Business email compromise (BEC) scams, carried out via social engineering or computer intrusion, have garnered an unprecedented amount of victims as of late - specifically in the real estate sector.
According to the FBI, BEC scams are carried out when legitimate business email accounts are compromised to conduct an unauthorized transfer of funds, or request personally identifiable information (PII) and W-2 employee forms.
The FBI’s new Internet Crime Complaint Center (IC3) saw a 1,110% increase in the number of BEC victims reporting real estate transaction losses between 2015 and 2017. In May 2018, the IC3 reported the highest number of BEC real estate victims since its inception.
The FBI says BEC scams target every size company, in every state and 150 countries across the globe, including title companies, real estate agents and law firms and buyers and sellers. Most often, BEC scam victims receive a spoofed email on behalf of a party involved in a real estate transaction with instructions directing them to change a payment type or location to a fraudulent account. Once funds are deposited, they’re depleted rapidly, making recovery difficult or impossible.
What can you do to safeguard your business from BEC scams?
BEC actors use any information that’s publicly available on real estate listings to target their victims. This could include home addresses, listings under contract and a real estate agent’s personal and public information.
To safeguard professional real estate information, consider the following:
- Verify all requests for a change in payment type/location. According to the FBI, BEC actors often request payments originally scheduled for check dispersal be made via wire transfer instead. They may also request changes to the original recipient’s financial information.
- Be wary of any communication that is exclusively email based. Always establish a secondary means of communication for verification purposes. Don’t take an email requesting payment changes at face value. Be skeptical.
- Be mindful of phone conversations. Victims of BEC scams report receiving phone calls from the hackers themselves requesting PII for verification purposes. Some victims even say they were unable to distinguish the fraudulent phone conversation from a legitimate one. Consider establishing code phrases that are only known to the two legitimate parties.
- When you discover a fraudulent transfer, time is of the essence. Contact your financial institution immediately and request a recall of funds. Then, call your local FBI office and report the fraudulent transfer. Finally, regardless of dollar loss, file a complaint with the FBI’s IC3.
Contact your HUB Real Estate Specialist for more information on how to minimize your risk of BEC scams by instituting best practices and transferring your risk of cybercrime to the right insurance policy.