Fraudulent Closing Instructions scam quadrupled in 2017

At PBI Group we have seen this trend continue over the past 3-years and apparently, it has reached new heights. The average claim of lost client funds is $352,000 according to this recent report.  This is why we recommend that every real estate agency has a cyber liability policy. 

Here is the original post from Beazley Breach Response Services. 

Real Estate Cyberscams Continue: Average amount Stolen $130k

A study shows that Los Angeles area homebuyers are losing five million dollars a month to cybercriminals. In a scheme which started in 2013, and which shows no signs of slowing down, buyers are tricked into sending their down payments into the pockets of cyberthieves.

The thieves, after hacking into the email accounts of real estate agents, escrow offices, or title companies, are posing as legitimate parties and giving clients last minute money-wiring instructions, diverting the money into another account. By the time the crime is detected, sometimes just hours later, the money can be gone for good. The average loss to a homeowner is about $130,000.

The modern-day real estate transaction, with so many parties involved and so much money at stake, is a growing target. Many times, there is a rush by homebuyers, realtors, brokers, mortgage lenders, and escrow companies to close on a home sales contract quickly and efficiently. In many instances, the homebuyer has never met all the players involved. Instead, all the parties exchange information via text message or email, rather than by telephone or in face-to-face discussions.

This creates a great opportunity for a hacker to monitor the emails and text messages flowing between the buyer and the various players, and at the appropriate moment, usually hours before closing is to occur, insert themselves in the conversation, posing as the realtor or escrow company. It is then a simple matter to direct an unsuspecting homebuyer to wire-transfer the money to a different account. The homeowner, unaware of the switch, sends the money and, in most cases, never sees it again. Josie Huang “Cyberscams are bleeding millions from LA homebuyers” (Jul. 07, 2017).

Shannyn, a financial blogger, was the victim of this type of fraud. She received legitimate closing information six business hours before her scheduled closing time. Minutes later, she received a follow-up email, purporting to be from the same title company, changing the account information. Suspicious, she called her real estate agents who were working the sale. One did not return her phone call, and the other dismissed her suspicions, suggesting such last minute changes were not unusual. Shannyn followed the bogus email instruction and sent her $50,000 down payment to the new account. Fortunately, after realizing she had been victimized, she was able to recover most of her losses after a few months of frantic phone calls, social media discussions, and with the FBI exerting pressure on the banks holding the money. This was a rare case in which the homeowner got the funds back.

In her matter, Shannyn called her real estate agent, who dismissed the change as routine. Based in part on that endorsement, Shannyn sent her money. It was later determined the real estate agents were aware of similar schemes, but neither one took the time to investigate the change or verify the authenticity of the email. In this case, it was the title company’s email account that had been compromised, but it could have just as easily been the email account of the real estate company.

Protecting your clients and yourself starts with cybersecurity basic that are too often ignored. Use strong passwords, regularly update computer systems, and install anti-virus software. If you supply the wire-transfer information to your client, do it in writing on paper and in person. Do not send the information via email or text. If your buyer is out of town and you must do this electronically, use a secure company portal such as DocuSign or SignNow.

Warn your client to be aware of last minute changes in financial accounts, amounts, or closing instructions. If your client calls you regarding last minute changes, take the time to investigate and confirm any changes and report your findings to your client.

When you investigate, use the phone, and do not confirm changes with a title company via email. If you use the phone to verify the information, look up the number yourself. Do not use the number listed on the email because that could be fake.

Hanover Insurance Group . Every coverage situation is different, and the final outcome depends on the unique facts, law and insurance policy involved. The E&O policy contains reductions, limitations, exclusions and termination provisions that impact coverage for a specific event. Full details of the coverage are contained in the policy

The benefits of Cyber Liability Insurance for Real Estate Agents

Life as a real estate agent is busy, always on the go and juggling multiple clients. You are often being pulled in multiple directions while staying focused on helping your clients get through what is regularly a stressful and complicated transaction. Now you have a new thing to worry about, cybercriminals. The real estate industry has been targeted by cybercriminals as a lucrative opportunity to steal information and money. There are two ways to help combat this new risk:

  1. Increase your cyber awareness for yourself and your clients to help avoid becoming a victim.
  2. Purchase a cyber liability policy to cover you in the unfortunate event of a breach.

If you are reading this blog post, you have begun #1. This blog, is designed to be a repository for useful risk management information that can help real estate professionals stay informed and increase one’s cyber awareness.

The 2nd way, owning a cyber liability policy, is a long-term commitment to having professional resources on your side when the cybercriminals come knocking. It is our opinion that unfortunately, it is WHEN not IF they attempt to hack your systems, so let’s talk (in plain English) about the benefits you receive from a cyber liability policy:

1) Breach Liability: What is a breach? A breach (short for data breach) is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual. Liability? The state of being legally responsible for the what the bad guys do with the information they have stolen from you to harm someone else. There are 2 situations that come top of mind when thinking about breach liability for real estate agents: Wire Fraud at Closings and Social Media Postings.
a.  Wire Fraud at Closings: We hear this happening often when an agent’s email is hacked and the bad guys find out everything about a closing and use that information to get the buyer to transfer money to the wrong bank account controlled by them. The hackers send an email to the buyer or to the buyer’s agent or to another trusted 3 party involved; which appears to originate from a trusted source such as your email, everything is accurate except the wire transfer information.
b.   Social Media: As we use the web and social media more and more, real estate agents run the risk of causing personal injury as well as copyright/trademark infringement which includes: invasion of privacy, public disclosure of private facts, libel, slander, plagiarism or negligence. To ensure you are covered under policy conditions, we recommend that all agents who are active on social media become officially part of the agency’s communication department and are trained in appropriate procedures and protocols.

2) Breach Rectification: This is a benefit of coverage that provides resources to help handle a breach in progress as well as clean up after it has stopped. You have access to a team of professionals which starts with a Data Breach Coach. (click here to find out what this is) , second is the cyber forensic professional needed to perform a structured investigation to determine what happened to which devices and what information was taken and hopefully figure out by whom. The 3rd element is the effort to comply with the various regulations required to notify your clients including credit protection services. Each state has their own laws which determine: what constitutes a breach, definitions of personal information, timing & method of notice, etc.

3) Digital Crime: This is coverage that mostly benefits the agency more than the agent. In this section, there is protection in case the agency has been deceived into sending their own money or money in escrow to the wrong account (akin to wire fraud mentioned above but in reverse) as well as if the bad guys directly transfer out money from the accounts without your participation. There is also coverage for Cyber Extortion which is when hackers take information or restrict access to systems and demand a ransom or else.

The important take away from any well-crafted cyber liability policy is that it aids the agent and agency during and after a cyber event as well as provides legal protection in the event of a lawsuit for 1st party and 3rd party losses.

* Every coverage situation is different, and the final outcome depends on the unique facts, law and insurance policy involved. The E&O policy contains reductions, limitations, exclusions and termination provisions that impact coverage for a specific event. Full details of the coverage are contained in the policy