[Webinar Recap] Securing Your Transactions: A Wire Fraud Q&A

Wire fraud is one of the greatest financial threats facing the real estate industry, which suffered a reported $396M+ in adjusted losses in 2022 as the result of business email compromise (BEC) scams alone. HousingWire reported that 50.5% of real estate transactions in Q4 2022 had issues leading to fraud at closing. With instances of wire fraud on the rise and bad actors growing ever more sophisticated in how they’re committing these attacks, title & escrow companies must remain vigilant. This Q&A highlights some of the main areas of risk in the closing process and steps title & escrow professionals can take to help mitigate the impact of wire fraud.

What are the most common trends you’re currently seeing in how wire fraud is being committed?

Andy Koch: The most common trends we see from a banking perspective are fraudulent loan payoffs and fraudulent earnest money and cash to close instructions. These are typical across almost every single title company we talked to, and they happen on a daily basis. If you could find a way within your business to be attentive to what instructions are going out to buyers for cash to close and earnest money payments and also protect yourself against fraudulent loan payoff instructions, you would hit over 90% of the fraud attempts that happen in  real estate transactions.

Can you share some real-life examples or case studies of wire fraud incidents in the real estate industry and the lessons learned from them?

Andy Koch: What we [the bank] see frequently are fraudulent loan payoff instructions. We hear about this happening almost weekly.  We’ll get a frantic call from someone saying, “Hey, we sent a wire for a loan payoff, but our bank is saying they haven’t received it yet.”  The lesson learned from this scenario is that time is of the essence. 

I heard a statistic that when a wire goes to an account that’s owned by a bad actor, it’s usually a domestic account here in the United States, but the money stays in that account less than six or seven minutes before it’s distributed overseas. The lesson learned is to have a very good contact at your financial institution who you can reach out to immediately if you suspect anything. Banks talk to each other, and they can freeze that other account, at least for the purpose of finding out if a wire was sent fraudulently or in error.

What are some common red flags or signs that a wire transfer request might be fraudulent?

John Melvin: A lot of wire fraud resulting from fraudulent loan payoff instructions is wrapped around business e-mail compromise (BEC). We’ve all heard the horror stories of BEC. In terms of red flags, it really comes down to looking at who the email is from. Sometimes it’ll be a .org or a .net when it’s supposed to be a .com. You have to look at that email address and make sure it’s right.

Secondarily, you should look through the email itself. Fraudulent emails will often have misspellings or grammatical errors. While they’re very nominal, they’re very significant red flags.  If we do a little bit more due diligence here, we might be able to prevent some of these instances of fraud.

Why are payoffs and earnest money deposits so prone to fraud? 

Andy Koch: Payoffs are usually large dollar amounts in the hundreds of thousands. Typically, bad actors are going to try to divert as many of those funds as they can. They’re not going waste as much time trying to get your water bill or hacking into your local city for $34.26. They’re going to go after the $462,000 dollar loan payoff, if they’re able to, because they only have to do the work once to make more money than they’d make in years going after small amounts. If they can get a few payoffs, then they’re set for life. 

When it comes to earnest money deposits, that’s a different attack and  a different mindset. It’s going after people. It’s people who don’t do this a lot. It’s home buyers, it’s consumers who will maybe do this once or twice, maybe three times, in their entire life. In certain markets, there are bidding wars going on and people are afraid of losing out on the home, so they’re going to do whatever they think they have to and maybe throw a little bit of caution out the window. 

Second to that, there are many realtors in the industry who are still using Gmail accounts for their business, and they’re maybe not the most secure things in the world. Sometimes all it takes for Gmail is a password reset, and if a bad actor is good at what they do, they figure out how to intercept that reset and then start sending fraudulent earnest money instructions that look like the real thing.

Is there anything that title & escrow companies can do when they’re sending a wire for a payoff to help mitigate the risk of it being released to a fraudulent party?

Andy Koch: The first is using an account validation tool. Most financial institutions have this available. I know at our bank we  do. It’s an account name, account number, and routing number match. It’s done instantly. It gives you a red light, yellow light, or green light response. Red light means don’t send the funds – the name doesn’t match or the account is closed.  Yellow light could be, for example, a maiden name versus a married name. You should pick up the phone to find out for sure. Green light says that based on the information entered, the wire is going to the right place. That would  be step one. It’s the cheapest, easiest, quickest way to verify that your funds are going where you think they’re going.

Secondly are internal practices and controls. If you’re sending a wire, make sure you have dual authentication. You want to have one person initiate the wire and a separate person approve. This reduces the likelihood that one bad actor within your company can initiate and approve a wire going out that’s bad funds.

John Melvin: I would consider going further and segregating the dollar level of those initiation permissions. For example, maybe you set your first threshold at $50,000, and there’s someone that just handles payments that are $50,000 and below. Then you have a second person that handles payments from $50,001 and to $100,000. Then a  third person handles payments that are $100,001 and up. That way, you have multiple eyes on payments, because vigilance is the critical piece here. 

What should real estate professionals, including agents and buyers and  sellers, do to ensure the security of their financial transactions during a closing?

Andy Koch: Ask yourself, who’s the party that touches every one of those people throughout a real estate transaction? It’s the title company, right? There could be multiple banks involved – there are the buyers banks, the sellers banks, mortgage banks – so the bank doesn’t have the control to know who all of the parties are. But the title company generally knows who the seller is, who the buyer is, who  the agents are. We’ve seen some best practices across the title & escrow companies that we work with where they ask to be the ones to send out any closing-related information, especially to the buyers and to the seller. Generally, those companies will have a big warning box below their email signature warning people to call them before they send any funds and make sure they’re sending them to the right place. Letting the title & escrow company be the quarterback of the entire real estate transaction is an important step. I think we’d see a lot of fraud attempts mitigated by having the company that touches all the parties be the leader in that situation.

John Melvin: I completely agree. One of the things that we’re seeing as a future-facing model is new types of multi-factor authentication (MFA). Most title & escrow companies are already using some form of MFA for wire initiation. I think in the near future we’re going to see some sort of personal QR code where you can create a QR code for the individual buyer or the real estate agent for financial transactions. 

What’s the best way to combat seller impersonation fraud? 

John Melvin: Bad actors are working very diligently to copy passports,  driver’s licenses, etc. Despite our best efforts, there’s some pretty good documents out in the marketplace. Whether it is a virtual closing or an in-person closing, there are ways for title & escrow companies to start putting in key phrases or key terms to help verify someone’s identity. This would be information that only that particular person would know, like the name of  their first dog, and it would be shared just before the closing to confirm that person’s identity. The real estate agent can play a role in capturing some of this information and sharing it with the title company who can then create a secure phrase that’s not sent via email, but through a separate app that the seller would have access to.

Andy Koch: That’s exactly right, John, that something that’s known to you and the seller. It’s just like when I call my bank or credit card company and they ask me who my first grade teacher was. It’s something known to you, as the title agent, and known to the seller. 

Sometimes it’s as easy as googling somebody or looking them up on social media to see if they have any profiles associated with their name. It takes an extra minute or two, but I’d rather take an extra couple of minutes to verify someone if there are any doubts at all. Your gut feeling tells you a lot. Humans are amazing when it comes to sensing when something’s wrong.

“If you think something’s not right, stop what you’re doing and take the time to check it out.”

– Andy Koch

How often should title & escrow companies update their wire fraud prevention policies to provide training to their staff?

John Melvin: I look at this question from a volume perspective. How many wires does your company do on a daily basis? If it’s a fairly low volume, you’ll want to make sure you’re reviewing everything with your staff on a monthly basis. Lower volume shops don’t see wire fraud as often, so they’re not necessarily as vigilant. Higher-volume shops are probably looking at this on a weekly basis, particularly in terms of what’s going on in the industry and what red flags they should be on the lookout for. Now, I don’t want everyone thinking they need to be updating their policies and procedures once a month. But it would be good to review these on a quarterly basis to make sure you have good controls in place. 

There’s one little thing that I think is extremely important for all organizations, and that’s having an audit function to track who sent a wire, when a wire was sent, that sort of thing, in order to prevent internal fraud. Just as we talk about external fraud, sometimes the bad actors are internal, so we need to be equally vigilant there. The more eyes we have on a transaction, the less likelihood there’s going to be an opportunity for fraud.

Andy Koch: I would say to leverage your banking relationships for information. Every bank, no matter the size, has a risk and compliance group, especially when it comes to wires, checks, ACH, etc. We have our own hackers at US Bank that go in and find out what the bad guys are doing, and we have that information readily available to our clients. When we do relationship reviews with our title & escrow companies, I bring up payment fraud every single time. It’s my job to bring this information to my clients and ensure they know what the bad guys are doing, what’s new in the world, and how to mitigate that. It’s a free resource – use your banks. Ask them what’s going on. Don’t be afraid to call and say, “Hey, can you have someone speak to our team about what’s happening right now in the world of fraud?”

What’s the best way to train employees (new and existing) to recognize fraud attempts?

Andy Koch: With new employees in onboarding, you need to scare them. They need to understand that they are the stewards of the funds being exchanged in a given transaction. It’s up to them to follow the policies set out for them. Let them know the horror stories, the precautions of relaxing just one time or not following a procedure just one time.

For existing employees, at our bank, we get sent attempted fake emails all the time. If we accidentally click on something that our internal security group has put out, then we have to do loads of additional training. A few years ago our company sent out a fake link on Valentine’s Day that had all the red flags that you’re supposed to lookout for. It had a link in it and said something like, “Someone sent you a secret admirer gift. Click here to accept it.” It went out to everyone, and you could hear down the hall of the bank the ping of the warning coming up saying “You should not have clicked on that. Now you take additional training.” 

As an employer, don’t feel bad if you have the technical capability or can hire a company to do those security checks. I speak on fraud on a monthly basis, and I was one of the ones who clicked on the link, and now I have to go take additional training by the end of the year. But every time that happens, I’m a little bit more vigilant.

What can  title & escrow companies do to build trust with their clients when discussing wire fraud mitigation measures?

Andy Koch: Let the title company be the quarterback, be the leader, in the real estate transaction and utilize resources. Use your bank. Bring your bank’s security people in to talk to the lenders you work with, the agents you work with. Make it a monthly, quarterly, semi-annual event where you’re bringing something of value to all those different parties and reinforcing that you are the knowledge leader, the thought leader, when it comes protecting them and their clients.

John Melvin: Create transparency between the title company, agents, and all parties that are part of the transaction. Build that rapport so that, should something happen, everyone can react quickly because they have  their eyes on the transaction and they know who to reach out to.

How should title & escrow companies respond if they suspect a wire fraud attempt or have fallen victim to it?

Andy Koch: I cannot stress this enough that time is of the essence. Contact the financial institution immediately to see if they can freeze the account before anything else happens. Have a relationship with your financial institution, know who to call, and have a plan in place in the event that wire fraud occurs. I’ve made the analogy to the plan you have for what happens if there’s a fire in your house. Who gets the dog? Who gets the hamster? Where do you meet? How do you get out from the second floor? 

Have a plan for if you even suspect wire fraud. Just call your financial institution immediately. US Bank has a team that, as soon as there’s a fraud case, immediately contacts certain law enforcement. We contact the sending bank, the  receiving bank, whoever it happens to be.  We look at accounts immediately. We freeze them if we have to, which means nothing can come in, nothing can come out.

“If you suspect that you’re a victim, even if something just doesn’t seem right, call your financial institution immediately. The best thing you can do is not waste time.”

– Andy Koch

John Melvin: We were talking earlier about training new employees and the existing employees. We have some companies that do those phishing exercises, and I think there’s nothing wrong with doing a full-blown exercise where it’s just out of the blue and you have your staff react to it. “You just had fraud happen, what are you going to do?” 

Not only do you have a plan, but you have an execution strategy from a training perspective. You go through that exercise to see what happens and see if you have the right metrics in place, the right contacts in place,  the right phone numbers for all of those entities that you need to contact to ensure they’re part of your communication strategy.

In California, there are independent escrow companies. Can you clarify what you mean in that respect where you have the escrow company leading the conversation?

Andy Koch: I know that closings differ state by state and funds can move in different scenarios, but somebody has to be the leader and be the one communicating with the real estate agents, the lender, the bank itself, to finalize the transaction. Always think about education as part of the service you offer them. Ultimately, it’s going to be on the title and/or the escrow company, they’re going to be on the hook if something goes wrong, whether it’s reputationally or financially. Control what you can and be the leader for all the people that you work with and all of your partners.

When it comes to verifying things like loan payoffs, where funds are going out, some extra due diligence – no matter how much time it takes – is worth it. If you’re sending a wire to, say, the US Bank Loan Payoff Division, and you just got the instructions today, and it’s not the place you’d normally send loan proceeds to, go search for yourself. Go google “US Bank Loan Payoff Group, Phoenix, Arizona,” or whatever it happens to be, and find a contact number or name there. Do the little bit of extra research. I know there are third party companies that will do that and will verify pay off instructions if you don’t feel like doing it yourself. Go outside a little bit and verify what you are doing in a different way.

“Never take a phone number or email address from emailed instructions. If it’s a bad guy, all you’re doing is verifying with the bad guy what the bad guy wants you to do.”

– Andy Koch

Why don’t more banks do a name match on wires?

Andy Koch:  The name really isn’t technically required in some cases for a wire. It’s the account number and  routing number that are the important things. At US Bank, our account validation service includes doing a name match before you send a payment to get the green light, yellow light, red light result that I mentioned earlier. Most financial institutions have a service or something similar available. For the very low cost and the quick response, it’s worth it to use an account validation service or tool before you send the payment out because it’s not up to the banks to do a name match on the wires, technically.

Does US Bank match the name on the wire with the name on the account?

Andy Koch: Our account validation service leverages a very large database of bank account information to verify that the name on the account, the account number, and the routing number all match up as it should. That is separate from an individual payment, where you could, for instance, put in “A.K.” instead of “A. Koch” to send a wire to me, and it would be up to the financial institution to determine whether or not that payment is allowed to go through.

John Melvin: It’s really the account number and routing  number that we’re validating. There are some checks depending upon the value of the wire that will get scrutiny. I don’t want to divulge too much on that side because there are some secrecy things that we just don’t want out in the marketplace, but we’re doing our dead-level best to prevent fraud on the front end. If there is something that does look somewhat out of order, we’re going to try to catch that, if at all possible. But with the volume of transactions that we do, we’re relying heavily on you all [the title & escrow companies] for that front-end first review. It takes a village for all of these transactions to get conducted, so we all need to be diligent in the same token.

Are there any final tips or remarks you want to share?

Andy Koch: Over the last 18 months or so, we’ve seen an uptick, not just in the real estate industry, but across all industries, in what we’re calling internally vendor fraud. It’s when the bad guys are able to see what bills you have as a company. I’ll share an example that was attempted on a commercial real estate company that’s a client of ours. It was a Friday, and accounts payable (AP) person got a call on Friday afternoon from “Kevin” at waste management.  “Kevin” said, “Hey, I’m so sorry to call you this late. You’re on the last page of people we needed to call. We know you have a $13,400 dollar check due to us today, but we changed our bank information, and I’m trying to call everybody as quickly as I can to let them know. So, this is where you need to send our check. This is our new banking info.” The AP person was like, “Thanks for letting me know. Didn’t want to send it to an old, closed account.” Fortunately someone overheard that and stopped them from falling victim, but think about that.

“Any time someone calls you to change bank account information should be an immediate red flag.”

– Andy Koch

There’s a bunch of red flags when you look at emails you receive. That’s why it’s so important to have your company set up so that when someone has an external email come in, it comes in with the big letters that say “External” and a red box across the top. The reason to have those is because of business email compromise (BEC). Someone can alter an email address where it’s an uppercase “I” instead of a lowercase “L” in someone’s name so it looks like it’s coming from the CFO, or it looks like it’s coming from somebody you know. If you have that “External” tag, it says, “Hey, wait a minute. Why would this person be sending an external email if we work at the same company?,” which leads you to say “Something’s not right here.”

Go with your gut. Ask, “Why is someone asking me to send money?” or, “Why is someone asking me to change bank account information?” Look for urgency – it’s Friday afternoon and something has to be done today, you have to make a movement right now – just look for anything that’s a red flag.

John Melvin: At the end of the day, it really comes down to vigilance, having really good process controls in place. Use some form of internal dual control, whether it’s a key phrase or information known only to the relevant transaction parties, to ensure you’re dealing with the right people. As we continue to see technology improve, consider employing new technology to help mitigate fraud.

This is a big space. We see wire fraud happen every single day, and the threats are real. When we look at fraud in a global context, we’re anticipating $20B in check fraud alone this year. You look at fraud as a whole, you’re looking at over a trillion dollars in fraud, whether it’s payment fraud, impersonation fraud, etc. That all affects us all, and it takes us all to be vigilant.

This Q&A session was done as a follow up to a previous webinar, “Combating Wire Fraud in Real Estate Transactions,” in which Mr. Koch, Mr. Melvin, and Ms. Quintyne discussed tactics for mitigating the risk of wire fraud. Click below to access a full recording of their earlier conversation.