Hackers find lucrative targets in property deals

File photo showing a man typing into a keyboard during a hacker convention in Las Vegas, Nevada, on July 29, 2017.
File photo showing a man typing into a keyboard during a hacker convention in Las Vegas, Nevada, on July 29, 2017.PHOTO: REUTERS

E-mail fraud linked to US real estate payments up 1,110% last year from 2015, says FBI

WASHINGTON • Mr James Butcher and his wife, Candace, were ready to finalise the purchase of their dream retirement home, and at closing time wired US$272,000 (S$371,000) from their bank following instructions they received by e-mail.

Within hours, the money had vanished.

Unbeknown to the Colorado couple, the e-mail account for the real estate settlement company had been hacked, and fraudsters had altered the wiring instruction to make off with the hefty sum representing a big chunk of the Butchers' life savings, according to a lawsuit filed in state court.

A report by the Internet Crime Complaint Centre of the Federal Bureau of Investigation (FBI) said the number of victims of e-mail fraud involving real estate transactions rose 1,110 per cent between 2015 and last year, and losses rose nearly 2,200 per cent.

Nearly 10,000 people reported being victims of this kind of fraud last year, with losses of over US$56 million, the FBI report said.

The Butchers, forced to move into their son's basement instead of their dream home, eventually reached a confidential settlement in a lawsuit against their real estate agent, bank and settlement company, according to their lawyer, Mr Ian Hicks.

The problem is growing as hackers take advantage of lax security in the chain of businesses involved in real estate and a potential for a large pay-off.

"In these cases, the fraudster knows all of the particulars of the transaction, things that are completely confidential, things they should not know," said Mr Hicks, who is involved in over a dozen similar cases across the United States.

ATTRACTIVE TARGET

(These firms) handle a lot of money and... they have employees who are not the most technically savvy.

MS SHERROD DEGRIPPO, director of threat research for security firm Proofpoint, on why real estate transactions have become a lucrative target for hackers.

Numerous cases have been filed in courts around the country, seeking restitution from various parties. One couple in the US capital Washington claimed to have lost US$1.5 million in a similar fraud scheme.

Real estate is just one segment of what the FBI calls "business e-mail compromise" fraud, which has resulted in some US$12 billion in losses over the past five years. But for home buyers, the fraud can be particularly catastrophic.

"In these cases, the loss can be devastating and life-altering," Mr Hicks said.

Real estate transactions have become a lucrative target for hackers "because (these firms) handle a lot of money and because they have employees who are not the most technically savvy", said Ms Sherrod DeGrippo, director of threat research for security firm Proofpoint.

Additionally, hackers often do their homework and "sometimes they know more about the business than the employees do", she said.

Consumers may also be less cautious when they are feeling positive about a new home, making it easy to fall prey to scammers, Ms DeGrippo said.

"These social engineering tactics rely on a heightened emotional state, and people can be in that state when it comes to purchasing their dream home," she added.

Ms DeGrippo said the schemes appear to originate from overseas, possibly from Russia or Africa, using a variety of techniques to stay ahead of law enforcement.

"They employ a lot of money 'mules'," she said. "They move the cash from bank to bank to bank."

Banks have been working to counter what is seen as a growing fraud problem but are often unable to prevent scams stemming from hacked e-mails, said Mr Paul Benda, senior vice-president for risk and cyber security at the American Bankers Association.

"Banks have very strong controls in place," he said. "But when they are given wiring instructions from a customer, they have a responsibility to send it where it was instructed."

AGENCE FRANCE-PRESSE

A version of this article appeared in the print edition of The Straits Times on September 24, 2018, with the headline 'Hackers find lucrative targets in property deals'. Print Edition | Subscribe