Posts Tagged ‘escrow fraud’

Cyber securiy if something doesn't smell right

If Something Doesn’t Smell Right, It’s Probably Not

It may seem like “Title Insurance 101” – but small mistakes can be signs of fraud or misuse of funds or outright intentional undoing of a clear road to closing on a real estate deal.

It may seem like “Title Insurance 101” – but small mistakes can be signs of fraud or misuse of funds or outright intentional undoing of a clear road to closing on a real estate deal.

Not everyone knows everything all of the time; a thousand items have to fall into place and “add up” in order to make the process smooth and completely unencumbered.

Download Our Fraud Detection Guide for Agents

A power of attorney showing up in the middle of a transaction (or at the end) should be scrutinized. So should cashier’s checks drawn from geographical areas that don’t coincide with the seller’s, buyer’s or property’s locale.

Take a look at the potential red flags below; being aware is half the battle.

Preliminary Title Report/Title Search

Red flags” involving the preliminary title report and title search may include:

  • Ordered by, prepared for, or mailed to a party other than the lender.
  • Property seller is not in title (possible purchase disguised as a refinance or improper property flip).
  • Seller owned property for a short time with a cash-out on the sale.
  • Notice of default is recorded (possible cash-out purchase with a straw buyer or foreclosure rescue).
  • Report indicates delinquent property taxes.
  • Report indicates modification agreement on existing loan(s).
  • Title documents show the borrower or Seller on a purchase is not the owner of record.
    • For a purchase transaction, the seller should be the owner of record.
    • For a refinance transaction, the borrower on the loan application should match the owner of record on the title documents.

Escrow/Closing Instructions

“Red flags” involving escrow and closing instructions may include:

  • “Fill in the blank” or generic escrow instructions.
  • Change of sales prices to “fit” the appraisal.
  • Odd amounts paid as a deposit/down payment.
  • Significant or unusual buyer credits or fees.
  • Unusual amendments to the original transaction.
  • Seller on Closing Disclosure different than seller on preliminary title report.
  • Evidence of “white-outs” or alterations without initials.
  • Payoffs to third parties whose lien was not listed on the preliminary title report.
  • Reference to another escrow.
  • Down payment is paid into escrow upon opening.
  • Cash is paid outside of escrow to property seller.
  • Sale is “subject to” property seller acquiring title.
  • Entity acting as the property seller is controlled by, affiliated with, or related to the applicant or another party to the transaction.
  • Buyer is required to use a specific broker/lender.
  • Sale of subject property is not subject to inspection.
  • Power of attorney used with no explanation.
  • Power of attorney is not properly documented/recorded.

Funds to Close

“Red flags” involving funds to close may include:

  • Remitter on cashier’s check or source of the wire is not the borrower.
  • Cashier’s check issued from a bank that is inconsistent with the depository information on application.
  • Cashier’s check issued from a bank branch that is out of the buyer’s geographic area.
  • Dollar amount is incorrectly encoded on check.
  • Sources of funds are questionable

Closing Disclosure/Settlement Statement

“Red flags” involving the closing disclosure or settlement statement may include:

  • Names and addresses of property seller and buyer vary from other loan documentation.
  • Seller’s mailing address is the same as another party to the transaction.
  • Excessive real estate agent commissions paid.
  • Real estate commission paid, but no realtors listed on the purchase contract.
  • Sales price differs from sales contract.
  • Reference is made to undisclosed secondary financing or double escrow.
  • Rent prorated on owner-occupied transactions.
  • Zero amount due to/from buyer.
  • Closing Disclosure or escrow instructions contain unusual credits, disbursements, related parties, delinquent loans paid off, or multiple mortgages paid off.
  • Payoffs for items not consistent with liens listed on title commitment.
  • Excessive seller paid marketing, administrative, assignment or trust fees.
  • Payouts to unknown parties.
  • Terms of the closed mortgage differ from the terms approved by the underwriter.
  • Date of settlement is delayed without explanation.

Download Our Fraud Detection Guide for Agents

Avoiding Fraud pitfalls

Wire Fraud, Appraisals & Contracts (Oh, My!)

No one wants to learn that fraud or misuse of funds or fraudulent transfers happened once a closing is complete, yet those events can be part of real estate closing worlds.

Appraisals can also prove to be undependable, as parties involved can have less-than-legitimate agendas.

Download Our Fraud Detection Guide for Agents

Who wants to learn of a crooked contract – that’s already been signed, notarized and filed?

No one. Below, we take a look at what agents can do regarding all of the above and how to avoid pitfalls before they happen.

What Agents Should Do If Wire Fraud is Suspected

After the Exchange of Funds (regardless of the dollar amount of the loss)

  • Contact your bank.
    • Speak with someone who has authority to reverse or “recall” the wire. This contact may be in your bank’s fraud department. Note: A best practice is to identify this contact and establish a relationship with him or her before a wire fraud incident occurs. 
    • Make sure the bank understands you have been the victim of a Business Email Compromise (BEC) scheme.
    • Request a Wire Recall or SWIFT Recall Message.
    • Ask your bank to fully cooperate with law enforcement.
  • Contact your local FBI office (https://www.fbi.gov/contact-us/field-offices). The FBI has a number of protocols aimed at freezing and retrieving funds. They will activate appropriate protocols based upon the circumstances of the loss. The American Land Title Association has more information on the FBI’s protocol for reversing fraudulent international wires.
  • Complete and submit a Complaint Referral Form to the FBI’s Internet Crime Complaint Center (IC3). Be prepared to provide all details related to the transaction including date, amount, the name of your bank and the beneficiary bank, account numbers, contact information, etc.
  • Contact the fraud department at the beneficiary bank to notify them about the wire-recall request due to the fraud. Provide details and request that the account be frozen.
  • Contact local law enforcement (https://www.policeone.com/law-enforcement-directory/)
  • Contact your Secret Service field office (https://www.secretservice.gov/contact/field-offices/)
  • Contact the Alliant National Claims Department by first calling the Claims Manager at (303) 682-9800, ext. 425, and then follow up by emailing applicable information to Claims@alliantnational.com.

When the Money Goes Out, Minutes Count

The 48-hour period following a fraudulent wire transfer is critical; immediately contacting your bank, the local FBI office and submitting a complaint to IC3 as described above will increase your chances of recovering the funds. 

Special Handling of International Wires

Since international wire fraud has a very low chance of recovery or reversal of the wire, special precautions are advisable, such as requiring “in-person authorization” from only those authorized signers on an out-going international wire, and having such precautionary requirements agreed upon with your bank.

Appraisals

Appraisals and appraisal reports may contain “red flags” indicating potential fraud. “Red flags” may include, but are not limited to:

  • Owner of record listed is inconsistent with other information disclosed in the loan file.
  • Occupant is identified as a tenant on an owner-occupied refinance application.
  • Owner-occupied refinance transaction, but the property is vacant.
  • Occupant of subject property is listed as “unknown.”
  • Appraiser uses public record, exterior inspections, or property seller/builder as sole data sources.
  • Illegal zoning is checked on first page of the appraisal.
  • “Physical deficiencies or adverse conditions that affect the livability, soundness, or structural integrity box” is checked “Yes” on the first page of the appraisal.
  • Subject property has increased in value in a stable or declining market.
  • Land value is atypically high for the area.
  • Excessive adjustments in urban or suburban area where marketing time is under six months.
  • Timeframe between sales does not allow enough time for reported renovations made to property.
  • Loan file contains a note with a predetermined value.
  • Ineligible Condition (C5, C6) or Quality (Q6) ratings.
  • Blank spaces on the form (borrower, client, occupant, etc.).
  • Missing photos or maps.
  • Photos do not match description of property.
  • House number in photo does not match property address.
  • Photos do not match the floor plan sketch (i.e. location of garage, fireplace, etc.).
  • Photos of subject property taken from odd angles or with no depth of field, or have been cropped or otherwise altered.
  • Photos reveal items not disclosed in appraisal (e.g., commercial property next door, railroad tracks, another structure on premises, etc.).
  • Weather conditions in photo of property are not appropriate for the date of the appraisal (i.e., July photo shows snow on the ground for a property in Illinois).
  • “For rent” or “for sale” sign in photo of subject property on owner-occupant refinance application.
  • Most recent sale(s) and/or listing information on subject property and/or comparable properties are missing.
  • Use of unverified comparable sales (i.e., not verified through traditional data sources such as MLS, sales office, Closing Disclosure, real estate agent, etc.).
  • Use of inappropriate comparable properties (e.g., that are not similar to the subject property when comparable properties are present).
  • Excessive distance between comparable properties and subject property.
  • All comparable properties are from different town(s) than the subject property.
  • Lack of bracketing with comparable sales used (e.g., all sales are significantly larger in living area than the subject).
  • Appraisal is ordered and/or prepared prior to date of sales contract or loan application.

Appraiser is located outside of the county in which the property is located.

Sales Contracts

Sales contract “Red flags” indicating potential fraud may include, but are not limited to:

  • Multiple sales contracts exist.
  • Sales contract is dated after the appraisal date.
  • Sales contract is subject to an existing lease on an owner-occupied transaction.
  • Sales contract includes personal property or prohibited sales concessions.
  • Sales price is significantly above or below market value.
  • Purchase contract addenda adjusts the sales price.
  • Applicant is not shown as purchaser.
  • No real estate professional involved.
  • Real estate agent(s) used, but not paid a fee; or no real estate agent(s) involved at all.
  • Seller is a corporation or LLC and the subject property is not new construction.
  • Seller is an affiliated real estate agent, trust, relative or employer.
  • The parties to the transaction are related by family or commercial enterprise.
  • The contract is not dated.
  • Names are deleted from or added to the purchase contract.
  • The contract is an “option contract.”
  • The contract was assigned or is assignable.
  • Earnest-money deposit is an unusually high amount, consists of the entire down payment, or is an odd amount.
  • Contract has a very short inspection period and upon satisfactory inspection, the buyer is to notify the settlement agent who is then supposed to transfer a large portion or all of the deposit to the seller (scam is that 10 business days later, it is discovered that the cashiers’ check is counterfeit after the money has been sent, and the escrow account suffers a shortage). 
    • Recommendation is to contact the bank or entity issuing the cashier’s check to confirm that the cashier’s check number and amount is valid prior to depositing the item in the account. Most banks will confirm this by telephone. Due to the increasing occurrences of counterfeit cashier’s checks, most banks have instituted mandatory holds on cashier’s checks. It is not uncommon for a hold to last up to 10 days (check with your bank to confirm their policy).
  • Name and address on earnest-money deposit check is different from that of the buyer.
  • Earnest-money deposit checks have inconsistent dates, for example:
    • Check #111 dated November 1
    • Check #113 dated September 1
    • Check #114 dated October 1
  • Earnest-money check is not cashed or is not reflected on the Closing Disclosure.

Download Our Fraud Detection Guide for Agents

Business Email Compromise/Email Account Compromise

Business Email Compromise/Email Account Compromise (BEC/EAC). (part2)

(It’s a lot to say – SupercaliFRAUDulisticexpialidocious)

Email can be sinister. It can encourage changes (not authorized, not legitimate), it can “warn” recipients of dire circumstances if instructions are not followed, it can be shaped and branded to look like an institution all parties are familiar with, and it can assist in fraud that involves any number of untoward outcomes – like clients’ and institutions’ funds being pilfered.

The U.S. Government has a phrase for such criminal action: Business Email Compromise/Email Account Compromise (BEC/EAC). That wordy title speaks to two crimes.

Download Our Fraud Detection Guide for Agents

BEC scams are carried out by compromising legitimate business email accounts. The EAC component of the scam refers to the targeting of consumers and the lenders, real estate professionals, attorneys and others who serve them.

It can be daunting to try to wrap one’s brain around every single possibility and scenario that could trip someone up – and trick someone into giving away information that affords a thief the opportunity to steal funds.

Below is a list that, while not necessarily “completely memorizable” – even if studied, can serve as a red flag for knowing when something is awry.

It can serve as warning to be wary of the many and various paths that crooks can take to defraud legitimate people conducting real estate transactions.

  • Exercise extreme caution when weighing any request to change wire instructions. Encourage all parties to do the same.
  • Be wary of any email, phone call or other communication that involves threats, high pressure language (e.g. markings, assertions, or language designating the transaction request as “Urgent,” “Secret,” or “Confidential,”) or warns of “dire consequences” if immediate action isn’t taken.
  • Be wary of emails with missing or unusual subject lines.
  • Be wary of any request to change wiring instructions, especially any last-minute requests.
  • Be wary of emails that include poor spelling or grammar, are overly formal or that are written in a style uncharacteristic of the purported sender. Also, beware of emails that misuse industry terminology, for instance, references to the “HUD” instead of the “Closing Disclosure”.
  • Be wary of any unexpected emails or requests, including internal requests purportedly from executives or others.
  • Be wary of emails sent at odd hours.
  • Be wary of any communication seeking to confirm information the purported sender should already have.
  • Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via a personal email address, it’s best to verify the legitimacy of the request via other channels.
  • Review monthly escrow statements from the Receiving Bank (the one holding the agent’s escrow account) as soon as available to verify that all expected funds have actually been received.
  • Have a written agreement in place with the Receiving Bank (the agent’s bank which holds the escrow account and receives the agent’s payment order) that the Receiving Bank will match all names, addresses, account numbers, routing number and beneficiary bank name on the payment order with where and to whom the funds are actually sent. Or put instructions on the payment order for the Receiving Bank to verify authorization by matching all of this information.
  • Emailed transaction instructions directing wire transfers to a foreign bank account that has been documented in customer complaints as the destination of fraudulent transactions.
  • Emailed transaction instructions directing payment to a beneficiary with which the customer has no payment history or documented business relationship, and the payment is in an amount similar to or in excess of payments sent to beneficiaries whom the customer has historically paid.
  • Emailed transaction instructions delivered in a way that would give the financial institution limited time or opportunity to confirm the authenticity of the requested transaction.
  • Emailed transaction instructions originating from a customer’s employee who is a newly authorized person on the account or is an authorized person who has not previously sent wire transfer instructions.
  • A customer’s employee or representative emailing financial institution transaction instructions on behalf of the customer that are based exclusively on email communications originating from executives, attorneys, or their designees when the customer’s employee or representative indicates he/she has been unable to verify the transactions with such executives, attorneys, or designees.
  • A customer emailing transaction requests for additional payments immediately following a successful payment to an account not previously used by the customer to pay its suppliers/vendors. Such behavior may be consistent with a criminal attempting to issue additional unauthorized payments upon learning that a fraudulent payment was successful.

Review and revisit this list of tips when handling suspicious wire requests, before the exchange of funds takes place.

  • Verify all wire instructions with an alternate method of communication.
  • Check emails to ensure the sender’s address has not been altered. Fraudsters typically use email addresses that closely resemble a seller’s (or any party’s) actual email address.
  • Do not open unknown or unverified hyperlinks or downloads. Tip: Hovering your mouse over the sender’s email address may reveal a different email address. Caution: Do not hover over unknown links within the body of a suspect email. Security experts formerly recommended hovering as a way to determine the validity of such links. However, newer strains of malware may infect a computer when the user merely hovers over the link.
  • Delete unsolicited emails from unknown sources.
  • In the case of an invoice, verify any changes in vendor payment location and confirm requests for transfer of funds.

Download Our Fraud Detection Guide for Agents

Mortgage Fraud Red Flag

Flagging Fraud (Part I): Know These Indicators of Transaction Fraud

Every year the U.S. government comes out with a growing list of warnings on cyber fraud, real estate fraud, email fraud – the list goes on.

Some warnings are common sense: delete suspicious-looking emails, don’t give away banking information or social security numbers, never wire anyone money without triple checking – and then checking again.

We’re committed to ensuring that all independent agents have every new (and standard) information source available, even as the rules and the threats multiply and expand almost every month.

Download Our Fraud Detection Guide for Agents

In this first installment of a multi-part series on Flagging Fraud, we take a look at some of the red flags involving parties to a real estate transaction.

Red Flags

Learn or at least become familiar with red flags that could well indicate something is awry in any real estate transaction.

Some title fraud may be detected by agents before the transaction closes.

Rather than memorize, regularly reviewing this list will help you and all those involved in your transactions be aware of potential fraudulent components:

  1. Releases of prior mortgages recorded before or independently of the closing of a new loan with no source of payoff funds.
  2. Many recent transactions and/or re-recordings.
  3. Recent change in title, especially one without concurrent financing.
  4. Releases recorded out of sequence.
  5. Sale of property subsequent to or concurrent with a divorce.
  6. Quitclaim deeds with no consideration.
  7. “Intra-family” deeds.
  8. Parties to the transaction are affiliated.
  9. Document not prepared by an attorney or title company.
  10. Document looks non-standard.
  11. Power of attorney with Grantee signing as Attorney-in-Fact.
  12. Prior signatures indicate failing health or physical deterioration followed by a healthy, strong signature.
  13. Bargain purchases—policy amount much higher than purchase price.
  14. New mortgage amount much higher than purchase price.
  15. Property seller is an LLC/entity/corporation.
  16. Appraisal looks questionable (e.g. indicates recent sale/listing activity at significantly lower price; comparable sales are previously flipped properties).

Download Our Fraud Detection Guide for Agents

Written-cyber-security-and-response-plans-Just-do-it

Written cyber security and response plans: Just do it

Despite the rising threat, recent survey results show a surprisingly small number of agents are prepared, as most do not have a written cyber security and response plan.

A cyberattack is a malicious and deliberate attempt by and individual or an organization to breach the information system of another individual or company, seeking benefit from the disruption, ransom, or theft of data – and such attacks are increasing in numbers and complexity.

Despite the rising threat, recent survey results show a surprisingly small number of agents are prepared, as most do not have a written cyber security and response plan.

A written cyber security and response plan is essential to be prepared, organized and to execute appropriate and prompt actions when an attack occurs.

The plan does not need to be complex. To be effective, it should be simple and clear and present key information. It should also be built commensurate with the size of the organization.

Key elements of the plan must include:

  • Perform a risk analysis to mitigate all risks, covering administrative, technical, and physical controls. Simply put, this is what could be vulnerable, what could go wrong and what is or should be done to try to avoid or contain the threat(s).
  • The cybersecurity program must protect the security and confidentiality of nonpublic information, protect against threats or hazards to the security or integrity of information, and protect against unauthorized access.
  • Define a schedule for the retention of data and a mechanism for its secure destruction when data is no longer required.
  • Designate an individual, third party, or affiliate who is responsible for the information security program.
  • Be sure existing controls in place – access controls, authentication controls, and physical controls to prevent access to nonpublic information. Encryption (or an alternative, equivalent measure) should be in place to secure data stored on portable electronic devices and for data transmitted over an external network.
  • Identify and manage devices that connect to the network – a simple inventory.
  • Adopt secure development practices for in-house applications if applicable. Alternatively, obtain this assurance from your service provider that performs the development for you.
  • Use multi-factor authentication to prevent unauthorized accessing of nonpublic information.
  • Regularly test and monitor systems for actual and attempted attacks, maintain audit trails, and implement measures to prevent the unauthorized destruction or loss of nonpublic information.  
  • Keep up-to-date on emerging threats and vulnerabilities and provide ongoing training to employees to be sure they understand existing controls and why they are important; employees must know how to recognize and report threats.

The response plan must include the following elements to be effective:

  • Date of the cybersecurity event.
  • A description of how the information was exposed, lost, stolen, or breached,     including the specific roles and responsibilities of third-party service providers, if any.
  • How the cybersecurity event was discovered.
  • Whether any lost, stolen, or breached information has been recovered and if so, how this was done.
  • The identity of the source of the cybersecurity event.
  • Whether you filed a police report or notified any regulatory, governmental or law enforcement agency and, if so, when such notification was provided and by whom.
  • A description of the specific types of information acquired without authorization, which means particular data elements including, for example, types of financial information, or types of information allowing identification of the consumer.
  • Time period during which the information system was compromised by the cybersecurity event.
  • The number of total consumers affected by the cybersecurity event, or a best estimate.
  • The results of any internal review identifying a lapse in either automated controls or internal procedures, or confirming that all automated controls or internal procedures were followed.
  • A description of efforts being undertaken to remediate the situation which permitted the cybersecurity event to occur.

Don’t wait until an event occurs. It’s a chaotic time full of financial and emotional high stress. Do it now and provide yourself the peace of knowing you are prepared.

Let's Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM