Welcome to the Oregon FBI’s Tech Tuesday segment. This week: Building a Digital Defense against a new kind of Business Email Compromise – or BEC – fraud … this time involving real estate transactions.
In the age of all things digital and automatic, transferring money has become that much easier. Open an app and give a couple of taps, and just about anyone can move money easily and efficiently.
But with this technology and a little bit of access, the bad guys can create big problems. Many companies are finding that their employees are falling prey to social engineering tactics and/or the fraudsters are just able to hack into their systems. In a “Business Email Compromise” – or BEC – scheme, the fraudster uses a compromised email account to insert himself into a transaction where two parties are exchanging funds to pay for a product or service. By doing so, he gets the money re-routed into his own account. A report just out from the FBI’s Internet Crime Complaint Center (IC3.gov), shows that in just the last two years, almost 20,000 Americans have lost more than $1.6 BILLION dollars in BEC scams.
The FBI’s Internet Crime Complaint Center’s new report also warns that BEC fraudsters are targeting real estate transactions more and more. In fact, between 2015 and 2017, scams targeting the real estate sector have jumped 1100% with losses going up almost 2200%.
This is how it works: the bad guys monitor emails involved in a real estate transaction, and he sends the buyer change of payment instruction at just the right time (often from check to wire transfer). The buyer then wires the money to the fraudulent account, and the bad guy immediate cashes out the funds. Lawyers, real estate agents, and title companies are all at risk for the kind of social engineering and hacking.
So is there a way to stay out of the victim category? Of course! Here are a few steps you can take:
Avoid responding to free web-based emails, accounts that look a little funny to you, or users who are completely unfamiliar. Don’t click on links. Responding to suspicious emails and clicking on suspicious links could make you vulnerable.
Be careful about posting information about your company’s executives online. This includes out-of-office replies or posts to social media. Train your folks about social engineering and how to protect themselves.
Confirm a financial transfer with a phone call, if possible. Use the old phone number you have stored, not the one that might be provided in the suspicious email. If you can’t authenticate the transfer via phone, have some other secondary verification system set up outside of email.
Be wary of unexpected phone calls from people who say they are trying to verify personal information to complete your deal. Don’t give out or confirm information such as bank account numbers, Social Security numbers and the like unless you are positive you know who is on the other end.
Even one little extra step can save you or your company thousands in losses and legal fees.