Chicago Title On How A Positive Rep Puts You At Risk Of Cybercrime
You’ve earned a reputation as the go-to for clients in need of guidance through the sometimes murky legal waters of real estate transactions.
Congratulations! Unfortunately, Michael Weinstein, division financial officer at Chicago Title Insurance, tells Bisnow such recognition can come with an unsavory backlash.
Cybercriminals using “spear phishing” (this is not a cover band, we promise)—targeting real estate professionals and others known to be intimately involved with the financial end of transactions. Via seemingly innocuous emails, these predators are positioning themselves to intercept funds as they change hands during the course of a deal.
Ahead of his upcoming webinar WIRE FRAUD: Protect Your Clients & Your Firm, Michael gave Bisnow an in-depth look at the world of spear phishing and how reputable firms can stay out of harm’s way.
Bisnow: What's the issue here?
Michael: Wire transactions related to real estate closings are being diverted from the intended recipients to fraudster imposters.
Bisnow: How are criminals targeting our industry and law firms?
Michael: We believe they are targeting attorneys, real estate agents, and other participants of a real estate transaction by initially targeting them from public information regarding the fact that they are engaged in real estate transactions as their main or advertised business purpose.
Bisnow: How's this happening?
Michael: The criminals “spear phish” selected law firms with a fake email purporting to be their email provider and request the recipient log-in their email account. Once the log-on and password is captured, email is monitored. The fraudster will watch real estate transactions and all communications from the compromised email account. When armed with enough contextual information of a desired imminent wire transfer, the fraudster will wait for the “right time” to then insert themselves (via a fraudulent wire transfer instruction) purporting to be whoever they need to be in order to divert a wire away from the intended party to them.
Bisnow: We don’t use Web-based email, so I’m safe, right?
Michael: That’s a great first step. The FBI would say not to use Web-based email providers. You become more of a target to the phishers. There are many ways to safeguard an email account and to guard against phishing attempts, which is really at the core of this issue. Understanding what those methods are and implementing them are the foundation to a safer email communication process. Unfortunately, with multiple parties on a complex commercial real estate transaction ANYONE can be the source of the transaction becoming compromised.
Bisnow: Our anti-virus/malware software is up to date, shouldn’t that protect us?
Michael: Having an actively managed firewall and up-to-date anti-virus/malware is an important component of your technical countermeasures for this and any cybercrime. Unfortunately, Business Email Compromise and Email Account Compromise are essentially “Social Engineering” crimes. The compromised party is volunteering their email credentials out in the open. For this crime there is no malicious virus that has to get past any anti-virus software. In fact, there is often little or no cyber forensic footprint left after a computer/email account is compromised.
Bisnow: What do I do if I realize that I passed along or am in possession of fraudulent wire information on a transaction?
Michael: Call your Chicago Title settlement agent immediately. Chicago Title has a specific procedure that involves the coordination of multiple key areas within the company. We also have dedicated national banking contacts at most of the major US banks where the fraudulent wires are often diverted. These contacts will quickly communicate the fraudulent activity and help secure your funds.