Posts Tagged ‘wire fraud’

Partners in Wire-Fraud Protection: The Escrow Account Holder and the Bank

Wire fraud is a HUGE problem that only keeps getting bigger and bigger.

In fact, U.S. Representative Randy Hultgren (R-III) wrote a letter to Fed Chairman Jerome Powell on June 29th urging the Fed to be more proactive in regard to wire fraud and real estate transactions. The letter referenced the United Kingdom’s system of matching payees’ names as a possible solution to the problem of wire fraud.

However, we don’t have to wait until a federal law is passed that orders banks to match the payee name on the wire transfer payment to name on the payee’s destination bank account (“Beneficiary Bank”).

As title and escrow agents, we can be proactive and in partnership with the banks with which we do business.

So, what can we do right now?

First, we can know what our Agreement with our Escrow Account Bank says.

Does your Bank Agreement say that your bank will check the payee’s name with the name on the destination account when a wire fund transfer is initiated?

Or, does it say your bank need only rely upon the account number it was provided in the wiring instructions order? The answers to these questions might lead to an opportunity to have a discussion with your partnering Receiving Bank.

We can also send the wire instructions on the payment order, with explicit directions that acceptance be restricted to match the designated payee’s name on the Beneficiary Bank account. If it doesn’t match, then do not send the funds.

Lastly, if something does go wrong despite our best efforts and precautions, then notify both the Beneficiary Bank and the Receiving Bank as soon as possible. Typically, banks require notification of an unauthorized transfer or error within a defined time period such as, for example, thirty or sixty days.

Aside from any contractual or legal requirement for early notification, the sooner the problem is communicated, the greater the odds of the bank being able to halt or pull back the wire funds transfer.

For a great explanation of how a wire fund transfer works behind the scenes, view “Funds Transfer Law and Unauthorized Payment Liability.”

Watch Out for These 3 Tax Scams

According to the IRS, thousands of people have lost millions of dollars and their personal information to tax scams.

These days, when we consider fraud schemes targeting title agents, we usually think about email scams where criminals attempt to interject themselves into specific transactions for the purpose of diverting a wire.

Such scams can be devastating for agents and consumers, and we must guard against this type of email fraud.

However, scams involving real estate transactions are just one small piece of the larger fraud puzzle; and with tax season upon us, it’s important to remember that our industry is not immune to the types of email and other schemes that are common to other businesses.

According to the IRS, thousands of people have lost millions of dollars and their personal information to tax scams.

Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals.

The agency recently released a flurry of alerts warning of various schemes. You can find a full summary on the IRS webpage, but here are just a few highlights.

W-2 scam

The IRS warned that fraudsters are increasingly targeting payroll and human resource departments in an attempt to obtain their Forms W-2, which the criminals then use to file fraudulent tax returns.

To work the scam, the fraudster writes emails that look like they’re from an organization executive. The emails are directed to an internal employee with access to wage and tax information, and they often begin with an innocent greeting, such as: “hi, are you working today.”

Soon, the fraudster asks for all Form W-2 information.

The W-2 phishing scam has victimized hundreds of organizations and thousands of employees in recent years, the IRS said. Employers of all sizes have been affected including public schools, universities, hospitals, tribal governments and charities.

The IRS has established a process allowing businesses and payroll service providers to quickly report any data losses related to the W-2 scam.

Learn more about the process here.

Phone scam

In a recent blog post,”Think Email Fraud is the Only Hack Tactic? Think Again.” , we noted that scammers are increasingly using phone calls to attempt to trick title agents into wiring money to fraudulent accounts.

Some simple technologies even allow fraudsters to spoof phone numbers. So, a criminal could call you, but make it look like the call was coming from someone legitimately involved in the transaction.

As it turns out, tax fraudsters are using this same technology.

The IRS warned that criminals claiming to be IRS employees — using fake names and bogus IRS identification badge numbers — are trying to bully victims into sending them money.

Sometimes the fraudsters claim that the victim has a tax refund coming, and the money can be deposited if the victim provides his or her banking information.

The tax phone scam seems to be targeted toward individuals as opposed to businesses, but it underscores at least two important points: 1.) treat threats and high pressure language as a red flag; and 2.) the telephone isn’t always a “safe” method of communication.

Malware

Malware scams certainly aren’t new. Basically, the fraudster sends an email that looks like it’s from a trusted source, such as a business contact, a reputable company or a government agency.

The email directs the receiver to click a hyperlink or open an attachment.

When clicked, malicious software loads onto the victim’s computer, and the scammer uses that software to gain access to sensitive systems and information.

Fraudsters often attempt to trick title agents and others involved in real estate transactions into clicking malicious links by sending emails purporting to contain “important closing documents.”

By now many agents have seen the “closing documents” scheme, and they know how to avoid it. However, companies need to remain vigilant for other types of malware emails.

In recent weeks, the IRS has seen a surge in malware emails targeting the employees of all types of businesses. The emails, which appear to come from the IRS, carry malicious attachments labeled “Tax Account Transcript” or something similar. The words “tax transcript” often appear in the subject line.

The IRS reminded taxpayers that it does not send unsolicited emails to the public and would never email a sensitive document such as a tax transcript, which is a summary of a tax return.

If using a personal computer, such emails should be deleted or forwarded to phishing@irs.gov, the agency said. Those who receive such emails at work should notify their company’s technology team.

Think Email Fraud is the Only Hack Tactic? Think Again.

Criminals today have broadened their tools and tactics in their quest to divert escrow funds by tricking us and others in the real estate transaction into accepting falsified wiring instructions.

Remember when wire fraud was just about bogus emails?

Email is no longer their only weapon. We’re hearing about two non-email tactics fraudsters are using.

Fax Scams

Many view faxing as more secure than email because “you can’t hack a fax.” (Actually, hackers have apparently figured out how to compromise networks using the fax machine as an entry point ). But criminals don’t need to hack a fax line or a fax machine to interject themselves into the communications chain.

So, how do they do it?

Some businesses use third-party services that allow faxes to be sent and received from an email account. Just like email, these services have login credentials that must be protected. If criminals can obtain the account credentials, then they can monitor, intercept and alter fax transmissions that may contain wiring instructions.

Of course, criminals don’t even need account credentials to send you a bogus fax. They only need the tools and time to create a convincing looking document (as Dwight from NBC’s The Office found when Jim, his arch nemesis, started sending him faxes from himself … from the future ).

There’s nothing magical about thwarting fax scams. We simply need to apply the good information-security principles that we apply to other communications channels.

Just like an email account, a third-party fax account should have a strong password. Of course, it’s harder for the criminals to figure out account passwords if they’re changed regularly and if the same password isn’t used for multiple accounts.

As with emails, it’s best to look over faxes with a critical eye just to make sure everything appears as it should. If a fax has wiring instructions, the safest course is to follow up by telephone using a known number — not a number that appears on the fax.

Phone Scams

Relatedly, scammers are figuring out that our industry has become very good at using the telephone to verify wiring instructions, and they have added telephone scamming to their repertoire of fraud tactics.

The phone is definitely a potential attack vector; we know of one instance where a criminal called a title agent and faked a consumer’s accent in an attempt to divert a wire.

Some simple technologies even allow fraudsters to spoof phone numbers. So a criminal could call you, but make it look like the call was coming from someone legitimately involved in the transaction. The American Land Title Association (ALTA) and Thomas Cronkright, chief executive officer of CertifID, discussed this technology and its potential implications in a recent ALTA blog post .

As with the fax, it’s important to remember that the phone is not always a safe communication channel. Anyone can call a title agent pretending to be someone else; and if that scammer happens to have already compromised an email account — for instance, the consumer’s account — they may have sufficient transactional and personal information to spin a very believable tale.

But just like with fax scams, policies and procedures can be a big help to thwart potential phone scams. A best practice is to establish challenge questions or PIN numbers with consumers up front, and let consumers know you’ll be using these and other methods to verify the identities of those involved in the transaction when speaking by phone.

Of course, PIN numbers and challenge question answers should never be sent via email.

The threat from fraudsters is great, and no one policy or technology solution will ensure the safety of escrow funds in all cases. Alliant National has produced a white paper on escrow fraud as part of our ongoing effort to inform agents about the threats we all face.

We’ve also produced a number of infographics with escrow security tips that you can share with your staff, consumers and others.

Click here to view the report.

3 technology solutions helping to fight back against wire fraud

The success of wire fraud has reached unbelievable loss statistics.

Numerous articles, videos, newsletters, television broadcasts and other forms of media are constantly publicizing successful scams with the goal of spreading awareness so that we escrow officers and customers know how to recognize attempted fraud and can take the necessary precautions to avoid becoming a victim.

Fraudsters are fluid, ever-creative and extremely clever in their efforts to breach computer systems with false pretenses and technology tools to interject themselves into the electronic communications channels.

For those unsuspecting and vulnerable persons, the consequences can be devastating. Lifetime savings can be lost within seconds. And, even the most wary of individuals have been scammed.

While purchasing a new home should be a wonderful and happy experience, a transaction beset by wire fraud can quickly become a nightmare.

Recognizing a problem that is spiraling out of control, some enterprising business folks have come up with new technology tools that purport to combat wire fraud by preventing the fraudsters from getting access to the wire information.

That’s not to say that industry and consumer awareness are not critical elements of an effective defense, but an integrated technology security system can provide extra safety measures in an environment fraught with danger.

Who are these technology wire-fraud defenders and what do they do? We’ll discuss three of these companies:

1. CertifID identifies itself as “a real-time identity platform for real estate, mortgage and title industry professionals to authenticate parties in a transaction and securely transfer bank account information.” See Certified FAQ webpage. Processes referenced in the FAQs, (also entitled “Help Center” at the top of the webpage) are:

  • Digital Verification
  • Knowledge Based Authentication
  • Two-Factor Authentication
  • Bank Account Certification
  • CertifID offers a free trial for interested parties.

2. Vialok (powered by Keypasco) markets itself as a “secure alternative to email that provides real estate and title professionals with a cost-effective, easy-to-use solution that stope wire fraud before it happens.” See Vialock Interactive flyer. Features referenced in the flyer include:

  • Multichannel Authentication
  • Device-backed Security
  • From its homepage, Vialok invites interested parties to schedule a demonstration.

3. Safechain’s Safewire states that it “uses a combination of identity verification and bank authentication technology to help Title Agents eliminate the threat of wire fraud and keep their customer’s funds safe.” Safewire references the following safety feature implementations:

  • Verified ownership of bank accounts (“verify bank account ownership”)
  • Secure wire transactions (“secure wire instruction protocols”)
  • Client identity verification
  • From its homepage, Safewire offers viewers the opportunity to request a demonstration.

While Alliant National is not endorsing any particular vendor (discussed above), we are bringing the information about this type of new product to you.

You have the ability to do your own research to determine if any of the offered security products might be good options for you and your customers.

Ask for a demonstration or free trial, if you wish; you can ask for pricing, whether the product is backed by an insurance policy and any other information that is useful and important to your business.

Easy step to help prevent wire fraud

Matching the payee name on wire transfer with name on payee’s destination bank account can help prevent wire fraud

Wire fraud is a HUGE problem that only keeps getting bigger and bigger. In fact, U.S. Representative Randy Hultgren (R-III) wrote a letter to Fed Chairman Jerome Powell on June 29th urging the Fed to be more proactive in regard to wire fraud and real estate transactions. The letter referenced the United Kingdom’s system of matching payees’ names as a possible solution to the problem of wire fraud.

However, we don’t have to wait until a federal law is passed that orders banks to match the payee name on the wire transfer payment to name on the payee’s destination bank account (“Beneficiary Bank”). As title and escrow agents, we can be proactive and in partnership with the banks with which we do business.

So what can we do right now? We can know what our Bank Agreement says with our escrow account bank (the “Receiving Bank”).

Does the Bank Agreement say that the Receiving Bank will check the payee’s name with the name on the destination account when a wire fund transfer is initiated?

Or, does it say that the Receiving Bank need only rely upon the account number it was provided in the wiring instructions order? The answers to these questions might lead to an opportunity to have a discussion with your partnering Receiving Bank.

We can send the wire instructions on the payment order, with explicit directions that acceptance be restricted to match the designated payee’s name on the Beneficiary Bank account. If it doesn’t match, then do not send the funds.

Lastly, if something does go wrong despite our best efforts and precautions, then notify both the Beneficiary Bank and the Receiving Bank as soon as possible. Typically, banks require notification of an unauthorized transfer or error within a defined time period such as, for example, 30 or 60 days.

Aside from any contractual or legal requirement for early notification, the sooner the problem is communicated, the greater the odds of the bank being able to halt or pull back the wire funds transfer.

For a great explanation of how a wire fund transfer works behind the scenes, view “Funds Transfer Law and Unauthorized Payment Liability.”

This blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on this blog.

ABOUT US

We have a staff of nearly 80 dedicated professionals now, with diverse skill sets and backgrounds, who share a desire to help people and their businesses thrive.
OUR COMPANY

OUR MISSION

Protect the dreams of property owners with secure title insurance provided through the finest independent agents in a trusted partnership.

CONTACT US

For more information about Alliant National or to get in touch with one of our representatives, please drop us a line.
Contact Us

  • EBOOK

    SHIFT HAPPENS Mitigating Threats to
    your Independent Title Agency

    Download Your Free EBOOK