How to Protect Against the Loss of Your Assets to Electronic Fraud: A Growing Cybersecurity Threat


Financial institutions continue to struggle with cyberattacks, especially hackers who exploit the tax electronic highway used to move large sums of money for closing real estate deals and other high-priced transactions.

For the past six years, the financial sector has been ranked #1 as the most cyberattacked industry. In 2020, attacks on banks and other financial institutions soared 238% (with 19,369 cases of wire fraud reported by victims of real estate transaction scams to the Internet Crime Complaint Center), followed by a further increase of 118% in 2021, according to Aunalytics, a provider of secure managed services.

In 2021, the Modern Bank Heists 4.0 threat report from VM Ware Carbon Black, a cloud-to-endpoint protection security provider, found that 57% of financial institutions surveyed reported an increase in wire fraud.

Wire transfers facilitate fast and convenient direct digital money transactions between two bank accounts. To make a bank transfer, the sender contacts his bank, provides the name and number of the account from which the funds will be withdrawn and the amount of the transfer, as well as the name of the recipient, the bank account number and the recipient’s US bank account. The association’s routing number — and in some cases, the recipient’s bank address and phone number.

“Those who attempt to steal funds via wire transfer are smart, subtle and often demonstrate a high degree of sophistication,” said Irshan Hirani, vice president and chief information security officer for Exchange Bank in County Sonoma.

“Exchange Bank doesn’t see a lot of wire fraud because we’ve implemented a three-pronged approach to thwarting malicious practices,” Hirani said. “Controls have been put in place to protect customers, we have adopted advanced technologies to secure internal systems and developed programs to educate customers and employees about the ways in which criminals attempt to obtain private information that they can use to trick customers into making costly mistakes.”

He said the bank has implemented strict requirements, more manual (instead of automated) processes, multiple levels of approval for branch managers and others who handle funds transfers, and advice to customers on how to protect themselves.

Requests to act quickly can mean fraud

Experts say being “fraud smart” starts with making sure you know the people who are contacting you. If you can, call the bank or title company to confirm. In addition, hackers typically access personal emails through social media logins that involve asking someone to reply or clicking on a link that allows malware to be implanted.

Once granted access to a personal computer, Hirani said “bad guys” can move through files on the desktop to review emails, study patterns used in shutdowns and, using what they collect, develop urgent appeals.

By capturing the names of escrow agents and the like, they impersonate them, sending emails requesting that the funds be sent to the impostor’s account instead.

In an attempted wire fraud, a buyer’s real estate transaction was due to close within days, but she received an email that “appeared” to be from a trusted escrow agent she worked with, saying that the date had been brought forward and the closing date is tomorrow. The client was urged to act quickly to avoid losing the property. New wire transfer instructions have been included as an attachment.

It was a scam. It is very rare for escrow agents to send closing instructions via email.

In another incident, a person received an email saying that instead of transferring funds to a securities firm’s escrow agent, they wanted him to send the funds to an escrow account at their securities firm. lawyers. Another scam.

Typical practice for securities companies is to send customers written wire transfer instructions and then call back to verbally confirm that those details have been received so they know what to expect before closing.

Hirani believes two-factor authentication can also help prevent electronic fraud. It is a security system that requires two separate and distinct forms of identification to access a file or computer data. The first factor is a password and the second is a text with a sent to a smartphone, or biometric data using unique fingerprint, face or retina features. He said other safeguards on the drawing board include using an algorithm designed to detect fraud.

Electronic transfers can be completed within 24 hours, but the first 4-6 hours after the transfer is critical if fraud is detected and efforts are made to recover some or all of the funds.

With many other financial transfers being made virtually these days, all parties to a real estate transaction are susceptible to an electronic fraud scheme, according to Krista Christensen, risk manager for cyber and electronic strategies for Fidelity National Title. Company.


Comments are closed.