Real estate transactions—including reverse mortgage transactions—are increasingly a target for scammers, as seen by title and closing professionals on an ongoing basis. But there are precautions and measures loan originators and others who participate in the reverse mortgage market can take in order to avoid the unfortunate consequence of a borrower’s funds being stolen.
“The same technology that has helped us to work faster and more securely has opened a whole new application for scammers,” said Adan Gutierrez, client solutions manager for Allegiant Reverse Services, a division of FNC Title of California, during a webinar hosted by ARS on Wednesday.
“In particular, wire transfer funds are what’s targeted because they are an immediate transfer of goods,” Gutierrez said. “…By the time someone catches the fraud, the money is already gone.”
Most fraud schemes that target wire transfer funds fall under the category of phishing, or a type of scheme in which a fraudulent individual purports to be someone else and seeks personal information relating to a transaction. Typically, these wire transfer phishing schemes involve an email compromise, in which the scammer registers an email address similar to that of one of the involved parties as a way to confuse the people who are communicating. For example, the insertion of an extra character or symbol into a familiar email address. Or, the scammer might register an address with an email domain that is similar to one of the domains being used by the parties in the transaction.
The participation of one of the parties is critical in the success of these scams, Gutierrez said.
“A fraud can only happen once someone participates,” he said. “Meaning us, or the other end. The hacker will continue to phish. At the end of the day it’s one person who didn’t do due diligence. It can happen to anyone.”
Fraudulent contact can be characterized in many ways, but commonly, it has some of the following qualities, according to ARS: Questionable wire instructions; wire instructions for an account holder who is not someone recognized in the transaction; international wire instructions; an urgent change in requested method of disbursement or wire instruction; out of band communication (meaning an email that’s not in the known domains such as gmail, yahoo); requests initiated outside of normal business hours; requests for secrecy or urgency; correspondence from similar, but unfamiliar domains; any communication that feels strange; or a free and clear property accompanied by a change in vesting.
Yet there are some common defenses professionals and borrowers can take, including simply informing borrowers about these types of fraud.
- Have a standard procedure for the wiring of funds. Explain to the borrower that he or she will never be directed to change the account.
- Do not share passwords, even with IT representatives, and change passwords regularly.
- Limit the number of people who have the ability to transfer wires.
- Require a secondary sign off. Add an additional employee to check the wires.
- Avoid open-source email such as gmail, hotmail, or other free platforms. “Even though it may be easier to communicate that way, it’s a lot easier for hackers to imitate,” Gutierrez says.
- Double check email address. Once an address is recognized, it may be “auto-filled” by the email system, meaning a fraudulent email may continue to be used.
- Consider registering all the domains similar to your own. This prevents hackers from gaining access to them.
- Consider establishing a DMARC record on your domain. This quarantines emails that spoof your real domain.
- Confirm all wire sources via multiple sources. If you received instructions via email, don’t rely on this alone.
- Consider refusing all wire instructions received via email or fax.
While many of these processes take time and effort, the extra steps are well worth the protections for borrowers.
“It may seem inconvenient, but what conversation do you want to have with the borrower?” Gutierrez says. “‘We will have to wait to fund until Monday?’ Or, ‘We lost your $100,000?’”
Raising any issues that seem abnormal is a first step, and reporting any instance of fraud is also important. Reports can be made with local law enforcement, and local FBI offices, which investigate cybercrime.
“We work in a business where fraud is constantly evolving,” Gutierrez says. “Educate yourself on how criminals are developing new ways. It will only happen if you participate. Never let the wiring of funds be a casual act…The success of these frauds depends on you.”
Written by Elizabeth Ecker