Justin Rubinstein, a licensed associate real estate broker at Compass, was working with a buyer to close on a one-bedroom condo on the Brooklyn waterfront in June of 2016. As the deal was being finalized, the client received an email — ostensibly from his lawyer — providing specific instructions about where to wire a $213,500 down payment.
Within moments of sending the money, the client discovered that the wiring instructions had not been sent by his lawyer, but by a scammer, and that he was a victim of wire fraud. But the client got lucky. He alerted his bank immediately and was able to put a freeze on the account before the funds were transferred.
“The criminals operating the scam hacked into the attorney’s email, monitored their account, and closely followed their deals,” Rubinstein said. “When it came time to send a wire for the down payment, they intercepted the email and sent fraudulent wire instructions to the purchaser.”
In the fast-paced real estate industry, where emails with highly sensitive financial information are freely shared with little or no face-to-face interaction, scammers have concocted a sophisticated, if rather simple, wire fraud scheme. By hacking into and closely monitoring the email exchanges of the parties involved in real estate transactions, scammers are able, at the eleventh hour, to pose as one of the participants, and request that down payment funds be wired to fraudulent bank accounts. Having spent weeks intercepting personal information, the criminals are able to craft extremely compelling and customized email requests.
“There are many players involved in these transactions,” said James Abbott, a supervisory special agent for the FBI’s criminal investigative division. “Whether it’s a real estate agent, an escrow company, a real estate lawyer, buyer or seller — there are a lot of potential targets.”
Abbott said that when the email account of someone involved in the transaction gets hacked, the message can appear to have originated from someone other than the actual source, or the criminal can email the victim directly with wiring instructions and write with authority, having monitored all the previous messages between the actual participants in the deal.
Frederick Peters, chief executive of Warburg Realty, has been one of those targets. “We’ve seen this very clever trick of criminals sending emails from ‘spoofed’ accounts,” he said, referring to accounts that had been forged to mimic his own. “The email address will be slightly different, maybe one letter off of my actual account, and they write my accounting staff with wiring instructions.”
The Warburg staff had been taught how to identify suspicious emails, and none of the attempts were successful. “You have to train all your staff, both brokerage and support, to know not to act without verifying” the transaction, Peters said.
The FBI says scams involving real estate — including the ‘spoofed’ accounts — are on the rise. From October 2014 to October 2019, the FBI reported a total of 3,766 victims of real estate scams across the country and internationally with losses totaling nearly $339 million. Of those victims, 799 were reported between January 2019 and October 2019, with losses totaling more than $69 million.
If you discover that you are a victim of a fraudulent transfer, it is important to act quickly. “Immediately contact your financial institution and request a recall of funds,” said Kati Daffan, an assistant director in the Federal Trade Commission’s division of marketing practices. “If you used a money transfer company, like Western Union or MoneyGram, call their complaint line right away.”
Also, contact your local FBI office to file an official report with law enforcement, or at the very least, file an online complaint with the bureau’s internet crime complaint center. “If your bank requests a police report, you can use a copy” of the online complaint, Daffan said.
But some scammers have already anticipated this quick-response defense.
Just before the Fourth of July weekend in 2016, Sherry Ajluni, another Compass agent, was working with a seller to close on a four-bedroom house under contract in a suburb of Atlanta. But the email of the buyer’s agent was hacked. “They made it look as if the agent had sent the buyer wiring instructions for closing, so he could send his funds to the attorney,” Ajluni said.
The funds, which totaled around $13,000, were instead wired to a fraudulent account just before the banks closed for the holiday, making it impossible for them to be recovered. In this case, the money couldn’t be tracked down. The buyer was able to close on the property only after both agents involved in the deal gave up part of their commissions to make up for the lost money.
“I see a lot of instances of wire fraud taking place toward the holidays and right before the weekends,” said Mark Hakim, a real estate lawyer at Schwartz Sladkus Reich Greenberg Atlas LLP. “As soon as the banks shut down, there’s little recourse.”
The growing practice of conducting real estate transactions by email means that the legitimate participants have to become more vigilant.
“While you may have taken every precaution in the world to safeguard your email platforms, you never know what measures have been taken on the other end,” Hakim said. “A broker having a cappuccino at Starbucks might be on their laptop sending sensitive emails using a public Wi-Fi network that’s been intercepted.”
The best bet, suggests Chen Konfino, chief executive of Younity, a MetaProp portfolio company, is to use a virtual private network (VPN) service on your device to encrypt the traffic from your machine to a secure exit point, where your internet connection and emails can’t be intercepted in the first place. (And in the event of a security breach, investigators may be able to use the public IP address to track down and isolate the time and location of the incident.)
“If you can’t afford a VPN service, connect to a personal hot spot from your device instead of using a public network,” Konfino said. “At the very least, check that the certificate for each site you use is valid, by clicking on the padlock icon to the left of your browser next to the web address.” A list will appear stating whether or not the connection is secure and the certificate is valid.
“You have to constantly remind your agents to triple-check their emails and to educate their clients,” said Leonard Steinberg, whose title is chief evangelist at Compass. “In addition to regularly alerting our agents to wire fraud trends in monthly sales meetings and follow-up emails, we’ve hosted workshops with both the FBI and our head of IT on cybersecurity.”
Another protection against such scams is to pick up the phone whenever you get any kind of wire fund request by email.
“Call the number you know,” Hakim, the lawyer, said. “Never ever send money without verbally verifying it with your lawyer, broker or their firm first. A 10-minute phone call could save your money.”