New Jersey warned credit unions, banks, mortgage lenders, loan originators, title insurers, title, real estate agents, and consumers about hackers trying to pocket mortgage funds during the home-buying process.

“There are many versions of wire fraud that pose financial threats to firms conducting mortgage loan transactions, as well as the consumers and small businesses they serve,” New Jersey Department of Banking and Insurance Acting Commissioner Marlene Caride said in the bulletin.

The threats are not new but increasingly, malicious hackers spoof emails as part of spear-phishing attacks designed to trick real estate buyers into wiring money into the hacker's account. The FTC has also issued a consumer advisory warning of scammers phishing for mortgage closing costs.

“Hackers have been breaking into some consumers' and real estate professionals' email accounts to get information about upcoming real estate transactions. After figuring out the closing dates, the hacker sends an email to the buyer, posing as the real estate professional or title company,” Colleen Tressler, Consumer Education Specialist, FTC, wrote.

Asaf Cidon, VP/email security at Campbell Calif.-based Barracuda Sentinel said: “The FBI estimates that $5 billion has been lost from fraudulent wire transfers. He added, this type of fraud acutely affects the real estate industry because there are large amounts of funds moving hands. “It's one of the best ways for cybercriminals to get a hold of a $100K or $200K wire transfer.”

Additionally, the target of these scams are typically consumers, many of whom have a very low awareness of these types of attacks. “When you factor in the pressure of closing the purchase of property, a deal that has likely been in the works for a while and is just about to come to fruition, it is easy to see how homebuyers' eagerness can get the better of them,” Cidon explained.

All these successful scams share one unfortunate result: the funds diverted through these criminal acts are nearly impossible to recover, Caride added. “These industries handle millions of dollars in wire transfers every day in connection with mortgage loans and taking precautions to safeguard these transactions should be a high priority.”

These types of scams generally involve a bogus email sent to the consumer with a last-minute change to the wiring instructions. It instructs the buyer to wire closing costs to a different account. But it is the scammer's account.

This nightmare scenario could have substantial financial consequences for the homebuyer, who might end up losing the house, a whole lot of money, personal information, and much more.

In a report, published last summer, the phishing experts at Barracuda Sentinel dissected an incident where an attacker attempted to interfere with a mortgage closure. The attack attempt, made at the eleventh hour of a mortgage deal, tried to trick a home buyer into wiring a large payment into the wrong hands.

According to the case study, all seemed to be going according to plan until the day the buyers needed to wire funds. They received an email from their mortgage company stating they switched banks, and to follow the updated wiring instructions in the email attachment.

Fortunately, in this instance, the message raised a red flag and the client immediately called his mortgage agent to investigate before proceeding.

The homebuyer did everything right to avoid a catastrophe. They questioned the request, identified the spoofed domain, and immediately called the mortgage agent to confirm the message was in fact a scam. More alarming was the mortgage company's reaction. They noted it is a wide-spread problem but did not seem interested in considering the issue any further, the Barracuda study reported.

There have been several news reports of similar incidents, where the phishing victims were not as fortunate.

The New Jersey bulletin also revealed a new wrinkle in the scams using a phony phone number. Previously, the FTC suggested applicants verify all details of the transaction via a phone call. “But scammers are now deploying phone 'porting' technologies, to intrude into that safeguarding process, masquerading as a trusted party.”

“This department recommends that every regulated person that uses wire transfers be extremely careful when communicating wire transfer instructions electronically and ensure that any third-party service providers are extremely careful,” the N.J. bulletin stated.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).