How to guard against losing your assets to wire fraud: A growing cybersecurity threat
Financial institutions continue to battle cyberattacks, particularly hackers who tap into the fiscal electronic freeway used to move large sums of money for real estate deal closings and other large-price-tag transactions.
For the past six years, the financial sector has been ranked No. 1 as the most cyberattacked industry. In 2020, attacks against banks and other financial institutions climbed 238% (with 19,369 cases of wire fraud reported by victims of real estate transaction scams to the Internet Crime Complaint Center), followed by an additional 118% increase in 2021, according to Aunalytics, a secured managed service provider.
In 2021, the Modern Bank Heists 4.0 threat report from VM Ware Carbon Black, a cloud-to-endpoint protection security provider, found that 57% of surveyed financial institutions revealed an increase in wire fraud.
Wire transfers facilitate fast and convenient direct digital money transactions between two bank accounts. To make a wire transfer, the sender communicates with his or her bank, provides the name and number of the account funds will be drawn from, and the amount of the transfer, along with the recipient’s name, bank account number and the recipient’s American Banking Association routing number — and in some cases, the recipient’s bank address and phone number.
“Those trying to rob wire transfer funds are smart, subtle and often demonstrate a high degree of sophistication,” said Irshad Hirani, vice president and information security officer for Exchange Bank in Sonoma County.
“Exchange Bank is not seeing a lot of wire fraud because we implemented a three-prong approach to thwart malicious practices,” Hirani said. “Controls were put in place to protect customers, we adopted advanced technologies to make internal systems secure, and developed programs to increase awareness among customers and employees on ways criminals try to obtain private information they can use to trick customers into making costly mistakes.”
He said the bank setup stringent requirements, more manual processes (instead of automated), multiple approval levels for branch managers and others who handle fund transfers, as well providing guidance to customers on how to protect themselves.
Demands to move quickly can mean fraud
Experts say being “fraud smart” begins by being sure you know people who are reaching out to you. If you can, call back the bank or title company to confirm. Also, hackers typically gain access to personal emails via social media connections that involve asking a person to reply or click on a link allowing malware to be implanted.
Once access is gained to a personal computer, Hirani said “bad guys” can move within files on the desktop to review emails, study patterns used in closings and, using what they collect, craft urgent appeals.
By capturing the names of escrow agents and others, they impersonate them, sending emails instructing that funds be sent instead to the imposter’s account.
In one wire fraud attempt, a buyer’s real estate transaction was set to close in a few days, but she received an email that “appeared” to come from a trusted escrow agent she had been working with saying the date was moved up and the closing is tomorrow. The customer was urged to act quickly to avoid losing the property. New wire transfer instructions were included as an attachment.
This was a scam. It is very uncommon for escrow agents to send closing instructions via email.
In a separate incident, a person received an email saying that instead of wiring funds to an escrow agent at a title company, they wanted him to send the funds to an escrow account at their law firm instead. Another scam.
The typical practice among title companies is to send customers written wire transfer instructions and then call them back to verbally confirm that these details have been received so they will know what to expect before the closing.
Hirani believes two-factor authentication can also help prevent wire fraud. This is a security system that requires two separate and distinct forms of identification to access a file or computer data. The first factor is a password and the second is a text with a sent to a smartphone, or biometrics using unique fingerprint, facial or retina features. He said other safeguards on the drawing board include using an algorithm designed to detect fraud.
Wire transfers can be completed in 24 hours, but the first 4-6 hours after transfer are critical if fraud is detected and efforts are made to reclaim part, if not all, of the funds.
With many more financial transfers being done virtually these days, all parties to a real estate transaction are susceptible to falling victim to a wire fraud scheme, according to Krista Christensen, risk manager for cyber and wire strategies for Fidelity National Title Company.