I heard a horror story yesterday. True story:
Clients email their attorney asking for wire instructions to send their down payment in to the title or escrow company for their purchase of a new home. Attorney sends email back indicating that his policy is to not provide wire instructions as a result of recent incidences of wire fraud and advising his clients to call the title company directly to get the instructions and verify them. THAT EMAIL FROM THE ATTORNEY GETS INTERCEPTED BY A HACKER BEFORE THE CLIENTS RECEIVE IT. The hacker then sends an email back to the clients purporting to be their attorney (e.g. changing email from firstname.lastname@example.org to email@example.com) and providing alleged wire instructions for their closing. The clients wire the funds per the bogus instructions. And poof! Their money is gone.
Unfortunately - this is not an isolated incident. According to the Internet Crime Complaint Center, the number of wire fraud scams reported by title companies spiked 480 percent in 2016, according to a warning issued to businesses by the FBI. These hackers and criminals monitor the emails of parties involved in real estate transactions, watch the progress of the transaction, and determine who may be requested or has been requested to send funds. They then create a fraudulent email that mirrors or appears to be identical to those that they trust.
This raises at least two very important questions: 1) how can this be prevented; and 2) who can be held responsible?
Security is key. And while there is no guaranty that security measures will always work, if you put certain measures in place, you have a better chance of recouping losses because you’ve taken reasonable steps to protect yourself. For example, if you have any involvement in a real estate transaction where there is a wire that will be transmitted, consider the following measures:
- Build a warning into your emails and a disclaimer that says you will not discuss personal financial information over emails.
- Always call the title company, your lender, or attorney, before wiring any funds, by looking up their contact information independently and verify the wire instructions with them that you’ve received (DO NOT RELY ON THE PHONE NUMBER LISTED ON THE WIRE INSTRUCTIONS YOU RECEIVED!).
- Avoid free Wi-Fi.
- Use strong passwords and change them regularly and advise everyone involved to do the same.
- Use encryption if available.
- Use an email account that has layers of authentication. Gmail, AOL and Yahoo do not usually require additional forms of authentication and therefore are more susceptible to hacking.
But what if it’s too late and your life savings were just unknowingly wired out of the country? Who do you hold responsible?
Obviously, the first step is to notify authorities such as the FBI or Federal Trade Commission and hope that they conduct an investigation. Further depending on the security measures of your attorney, the title company, your lender or your agent - there may be a claim against one or more of them if they did not take “commercially reasonable security measures” in their communications. There is not a lot of case law on this. But a court will likely look at the steps everyone involved took in verifying wire instructions. So - because everyone is at risk to this type of cybercrime, whether the victim or someone who could be held responsible - it’s increasingly important to take as many precautions as possible and educate yourself on data security so you decrease the chances of your falling prey to wire fraud.
If you have any questions about the wire transfer process and your upcoming transaction, feel free to contact Kelly Anderson (847-705-7555 or firstname.lastname@example.org) at Lavelle Law who can assist you in getting your questions answered.