New Jersey warned credit unions, banks, mortgage lenders, loan originators, title insurers, title, real estate agents, and consumers about hackers trying to pocket mortgage funds during the home-buying process.
“There are many versions of wire fraud that pose financial threats to firms conducting mortgage loan transactions, as well as the consumers and small businesses they serve,” New Jersey Department of Banking and Insurance Acting Commissioner Marlene Caride said in the bulletin.
The threats are not new but increasingly, malicious hackers spoof emails as part of spear-phishing attacks designed to trick real estate buyers into wiring money into the hacker’s account. The FTC has also issued a consumer advisory warning of scammers phishing for mortgage closing costs.
“Hackers have been breaking into some consumers’ and real estate professionals’ email accounts to get information about upcoming real estate transactions. After figuring out the closing dates, the hacker sends an email to the buyer, posing as the real estate professional or title company,” Colleen Tressler, Consumer Education Specialist, FTC, wrote.
The FBI estimates $5 billion lost to fraudulent wire transfers. This type of fraud acutely affects the real estate industry because of the large amounts of funds moving hands. It is one of the best ways for cybercriminals to get a hold of a $100K or $200K wire transfer.
Additionally, the target of these scams are typically consumers, many of whom have a very low awareness of these types of attacks.
All these successful scams share one unfortunate result: the funds diverted through these criminal acts are nearly impossible to recover, Caride added. “These industries handle millions of dollars in wire transfers every day in connection with mortgage loans and taking precautions to safeguard these transactions should be a high priority.”
These types of scams generally involve a bogus email sent to the consumer with a last-minute change to the wiring instructions. It instructs the buyer to wire closing costs to a different account. But it is the scammer’s account.
This nightmare scenario could have substantial financial consequences for the homebuyer, who might end up losing the house, a whole lot of money, personal information, and much more.
In a report, published last summer, the phishing experts at Barracuda Sentinel dissected an incident where an attacker attempted to interfere with a mortgage closure. The attack attempt, made at the eleventh hour of a mortgage deal, tried to trick a home buyer into wiring a large payment into the wrong hands.
According to the case study, all seemed to be going according to plan until the day the buyers needed to wire funds. They received an email from their mortgage company stating they switched banks, and to follow the updated wiring instructions in the email attachment.
Fortunately, in this instance, the message raised a red flag and the client immediately called his mortgage agent to investigate before proceeding.
The homebuyer did everything right to avoid a catastrophe. They questioned the request, identified the spoofed domain, and immediately called the mortgage agent to confirm the message was, in fact, a scam. More alarming was the mortgage company’s reaction. They noted it is a wide-spread problem but did not seem interested in considering the issue any further, the Barracuda study reported.
There have been several news reports of similar incidents, where the phishing victims were not as fortunate.
The New Jersey bulletin also revealed a new wrinkle in the scams using a phony phone number. Previously, the FTC suggested applicants verify all details of the transaction via a phone call. “But scammers are now deploying phone ‘porting’ technologies, to intrude into that safeguarding process, masquerading as a trusted party.”
“This department recommends that every regulated person that uses wire transfers be extremely careful when communicating wire transfer instructions electronically and ensure that any third-party service providers are extremely careful,” the N.J. bulletin stated.