wary of individuals have been scammed.

What can title agents do about vendor vetting?

As a title agent, are you obligated to ensure your service providers are in compliance? And if so, how?

The Gramm-Leach-Bliley Act (GLBA), enacted in 1999 (codified as amended at 15 U.S.C Chapter 94: Privacy), establishes basic privacy standards for “financial institutions,” which includes not only lenders, but also title insurers, title agents and settlement/escrow agents.

The CFPB expects lenders to oversee their service providers to make sure that they are in compliance with the law to protect consumer interests; this was expressed in CFPB Bulletin 2012-03, published April 13, 2012. This duty extends to title agents and settlement service providers.

While title agents and settlement service providers are third-party vendors to lenders, those who provide services to title agents and settlement service providers are fourth-party vendors to lenders. The requirement to evaluate, review, and monitor qualifications and performance extends as far down the service chain as necessary to make sure that everyone is in compliance with the rules protecting customers.

So what can you do as a title agent to make sure that your vendors are in compliance?

  • You can make sure that your vendors are contractually aware of their responsibilities. There are some great sample provisions regarding “rights and responsibilities” and “confidentiality and security,” in the FDIC’s Financial Institution Letters, Guidance for Managing Third-Party Risk, which you may choose to include in your vendor contracts.
  • You can establish good vendor selection and management practices:
  • Designate someone within your company to provide oversight as the “vendor manager.”
  • Perform background and reference checks.
  • Provide due diligence questionnaires and checklists.
  • Implement non-disclosure agreements.
  • Train vendors on their consumer protection obligations.
  • Monitor and score performance, and provide feedback; sight visits can be particularly useful.
  • Provide a communication matrix or plan, and include provisions for reporting in the event of a perceived security threat or security breach.

This information is not legal, business or financial advice. It is intended only to be helpful to you and to increase awareness. There may be many ways to approach this issue, and it is always best to consult with legal counsel and subject matter experts to develop a plan that is right for you.

]]>
protect funds

Easy step to help prevent wire fraud

Matching the payee name on wire transfer with name on payee’s destination bank account can help prevent wire fraud

Wire fraud is a HUGE problem that only keeps getting bigger and bigger.

In fact, U.S. Representative Randy Hultgren (R-III) wrote a letter to Fed Chairman Jerome Powell on June 29th urging the Fed to be more proactive in regard to wire fraud and real estate transactions.

The letter referenced the United Kingdom’s system of matching payees’ names as a possible solution to the problem of wire fraud. However, we don’t have to wait until a federal law is passed that orders banks to match the payee name on the wire transfer payment to name on the payee’s destination bank account (“Beneficiary Bank”).

As title and escrow agents, we can be proactive and in partnership with the banks with which we do business.

So what can we do right now?

We can know what our Bank Agreement says with our escrow account bank (the “Receiving Bank”).

Does the Bank Agreement say that the Receiving Bank will check the payee’s name with the name on the destination account when a wire fund transfer is initiated?

Or, does it say that the Receiving Bank need only rely upon the account number it was provided in the wiring instructions order?

The answers to these questions might lead to an opportunity to have a discussion with your partnering Receiving Bank.

We can send the wire instructions on the payment order, with explicit directions that acceptance be restricted to match the designated payee’s name on the Beneficiary Bank account. If it doesn’t match, then do not send the funds.

Lastly, if something does go wrong despite our best efforts and precautions, then notify both the Beneficiary Bank and the Receiving Bank as soon as possible.

Typically, banks require notification of an unauthorized transfer or error within a defined time period such as, for example, 30 or 60 days.

Aside from any contractual or legal requirement for early notification, the sooner the problem is communicated, the greater the odds of the bank being able to halt or pull back the wire funds transfer. For a great explanation of how a wire fund transfer works behind the scenes, view “Funds Transfer Law and Unauthorized Payment Liability.”

This blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on this blog.

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for the Independent Agent®