As technology advances, so does the deception
The pandemic has amplified the number of scams and email attacks on individuals, companies and organizations. People are already in vulnerable places emotionally, socially, physically and mentally; Covid has only intensified fright and flight instincts. We are constantly interrupted by additional stressors.
What might have easily caught your attention on an invoice, bill or receipt, can now slip by when the mind is overwhelmed with the stress of daily life. The way people receive goods, bills, invoices and confirmations has changed during the pandemic.
Be proactive and take one worry off the list by preparing yourself and educating your clients, friends and family about current email scams. Here are four ways to identify obvious scams when shopping for company or personal resources.
When opening an email, especially one that is unexpected make sure to check the sender address. This can be the first and last stop when identifying a scam. Do you order from Amazon or Office Depot often for your business? Typically, large companies have a very streamlined and identifiable confirmation process. It might have a logo, a reprint of your order, package tracking information, etc.
Most companies have emails such as a “confirmation@” or “receipt@”, and then the company. If your typical confirmation is now coming from a different sender or source, this is a red flag. Most purchases are automated; therefore, an email about a package and confirmation that is not expected or sent at strange times is also a red flag.
The schoolteachers’ philosophy holds true: If it isn’t written correctly, it’s not correct. Many scams originate from outside of the United States and come from people who have never spoken English, or who might have only slight knowledge of English grammar and mechanics. This lack of familiarity with the language or even cultural communication can be extremely evident from the outset of the email. Unusual forms of personal address or improper labels are a signal of deceit.
Legitimate order confirmation emails should be free of spelling and punctuation errors, or words swapped for one another such as “their” and “there.” If you find such an error, take it as a signal that this email is likely a scam.
Many people are already well versed on email scams that direct you to a link. Most know not to click the link. Use this same strategy when reviewing your confirmation and order. You are usually able to scan over the item or photo and it should direct you back to the home site, whether you were shopping on Home Depot, Office Depot or Amazon. If it directs you to another site, and you can confirm this by hovering your mouse over the link, then it’s a scam. Contact your original purchaser immediately.
Most online retailers have the shopping, shipping and receipt process dialed in. Communications are auto-formatted and the email confirmation arrives in a clear, itemized order. Often items – the exact photo of the item and its link – can be found on an email confirmation.
Order receipts or requests for further action that are formatted in a strange manner should raise your suspicion. Are they asking you for additional shipping payments? Did they add your taxes incorrectly and are trying to collect? Do not fall victim to these scams. Your receipt of purchase should be clean, neat and easy to read and reference. If something is strange, then this is an identifier of a scam. In the end, trust your instincts. If something looks off, it likely is. Don’t be afraid to back out of an email or a link that feels like it might be fake. You know when something looks and behaves unlike the norm. Trust that and help yourself and your business stay safe.
Now is the time to educate yourself.
In the chaotic economic and physical landscape of 2020, the last thing any individual should have to contend with is being taken advantage of when vulnerable. Nonetheless, scammers are still looking for loopholes to victimize the innocent. Their newest tactic is a scam call “smishing.”
What is smishing? How does one become educated and protected, and how can you be proactive for the next scam?
Smishing is the practice of sending fraudulent text messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers. Smishing is basically a “phishing” scam involving the exchange of text messages or SMS messages.
Common platforms and applications that the hacker might use include a built-in smartphone messenger, iMessage, Facetime, Facebook messenger, WhatsApp, Slack, Skype and other face-to-face mobile vehicles.
Sadly, this is quickly becoming an increasingly popular and successful means of deception. Smishing is especially confusing as people often believe their cell phones are safe from hackers and scammers. Junk text messages were a rarity in years past. Nowadays such texts are common, and many businesses, including doctors, routinely text individuals to confirm appointments or prescription refills.
Due to the newer nature of this scam, and lack of education about its pathway from spam to private information, many consumers, especially those more at risk, such as the elderly, or those without internet access, are prime targets.
In prior years, there was a massive effort to educate the public about not clicking on random links in their email, and that became extremely successful. Nonetheless, criminals are finding a new path, and that is through the technology that is closest to them — cell phones.
Now is the time to educate yourself on how to differentiate spam and phishing text messages from important communication. When receiving a text message from an unknown source, here are four things to think about before responding:
- If it seems too good to be true, then it is! If you receive a generous coupon code from a place you have never heard of or an amazing incentive from a popular brand like Target, McDonald’s, Nike or others, don’t respond. Instead, check a website from the company or call the main phone number to see if the offer is legit. Don’t call a number on the text message, and never respond to an offer by texting personal information.
- Time sensitivity. If you receive a text asking for personal information to fulfill a medical or business request, and they need it ASAP, it’s a scam. A reputable company, medical office or organization is going to pick up the phone and call an individual, not text.
- Long text messages from unknown sources, including a link, are also a good indication of smishing, or phone phishing schemes. Never, click on a link from an unknown source. The link can immediately allow phishers access to confidential and valuable information from your phone. Be vigilant for text messages asking for personal information, passwords or other sensitive information.
- Does the text message have grammatical errors or strange sentence structure? While many people use talk-to-text, it would never be a means of communication for a business to connect with a customer. Another red flag is when the pronoun to your name such as Ms., Mrs., Mr., Dr., etc., is incorrect or even used at all from a stranger. Don’t respond to these messages.
What to do once smished? Delete! And if necessary, block the sender. If you are truly questioning whether a text is legit, try logging onto the internet from a different device to do some investigative work. Bottom line: You do not want to compromise the security of your personal information to anyone via text.
It may seem like “Title Insurance 101” – but small mistakes can be signs of fraud or misuse of funds or outright intentional undoing of a clear road to closing on a real estate deal.
It may seem like
“Title Insurance 101” – but small mistakes can be signs of fraud or
misuse of funds or outright intentional undoing of a clear road to closing on a
real estate deal.
Not everyone knows everything
all of the time; a thousand items have to fall into place and “add
up” in order to make the process smooth and completely unencumbered.
Our Fraud Detection Guide for Agents
A power of attorney
showing up in the middle of a transaction (or at the end) should be
scrutinized. So should cashier’s checks drawn from geographical areas that
don’t coincide with the seller’s, buyer’s or property’s locale.
Take a look at the
potential red flags below; being aware is half the battle.
Red flags” involving the preliminary title report and title search may include:
by, prepared for, or mailed to a party other than the lender.
seller is not in title (possible purchase disguised as a refinance or improper
owned property for a short time with a cash-out on the sale.
of default is recorded (possible cash-out purchase with a straw buyer or
indicates delinquent property taxes.
indicates modification agreement on existing loan(s).
documents show the borrower or Seller on a purchase is not the owner of record.
- For a purchase transaction, the seller
should be the owner of record.
- For a refinance transaction, the
borrower on the loan application should match the owner of record on the title
“Red flags” involving escrow
and closing instructions may include:
in the blank” or generic escrow instructions.
of sales prices to “fit” the appraisal.
amounts paid as a deposit/down payment.
or unusual buyer credits or fees.
amendments to the original transaction.
on Closing Disclosure different than seller on preliminary title report.
of “white-outs” or alterations without initials.
to third parties whose lien was not listed on the preliminary title report.
to another escrow.
payment is paid into escrow upon opening.
is paid outside of escrow to property seller.
is “subject to” property seller acquiring title.
acting as the property seller is controlled by, affiliated with, or related to
the applicant or another party to the transaction.
is required to use a specific broker/lender.
of subject property is not subject to inspection.
of attorney used with no explanation.
of attorney is not properly documented/recorded.
Funds to Close
“Red flags” involving funds
to close may include:
- Remitter on cashier’s check or source of the wire is not the borrower.
- Cashier’s check issued from a bank that is inconsistent with the depository information on application.
- Cashier’s check issued from a bank branch that is out of the buyer’s geographic area.
- Dollar amount is incorrectly encoded on check.
- Sources of funds are questionable
Closing Disclosure/Settlement Statement
“Red flags” involving the
closing disclosure or settlement statement may include:
and addresses of property seller and buyer vary from other loan documentation.
mailing address is the same as another party to the transaction.
real estate agent commissions paid.
estate commission paid, but no realtors listed on the purchase contract.
price differs from sales contract.
is made to undisclosed secondary financing or double escrow.
prorated on owner-occupied transactions.
amount due to/from buyer.
Disclosure or escrow instructions contain unusual credits, disbursements,
related parties, delinquent loans paid off, or multiple mortgages paid off.
for items not consistent with liens listed on title commitment.
seller paid marketing, administrative, assignment or trust fees.
to unknown parties.
of the closed mortgage differ from the terms approved by the underwriter.
of settlement is delayed without explanation.
Our Fraud Detection Guide for Agents
one wants to learn that fraud or misuse of funds or fraudulent transfers
happened once a closing is complete, yet those events can be part of real
estate closing worlds.
can also prove to be undependable, as parties involved can have
Download Our Fraud
Detection Guide for Agents
wants to learn of a crooked contract – that’s already been signed, notarized
one. Below, we take a look at what agents can do regarding all of the above and
how to avoid pitfalls before they happen.
What Agents Should Do If Wire Fraud is Suspected
After the Exchange of Funds (regardless of the dollar amount of the loss)
- Contact your
- Speak with someone who has authority to
reverse or “recall” the wire. This contact may be in your bank’s fraud
department. Note: A best practice is
to identify this contact and establish a relationship with him or her before a
wire fraud incident occurs.
- Make sure the bank understands you have been
the victim of a Business Email Compromise (BEC) scheme.
- Request a Wire Recall or SWIFT Recall
- Ask your bank to fully cooperate with law
- Contact your
local FBI office (https://www.fbi.gov/contact-us/field-offices). The FBI has a number of protocols aimed at
freezing and retrieving funds. They will activate appropriate protocols based
upon the circumstances of the loss. The American Land Title Association has more information on the FBI’s protocol for reversing
fraudulent international wires.
- Complete and
submit a Complaint Referral Form to the FBI’s Internet Crime Complaint Center (IC3). Be prepared to
provide all details related to the transaction including date, amount, the name
of your bank and the beneficiary bank, account numbers, contact information,
- Contact the fraud
department at the beneficiary bank to notify them about the wire-recall request
due to the fraud. Provide details and request that the account be frozen.
local law enforcement (https://www.policeone.com/law-enforcement-directory/)
- Contact your
Secret Service field office (https://www.secretservice.gov/contact/field-offices/)
- Contact the
Alliant National Claims Department by first calling the Claims Manager at (303)
682-9800, ext. 425, and then follow up by emailing applicable information to Claims@alliantnational.com.
When the Money Goes Out, Minutes Count
The 48-hour period following a fraudulent
wire transfer is critical; immediately contacting your bank, the local FBI
office and submitting a complaint to IC3 as described above will increase your
chances of recovering the funds.
Special Handling of International Wires
Since international wire
fraud has a very low chance of recovery or reversal of the wire, special
precautions are advisable, such as requiring “in-person authorization” from
only those authorized signers on an out-going international wire, and having
such precautionary requirements agreed upon with your bank.
Appraisals and appraisal reports may contain “red flags” indicating
potential fraud. “Red flags” may include, but are not limited to:
- Owner of
record listed is inconsistent with other information disclosed in the loan
- Occupant is
identified as a tenant on an owner-occupied refinance application.
refinance transaction, but the property is vacant.
- Occupant of
subject property is listed as “unknown.”
- Appraiser uses
public record, exterior inspections, or property seller/builder as sole data
- Illegal zoning
is checked on first page of the appraisal.
deficiencies or adverse conditions that affect the livability, soundness, or
structural integrity box” is checked “Yes” on the first page of the appraisal.
property has increased in value in a stable or declining market.
- Land value is
atypically high for the area.
adjustments in urban or suburban area where marketing time is under six months.
- Timeframe between
sales does not allow enough time for reported renovations made to property.
- Loan file
contains a note with a predetermined value.
Condition (C5, C6) or Quality (Q6) ratings.
- Blank spaces
on the form (borrower, client, occupant, etc.).
- Missing photos
- Photos do not
match description of property.
- House number
in photo does not match property address.
- Photos do not
match the floor plan sketch (i.e. location of garage, fireplace, etc.).
- Photos of
subject property taken from odd angles or with no depth of field, or have been
cropped or otherwise altered.
- Photos reveal
items not disclosed in appraisal (e.g., commercial property next door, railroad
tracks, another structure on premises, etc.).
conditions in photo of property are not appropriate for the date of the
appraisal (i.e., July photo shows snow on the ground for a property in
- “For rent” or
“for sale” sign in photo of subject property on owner-occupant refinance application.
- Most recent
sale(s) and/or listing information on subject property and/or comparable
properties are missing.
- Use of
unverified comparable sales (i.e., not verified through traditional data
sources such as MLS, sales office, Closing Disclosure, real estate agent,
- Use of
inappropriate comparable properties (e.g., that are not similar to the subject
property when comparable properties are present).
distance between comparable properties and subject property.
- All comparable
properties are from different town(s) than the subject property.
- Lack of
bracketing with comparable sales used (e.g., all sales are significantly larger
in living area than the subject).
- Appraisal is
ordered and/or prepared prior to date of sales contract or loan application.
Appraiser is located
outside of the county in which the property is located.
Sales contract “Red flags” indicating potential fraud may include, but
are not limited to:
- Multiple sales
- Sales contract
is dated after the appraisal date.
- Sales contract
is subject to an existing lease on an owner-occupied transaction.
- Sales contract
includes personal property or prohibited sales concessions.
- Sales price is
significantly above or below market value.
contract addenda adjusts the sales price.
- Applicant is
not shown as purchaser.
- No real estate
- Real estate
agent(s) used, but not paid a fee; or no real estate agent(s) involved at all.
- Seller is a
corporation or LLC and the subject property is not new construction.
- Seller is an
affiliated real estate agent, trust, relative or employer.
- The parties to
the transaction are related by family or commercial enterprise.
- The contract
is not dated.
- Names are
deleted from or added to the purchase contract.
- The contract
is an “option contract.”
- The contract
was assigned or is assignable.
deposit is an unusually high amount, consists of the entire down payment, or is
an odd amount.
- Contract has a
very short inspection period and upon satisfactory inspection, the buyer is to
notify the settlement agent who is then supposed to transfer a large portion or
all of the deposit to the seller (scam is that 10 business days later, it is discovered
that the cashiers’ check is counterfeit after the money has been sent, and the
escrow account suffers a shortage).
- Recommendation is to contact the bank or
entity issuing the cashier’s check to confirm that the cashier’s check number
and amount is valid prior to depositing the item in the account. Most banks
will confirm this by telephone. Due to the increasing occurrences of
counterfeit cashier’s checks, most banks have instituted mandatory holds on
cashier’s checks. It is not uncommon for a hold to last up to 10 days (check
with your bank to confirm their policy).
- Name and
address on earnest-money deposit check is different from that of the buyer.
deposit checks have inconsistent dates, for example:
- Check #111 dated November 1
- Check #113 dated September 1
- Check #114 dated October 1
check is not cashed or is not reflected on the Closing Disclosure.
Download Our Fraud
Detection Guide for Agents
(It’s a lot to say – SupercaliFRAUDulisticexpialidocious)
Email can be sinister. It can encourage changes (not
authorized, not legitimate), it can “warn” recipients of dire
circumstances if instructions are not followed, it can be shaped and branded to
look like an institution all parties are familiar with, and it can assist in
fraud that involves any number of untoward outcomes – like clients’ and
institutions’ funds being pilfered.
The U.S. Government has a
phrase for such criminal action: Business Email Compromise/Email Account
Compromise (BEC/EAC). That wordy title speaks to two crimes.
Fraud Detection Guide for Agents
are carried out by compromising legitimate business email accounts. The EAC component
of the scam refers to the targeting of consumers and the lenders, real estate
professionals, attorneys and others who serve them.
More information on
BEC/EAC fraud prevention and recovery can be found on our Education
It can be daunting to try
to wrap one’s brain around every single possibility and scenario that could
trip someone up – and trick someone into giving away information that affords a
thief the opportunity to steal funds.
Below is a list that,
while not necessarily “completely memorizable” – even if studied, can
serve as a red flag for knowing when something is awry.
It can serve as warning to
be wary of the many and various paths that crooks can take to defraud
legitimate people conducting real estate transactions.
- Exercise extreme caution when weighing any
request to change wire instructions. Encourage all parties to do the same.
- Be wary of any email, phone call or other
communication that involves threats, high pressure language (e.g. markings,
assertions, or language designating the transaction request as “Urgent,”
“Secret,” or “Confidential,”) or warns of “dire consequences” if immediate
action isn’t taken.
- Be wary of emails with missing or unusual
- Be wary of any request to change wiring
instructions, especially any last-minute requests.
- Be wary of emails that include poor spelling or
grammar, are overly formal or that are written in a style uncharacteristic of
the purported sender. Also, beware of emails that misuse industry terminology,
for instance, references to the “HUD” instead of the “Closing Disclosure”.
- Be wary of any unexpected emails or requests,
including internal requests purportedly from executives or others.
- Be wary of emails sent at odd hours.
- Be wary of any communication seeking to confirm
information the purported sender should already have.
- Beware of sudden changes in business practices.
For example, if a current business contact suddenly asks to be contacted via a
personal email address, it’s best to verify the legitimacy of the request via
- Review monthly escrow statements from the
Receiving Bank (the one holding the agent’s escrow account) as soon as
available to verify that all expected funds have actually been received.
- Have a written agreement in place with the
Receiving Bank (the agent’s bank which holds the escrow account and receives
the agent’s payment order) that the Receiving Bank will match all names,
addresses, account numbers, routing number and beneficiary bank name on the
payment order with where and to whom the funds are actually sent. Or put
instructions on the payment order for the Receiving Bank to verify
authorization by matching all of this information.
- Emailed transaction instructions directing wire
transfers to a foreign bank account that has been documented in customer
complaints as the destination of fraudulent transactions.
- Emailed transaction instructions directing
payment to a beneficiary with which the customer has no payment history or
documented business relationship, and the payment is in an amount similar to or
in excess of payments sent to beneficiaries whom the customer has historically
- Emailed transaction instructions delivered in a
way that would give the financial institution limited time or opportunity to
confirm the authenticity of the requested transaction.
- Emailed transaction instructions originating
from a customer’s employee who is a newly authorized person on the account or
is an authorized person who has not previously sent wire transfer instructions.
- A customer’s employee or representative emailing
financial institution transaction instructions on behalf of the customer that
are based exclusively on email communications originating from executives,
attorneys, or their designees when the customer’s employee or representative
indicates he/she has been unable to verify the transactions with such
executives, attorneys, or designees.
- A customer emailing transaction requests for
additional payments immediately following a successful payment to an account
not previously used by the customer to pay its suppliers/vendors. Such behavior
may be consistent with a criminal attempting to issue additional unauthorized
payments upon learning that a fraudulent payment was successful.
Review and revisit this list of tips when
handling suspicious wire requests, before the exchange of funds takes place.
- Verify all wire instructions with an alternate
method of communication.
- Check emails to ensure the sender’s address has
not been altered. Fraudsters typically use email addresses that closely
resemble a seller’s (or any party’s) actual email address.
- Do not open unknown or unverified hyperlinks or
downloads. Tip: Hovering your mouse over the sender’s email address may reveal
a different email address. Caution: Do not hover over unknown links within the
body of a suspect email. Security experts formerly recommended hovering as a
way to determine the validity of such links. However, newer strains of malware
may infect a computer when the user merely hovers over the link.
- Delete unsolicited emails from unknown sources.
- In the case of an invoice, verify any changes
in vendor payment location and confirm requests for transfer of funds.
Fraud Detection Guide for Agents