Wiring Funds for Closing Scam - How It's Usually Done
Real estate closings are a big prize for scammers because large amounts of money are involved and the victims are already expecting to have to transfer those funds.
Scammers will obtain logins and passwords for email accounts and bank accounts from random people through phishing emails, data breaches, etc. They monitor emails on these accounts looking for real estate transactions and when they see one in progress will insert themselves into the process to try and divert funds to be transferred to them through an unwitting proxy.
Here's how it usually happens: Once a transaction is identified from a buyer's compromised email account (or any of the transaction participant's email account), they will gather the names and emails for the agents in the transaction, the title company (or escrow company) and the lender. They will send an email to the buyer, instructing them to wire funds for the transaction. This email will typically have fake, but very similar looking email addresses to the real players in the transaction, and will often have re-routed phone numbers as well. These emails will often contain specific information to the transaction like names of all the participants, property address, purchase price, closing date and more - information that they were able to glean from monitoring other emails to and from the buyer.
The account that they want the funds wired to will be a random person's bank account that they have also obtained login access to via phishing scams or data breaches, etc. Once the funds have been wired to the bank account of the unsuspecting third party bank account holder, they will access this person's account and remove all of the funds.
If the buyer was not expecting the request to wire funds for that amount or at that time, and replies to the email with questions (by hitting the reply button), it will go to the scammer, who will typically reply with fake, but convincing answers. If they call the number in the email, it will also go to the scammer. Sometimes the scammer will call the buyer as well, and they can spoof the Caller ID to make it appear they are calling from a local number, etc.
The people involved in these scams are usually versed on the real estate closing process and terminology used, and can sound fairly convincing to a buyer who does not work in the industry. However, the terminology used, English and grammar skills are normally not perfect, and can in most cases be quickly identified by any astute real estate agent, loan officer or title agent.
Often, once the initial sum of money has been sent and retrieved by the scammer, they will often attempt to get a 2nd transfer of funds. Many times this is the point when the buyer finally catches on because of the excessive and often aggressive demands from the scammer.
These phishing emails can usually be identified by:
- Slightly modified email addresses used.
- Different phone numbers.
- Imperfect English and grammar, punctuation, etc., or a writing style that does not match previous correspondence with the agent, title company or lender.
- Dollar amounts that do not match the amounts previously stated that the buyer would need.
- Being asked to wire the funds to an individual's account/name.
- Being asked to wire funds after the real funds have already been wired, or before they were originally told they should wire the funds.
Everyone involved in a real estate transaction should always be on the lookout for these increasingly common scams. Buyers should be educated on how to spot and avoid these scams up front, and agents should be diligent in watching for them as well.
To avoid getting scammed buyers should:
- Never accept an email purporting to be from a title company, lender or agent requiring them to wire funds for the transaction. Wire instructions will always be in an attached PDF, not in the body of the email, and should only be sent to the buyer AFTER a phone conversation directly with the buyer and either the title company or agent. That phone conversation should be initiated by the buyer.
- The Wiring Instructions will include the Title Company (or Attorney) as the 'Credit to' entity and should have the property address included as a note. The buyer should never wire closing funds to an Individual account.
- Any time a buyer receives an email requesting funds from anyone, including the agent, the buyer should call the agent to verify that the email is legitimate (on the phone number they already have for them, not the phone number in the suspicious email).
- If the buyer receives any email involving funds transfers, they should forward the email to the agent (don't reply to the email), and call or text the agent to confirm and discuss the email.
- Always be on the lookout for any email with email addresses or phone numbers that do not exactly match the known emails and phone numbers, poor English or grammar, dollar amounts that don't match expectations and/or any requests for funds transfers that were not specifically discussed previously and not exactly anticipated.
Agents that are made aware of a possible scam attempt on any transactions they are involved in should immediately contact a company managing broker for the appropriate next steps. All scam attempts that are identified, whether they were successful or not, should be reported to the FBI. For South Florida, their contact number is 754-703-2000.
Here are a few additional tips to help you reduce your risk of becoming a victim of wire fraud.
1. Use an up-to-date browser that will often alert you of phishing scams.
2. Use an email service and client that scans your incoming emails for potential phishing, fraud and unverified senders. Gmail is pretty good at it.
3. Secure your email account and your online banking login with 2 factor authentication.
4. Use unique passwords for you email login and bank log in - meaning that you should use the same password for both and don't use a password that you are already using elsewhere.
5. Use strong passwords or use a password generator/password manager to generate passwords for you. If you are using a password manager, make sure you secure it with a very strong password and 2 factor authentication - all the ones I know offer 2 factor authentication.
Here are a couple of example of phishing emails and a warnings from Gmail. If you see a such warnings or similar warnings, do not ignore it.
Examples of other warning that shouldn't be ignored:
Here is an example of a phishing email I received a while ago.