Business email compromise (BEC) is a type of email scam in which cybercriminals illegally access business email accounts to steal sensitive data or payments. In real estate, wire transfers are a common target for BEC due to the large amount of funds exchanged during transactions.
A September study by the Better Business Bureau reports that from January to May 2019, business email compromise scams resulted in over $750 million lost in the U.S. alone.
The trend shows no signs of slowing. Experts from the BBB predict that BEC losses in 2019 will surpass the $1.3 billion lost in 2018. As this threat continues to increase, it’s critical to educate your employees on how BEC scams work and ways they can reduce their risk.
The recent rise in BEC scams
|Year||Number of Complaints||Reported Losses|
|2019 (Jan-May)||10,603||$750.3 million|
The rise in BEC scams is of particular concern for title and escrow companies who have become a recent target for cybercriminals in the United States. According to the most recent FBI data, the number of real estate BEC reports increased by almost 1100% from 2015-2017 while the reported monetary loss increased by nearly 2200%.
According to a recent report from FinCEN, real estate was the third-highest targeted sector for BEC in 2018.
The anatomy of a real estate email scam
The FBI describes BEC as a scam targeting both businesses and individuals performing wire transfer payments. “The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
In a real estate transaction, scammers often pose as a real estate agent or title agent instructing a homebuyer to initiate a wire transfer. The fraudulent email will often contain accurate names, titles, and even specific details about the transaction.
For example, a cybercriminal posing as a real estate agent may send an email sent to a buyer requesting that the buyer wire funds to a different account number than previously instructed. As a result, victims execute the transfer instructions and unknowingly send money to accounts set up by criminals. According to the FBI, “The funds are usually directed to a fraudulent domestic account which quickly disperse through cash or check withdrawals.”
Why BEC scams are difficult to spot
In a real estate transaction, buyers trust real estate agents, attorneys, and title companies to guide them through the complicated closing process. When an email appears to come from one of these trusted guides, a buyer may follow instructions without hesitation.
The BBB report suggests BEC scams are especially challenging in real estate closings due to the variety of parties corresponding over email. In a typical real estate transaction, there can be up to 12 different stakeholders involved. As a result, a homebuyer often receives fragmented communication from a variety of different individuals. A homebuyer may view an email without noticing a minor discrepancy such as a single-letter difference in an email address from their real estate or title agent.
How to avoid business email compromise
1. Educate your clients about BEC scams and real estate fraud
A recent ALTA study indicates that title & escrow companies may need to create more urgency around the threat of real estate scams. The study found that 73% of homebuyers were warned about the threat of real estate fraud, but nearly half of the respondents (42%) said they were not concerned about theft during their real estate transaction. Leaders at ALTA believe homebuyers need more concrete, real-world examples of real estate fraud to tangibly understand the impact of BEC scams. Title & escrow businesses must do more than warn homebuyers about the threat of real estate scams, they must also provide incident reports and concrete examples to help homebuyers understand the gravity of the issue and its far-reaching impact. (For more resources to educate your clients, visit The Coalition to Stop Wire Fraud)
2. Strengthen internal security systems
Title & escrow businesses must invest in best-in-class digital security. Do your due diligence to ensure your technology partners meet ALTA best practices and the highest standards for user data protection and security. Qualia’s team recommends businesses ask their technology providers these 7 questions to ensure compliance and security that meets the highest standards.
3. Train your staff on security protocols
While best-in-class technology is critical to business security, a system can still be infiltrated if employees are not taking the necessary precautions. According to a study by IBM, human error is the cause of 95% of cybersecurity breaches. “Human error” can include password delinquency, misdelivery, and decision-based errors. It’s important to educate employees on security protocol and create a culture of alertness. We created a daily checklist title & escrow agents can use to scrutinize emails and to properly close out the day. Download the checklist here.
4. Move communication away from email
New portal-based communication is replacing traditional email communication as a more secure space for exchanging information. App-based portals allow title & escrow businesses to securely communicate with homebuyers, real estate agents, lenders, underwriters, and other transaction party members in real-time, eliminating the need for fragmented email communication that can be intercepted by cybercriminals.
Interested in learning more about daily practices that can help minimize your business’ risk of a security incident? Click below to access our Daily Security Checklist for Wire Fraud Prevention.