Calling cybersecurity “the ultimate team sport,” the FBI’s Internet Crime Complaint Center (IC3) emphasized its ongoing commitment to working with local law enforcement and private industry to combat evolving cyber threats in the U.S. in its recent 2023 Internet Crime Report.
The report, released in March, highlighted investment fraud and business email compromise (BEC) fraud as the two most expensive fraud types in 2023, with investment fraud increasing from $3.31 billion in 2022 to $4.57 billion in 2023 — a 38% increase, and BEC logging 21,489 complaints amounting to $2.9 billion in reported losses.
“Today’s cyber landscape is threatened by a multitude of malicious actors who have the tools to conduct large-scale fraud schemes, hold our money and data for ransom, and endanger our national security,” the FBI noted in its executive summary. “The FBI continues to combat this evolving cyber threat. Our strategy focuses on building strong partnerships with the private sector; removing threats from U.S. networks; pulling back the cloak of anonymity many of these actors hide behind; and hitting cybercriminals where it hurts: their wallets, including their virtual wallets.”
IC3’s Recovery Asset Team (RAT), established in 2018 to facilitate the freezing of funds involved in cybercrime, was able to initiate the Financial Fraud Kill Chain (FFKC) on 3,008 incidents in 2023, with potential losses of $758.05 million. A monetary hold was placed on $538.39 million, representing a success rate of 71%.
In its report, the FBI emphasized the importance and value of victims reporting cyber incidents to IC3.
“Your reporting is critical for our efforts to pursue adversaries, share intelligence with our partners, and protect your fellow citizens,” the FBI noted. “Cybersecurity is the ultimate team sport, and we are in this fight together.”
For professionals involved in real estate transactions, RAT is a significant ally, as the organization has developed the deep insight and resources needed to identify, track and convict cyber criminals.
By creating a strong liaison between law enforcement and financial institutions, RAT is able to assist in the identification of potentially fraudulent accounts, stay at the forefront of emerging trends, and foster a symbiotic relationship where information is shared.
New concerns emerge
The IC3 report noted increasing concern for situations where fraudsters prompt victims to send wires directly to third-party payment processors. Funds are quickly dispersed in such cases, making it more difficult to recover the money.
The FBI is also seeing an increase in fraudsters using custodial accounts at financial institutions or cryptocurrency platforms, where the funds are quickly swallowed up.
“With these increased tactics of funds going directly to cryptocurrency platforms and third-party payment processors or through a custodial account held at a financial institution, it emphasizes the importance of leveraging two-factor or multi-factor authentication as an additional security layer,” the agency noted. “Procedures should be put in place to verify payments and purchase requests outside of email communication and can include direct phone calls but to a known verified number and not relying on information or phone numbers included in the email communication.”
Other best practices include:
Carefully examining the email address and URL
Reviewing the wording and spelling in the correspondence
Refraining from clicking on links requesting you update or verify account information
Refusing requests to supply login credentials or personal information via email
Training employees on the red flags of fraud
Providing staff with ongoing training on how to handle suspected fraud
Wire fraud guidance
As in past years, the FBI reminded real estate professionals involved in wiring funds to put in place strict verification measures should a wire change be requested during the course of a transaction.
In addition, the FBI emphasized the critical need for title agents who are victims of wire fraud to act quickly when the fraud is detected, advising they contact the originating financial institution to request a recall or reversal and a Hold Harmless Letter or Letter of Indemnity.
They also encouraged victims to file a detailed complaint with www.ic3.gov providing as much data as possible to broaden the organization’s ability to track cybercriminals.
Ransomware on the rise
Ransomware incidents were also on the rise in 2023, with 2,825 complaints reported and losses up 74% from $34.3 million to $59.6 million.
In its report, the FBI emphasized that it does not encourage paying the ransom since it will effectively embolden criminals to target more victims.
“Paying the ransom also does not guarantee that an entity’s files will be recovered,” the FBI reminded. “Regardless of whether you or your organization decided to pay the ransom, the FBI urges you to report ransomware incidents to the IC3. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.”
Light Gray Divider Line
At Alliant National, we are committed to keeping you updated on the latest cybersecurity threats and providing you and your staff with information and tools to help protect your customers and your agency. SecureMyTransaction from Alliant National is an advanced fraud prevention solution built exclusively for independent title professionals. The system helps agents avoid risks posed by wire fraud, identity fraud and vacant property fraud by automating the information you need to move transactions forward with confidence. SecureMyTransaction leverages AI technology that covers and crosschecks:
In a November report to Congress on business email compromise (BEC) and real estate wire fraud (REWF), the FBI announced enhanced efforts to put the brakes on what has become one of the most financially damaging crimes in the United States.
According to the FBI report, BEC has been the largest dollar loss by victim crime typology reported to IC3 in the past several years, with over $2.4 billion of losses in 2021.
“For comparison, the second highest dollar loss category reported to IC3 was investment fraud, with losses of approximately $1.45 billion,” the FBI reported. “In other words, dollar losses associated with BEC were over 65% more than dollar losses associated with investment fraud.”
The FBI noted in its report that criminals have been refining their exploitation of technology, especially the internet, to carry out financial crimes, logging substantial increases in internet-enabled financial frauds such as bank account takeovers, synthetic identity related frauds, money laundering through virtual currency, and BEC.
“The FBI has pivoted its approach to address this issue through gathering intelligence, utilizing advanced investigative techniques in conjunction with traditional financial crimes investigative techniques, using proactive public and private partnerships, and education and awareness campaigns,” the agency noted in the report.
Real estate wire fraud in the crosshairs
REWF is a sub-category of BEC, in which criminal actors target individuals or companies executing large wires related to real estate transactions. As our agents are aware, the criminals pose as parties to the transaction and directly communicate with the other parties to steal funds intended to pay for the real estate.
According to IC3 complaint data, victims participating at all levels of a real estate transaction have reported such activity, including title companies, law firms, real estate agents, buyers, and sellers. The FBI has specifically focused on addressing REWF due to its prevalence in the U. S. and the effect it can have on the individual victims of the REWF schemes, who may be home buyers wiring their life savings.
In its report to Congress, the FBI updated its preventative measures to include the following recommendations:
Use secondary channels or two-factor authentication to verify requests for changes in account information.
Ensure the URL in emails is associated with the business/individual it claims to be from.
Be alert to hyperlinks that may contain misspellings of the actual domain name.
Refrain from supplying login credentials or PII of any sort via email.
Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
First published in 2017 and fully updated by Alliant National’s Compliance, Risk and Education teams, the paper provides information, tips and suggestions to help you better understand the current threat environment and create a comprehensive plan that addresses the realities we face in our industry.
Filling in the Gaps
The FBI has had considerable success in reclaiming lost funds through the IC3’s Recovery Asset Team (RAT) program, since its inception in 2018.
The RAT is designed to assist FBI field offices with the rapid recovery of funds for victims who made transfers to domestic accounts. In 2021, the RAT reported just over 1,700 incidents, with losses approaching $445 million. According to the FBI, the RAT was able to recover more than $328 million of the $445 million.
But there is more work to be done and the FBI has identified vulnerabilities which, if addressed, would bolster the ability of U.S. law enforcement to effectively address a wide range of threats, including BEC.
The first is getting access to beneficial ownership information to track funds that end up in accounts controlled by shell companies.
“The Corporate Transparency Act (CTA) provides for the creation of a national, non-public database of underlying beneficial ownership information for U.S.-registered businesses that meet specific criteria,” the FBI noted. “The data collected will be made available to U.S. law enforcement, subject to certain guardrails, offering a critical resource for identifying participants in a BEC scheme.”
On Sept. 29, the Financial Crimes Enforcement Network (FinCEN) issued the first of three rulemakings to implement the CTA, governing who must report and what information they must report to FinCEN. The final rule will take effect on January 1, 2024.
The effectiveness of this reporting requirement is as yet unknown, and there is some concern that the CTA exempts from its reporting requirements various types of entities, including trusts, which may affect efforts to identify the beneficial owners of trusts or other entities engaged in REWF.
The FBI is also recommending that UCC 4A-207 be redrafted to require banks to properly identify the name and number of the beneficiary and to determine they are in fact the same individual or entity. Currently, a bank may simply rely on the number as the identifier, without requiring a check to see if it is actually connected to the named beneficiary.
Cyber security #1 priority in 2023
As the threat from cyber criminals continues to escalate, it is imperative that our agents review their procedures for protecting client funds.
You can begin today to assess your systems and educate your staff to make sure every possible precaution has been put into place. We hope our Escrow Fraud/Social Engineering White Paper will be helpful in this work. Alliant National is committed to updating our agents to help you understand and respond to the current threat environment. Feel free to reach out to your agency representative, or any member of the Alliant National team if you have any concerns.