Social engineering continues to plague real estate attorneys as cybercriminals target an industry known for large wire transactions involving many different people and entities.
Over the past 5 years, cyber scams have steadily increased for small business owners. But, this increase has been intensifying for real estate attorneys. Many professional liability insurance companies have seen an explosion in the number of claims filed relating to social engineering and wire fraud.
At Protexure, we are seeing the devastating effects these cyber scams have on attorneys when they are successful.
When speaking with attorneys affected by a cyber attack, many are saying they were unaware these scams are so prevalent in their industry.
The best defense against social engineering and wire fraud is education on the tactics used and strategies to protect yourself and your law firm.
Social engineering fraud is a broad term that refers to the scams used by cyber criminals to trick, deceive and manipulate their victims into giving out confidential information and/or funds. Scams are carried out online by email, social media, telephone, or even in person.
Wire fraud is a complex scheme that targets individuals making wire transfer payments. In the real estate industry, both attorneys and homebuyers are targeted during the home-buying process.
These schemes are typically carried out via email and contain wire transfer payment instructions. These emails are very detailed and will contain all the correct information including names, purchase prices, addresses, etc.
To better illustrate how these schemes work, below is a wire fraud claim scenario.
In this scenario, the attorney was holding funds for the client who intended to do a 1031 tax-deferred property exchange in order to avoid tax liability.
Under the rules, an intermediary, such as an attorney, must hold the funds on behalf of the owner and then distribute them for a designated property of equal or greater value within 45 days. If a designated property is located within 45 days, closing must occur within 180 days.
Here, the deadline for designation was approaching and the client could not locate a suitable property. He requested his funds back supposedly in the form of a check in the amount of about $65,000.
Simultaneously, the attorney’s executive assistant received an e-mail purporting to be from the client requesting the funds be instead wired into a bank account.
In this scenario, the assistant never saw the original email requesting the funds in the form of a check. She did not call the client to validate the e-mail and wired the funds to the fraudulent party.
The assistant was familiar with the client and simply thought it was his e-mail, so she wired the funds.
This law firm had little or no financial protocols or procedures to ensure the fidelity of client funds. Informally they would double-check in some situations where they are less familiar with the parties involved.
Once the firm realized this was indeed a scam, they reached out to law enforcement and the bank in an attempt to claw back the funds, but this was unsuccessful.
Educate: Education is key! Make sure you, your employees, and even your clients know about the growing threat of real estate wire fraud. The more you train your employees to understand the threats targeting the real estate industry, the less likely they are to click malicious links, open unknown attachments, and fall victim to social engineering.
Create procedures and protocol around wire transfers: In the claim scenario above, proper procedures and protocol around wire transfers could have prevented them from falling victim to this scheme. Ensure your staff follows these procedures every time a wire transfer is done.
Segregate duties: if possible, require two people to execute a wire transfer. Establish a protocol where one employee initiates a wire transfer and another employee approves it.
Set up a verification process: it is critical that every wire transfer request is verified by phone. This is especially prudent if a wire transfer request was made via email. To verify a wire transfer, be sure to use contact information that was previously used and on file.
Confirm everything and verify the writing instructions are correct before sending. Verify the bank routing number and location are correct.
Be suspicious of any changes to wiring instructions, especially changes made on Fridays or before holidays. Any time wiring instructions are changed, verify with a phone call.
Secure your devices and accounts: Always use a dedicated and secure computer for online banking. This computer should be up to date with antivirus protection. Additionally, keep up to date with your bank's security measures, and check in to see what security measures are available to you through your bank.
Slow down: Take an extra moment before wiring any funds to scrutinize the request. Fraudsters purposely create a sense of urgency in order to cause confusion or panic.
Double-check email addresses, make an extra phone call or consult with your financial institution before processing any requests. The extra time it takes to verify all the details is well worth it.
Verify the Transaction: After a wire transfer is complete, make another phone call to ensure the money was received by the correct recipient.
If you believe you have been victimized by wire transfer fraud there are a few steps you can take to try and recover funds. If you suspect wire fraud you must act immediately because once funds are in a new account, there is little that can be done to recover those funds.
Contact All Banks: Immediately contact both your bank and wire transfer company if you believe you may have been a victim of a scam. Request a wire recall and they may be able to get the money back that you sent.
File a Complaint With The FBI: Your local FBI office can assist in freezing funds and tracking fraudsters. If the bank is unable to recall the funds, the FBI should be your next call. You can find your local FBI office here.
In the claim scenario above, the attorney's professional liability policy responded to the incident.
While Insurance will not prevent wire fraud, it may cover losses and expenses to recover from a cyber attack. With cyber fraud on the rise, a professional liability policy and the addition of cyber-specific coverage can protect you and your law firm from potentially substantial losses.