It started with what appeared to be a genuine email. It ended with a $44 million loss.
In August 2016, the German firm Leoni AG, Europe’s largest wire and cable manufacturer, announced it lost $44 million in an online fraud operation.
The hackers who stole the funds had sent email payment requests to one of the firm’s financial officers in Romania. Spoofed to look like it was from one of the firm’s top executives in Germany, the CFO in Romania approved the wire transfer payment totalling the $44 million.
This scenario is nothing new. Known as a Business Email Compromise (BEC), these and similar scams are being played out around the world every day.
The FBI reports that BEC schemes have defrauded companies of more than $3 billion between 2013 and 2016. And the threat levels continue.
Our firm represents victims of wire transfer fraud, and it is clear that the realm of real estate transactions is a prime target area for thieves. We have represented victims suffering wire transfer frauds ranging from $400,000 to $2 million.
In one case (facts changed slightly to mask identities), a Boston homeowner sells his house for $3 million. Wire transfer instructions for the escrow payment are sent to the buyer. The buyer initiates the transfer. The next day, the escrow officer is alerted that the funds haven’t arrived. But, the buyer’s bank confirms that the funds were transferred. A trace is put on the funds. And, as it turns out, the wire transfer instructions were fake. The email originated from an address that looked like the escrow company, but in fact, it wasn’t.
In this particular case, someone was monitoring the email exchanges of the seller and the escrow officer. And, when it came to wiring the funds, the hacker deleted the email, created a new email address one letter off from the true email address, and requested that the funds be sent to a different bank. Instead of wiring the funds to Boston, the funds went to Seattle. From there, the funds were immediately withdrawn and sent offshore.
Hackers find the email addresses of real estate agents and brokers. They hack these accounts looking for pending real estate transactions. From this, they extract the names of buyers and sellers; the title company; the name of the escrow officer, and other information about the transaction.
After obtaining the necessary information, they send a fraudulent email to the buyer, or the lender, and make it look as if it was sent by the real estate broker, escrow agent, or mortgage broker. The email requests the buyer to send the escrow funds to a different bank which is controlled by the hacker. Once the funds are received by the hacker, they are immediately withdrawn and usually sent overseas.
Email is the weakest link in business communication today. For the most part, real estate agents are working within an email environment which is non-secure and easily hacked. If the NSA, Equifax, and Yahoo can be hacked, imagine how simple it would be for a local real estate firm to be attacked by hackers. In many situations, the unsuspecting consumer is targeted to wire the money, rather than the real estate professional.
While it’s almost impossible to fully protect your company from hacking attacks that lead to wire transfer fraud, there are a host of red flags to be aware of:
The most reliable way to ensure that a wire transfer instruction is authentic is to call the person requesting the transfer to verify that the instructions are in fact genuine. By calling the bank, or the company requesting the funds, many fraudulent schemes can be averted.
These days, buyers and sellers are often asked to read and sign a full disclosure about wire fraud. Also keep in mind that if the money isn’t transferred to the correct account immediately, consumers can file a report to recall an international transaction within three days.
Litigation involving wire transfer fraud often comes down to whether any party in the transaction missed the red flags. A company that routinely conducts financial transactions should at all times act in accordance with a reasonable standard of care to minimize fraud. Failure to meet such standards is considered negligence, and damages could result from a lawsuit by the injured party.
Please contact us if you or your company have been victims of wire transfer fraud. We would be happy to talk to you.
This entry was posted on Tuesday, May 15, 2018 and is filed under Karl Kronenberger, Internet Law News.