February 19, 2018
Orion’s brokers know that the large amounts of cash transferred by wire at loan closings make an attractive target for cyber criminals. It's no surprise that the number of incidents of wire fraud and identity theft during real estate transactions, particularly during the loan closing phase, is on the rise. Here are a few real-world examples of fraud and theft that took place during the last quarter of 2017 that our brokers should be aware of.
A broker’s email is hacked, and the borrowers receive a bogus email just before closing, telling them to wire the balance of their down payment to a bank account at a major bank. The wired funds are immediately cleared out to another account or to multiple payees. This scenario has played out for both large and relatively small amounts: A $75,000 deposit and a $9,900 deposit. The incident involving the smaller amount may have been most clever. Because the amount was below the $10,000 Rule for reporting cash transactions, it did not trigger alarms until it was too late.
Or a closing agent’s email is hacked, and the borrowers receive a bogus email just before closing telling them to wire funds to a sham bank account. The funds are immediately cleared out to another account. In another scenario, a lender receives a bogus email from a closing agent instructing the bank to wire loan closing funds to a bank account that has been set up by cybercriminals - not the closing agent.
What's also noteworthy is that borrowers are seeking compensation from all transaction parties - the closing agent, the real estate agent, the broker, the real estate brokerage firm, the lender, and even the borrower's bank. Since neither the Closing Protection Letter (CPL), nor the typical Errors & Omissions insurance policy cover privacy violations, mortgage bankers could find themselves liable for staggering awards in civil court.
To learn more Orion recommends it brokers visit the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Awareness initiative site: https://www.ffiec.gov/cybersecurity.htm. Also, KnowBe4 offers a free test that you can provide your employees to improve phishing knowledge and awareness.