Cybercriminals recently stole $77,000 from a family in Florida as they were closing on their dream home.
A woman, her boyfriend, her sister, brother-in-law, and her mother went in together to purchase a property in Jensen Beach, Florida. Their bid was accepted, and everything went smoothly, until their real estate attorney asked for a check for the $77,000 closing fee.
The woman's brother-in-law informed the attorney that he had already wired the $77,000 closing costs to the attorney's secretary. However, the law office never received a payment.
The brother-in-law had wired $77,000 to a cybercriminal. He was tricked by a sophisticated real estate scam.
The brother-in-law received an email, which appeared to be from the attorney's secretary, directing the brother-in-law to immediately wire the closing costs to avoid a delay. In the email, the alleged secretary claimed to have limited phone access and instructed the brother-in-law to email any questions. He wrote back and received instructions on how to wire the $77,000.
The email appeared legitimate on first glance. The sender's name matched the secretary's name; the email contained the law office logo and correct signature information; and the attorney appeared to be copied on the email. However, upon closer inspection, the email addresses were close, but not the exact addresses of the secretary and attorney. Scammers had hacked someone involved in the closing process.
The Martin County Sheriff's Office said these types of crimes take time to investigate. The family was able to purchase the home, but does not expect to recover the $77,000 they lost in the scam. Danielle Waugh "CBS12 News Investigates: Family loses $77,000 in real estate scam" cbs12.com (May 17, 2019).
Business email compromise scams pose a serious risk for organizations and their customers. According to the FBI, these types of scams are on the rise. In 2018, 20,000 Americans fell victim to real estate scams, a type of business email compromise scam, and lost nearly $1.3 billion dollars as a result.
In business email compromise scams, cybercriminals target employees in order to steal money from the organization or their clients.
Hackers may hack organizations including law firms, title companies, and real estate agencies to carry out sophisticated scams like the one above. In these scams, cybercriminals monitor emails sent between employees and clients in order to gain information needed to spoof an email and target a client closing on a home. Then, they will send a legitimate-looking email to the client instructing him or her to wire large sums of money to the cybercriminal.
In other cases, cybercriminals will try to get an employee, generally in the finance department, to send money. They will gather information that is available online about the employee and the organization. They will use this information to groom the employee through spear phishing emails. Cybercriminals will convince the employee that he or she is conducting a legitimate business transaction before they send the employee wire transfer instructions.
The ultimate goal of business email compromise scams is to get a target to wire transfer money to a bank account, generally located in a foreign country, that is controlled by the criminals.
If you ever receive a request to wire transfer funds, look closely at the email. Often, email addresses are just a bit off—they may switch a letter in the sender's name or come from a different email provider. Do not assume that the request is legitimate simply because the email claims to come from a legitimate organization.
Be extremely cautious when conducting business with individuals over email. Confirm the legitimacy of the individual or organization before engaging in any business discussions. Always call an individual who requests a wire transfer using a known telephone number—not the one listed in the email—before ever sending money.