The real estate industry is a particularly attractive target for BEC (Business Email Compromise—also known as CEO Fraud—attacks, according to FBI spokesman David Fitz. Fitz told The Baltimore Sun that the industry’s day-to-day activities present a host of opportunities for scammers, including large, online transactions and a great deal of remote communication.
Between January 2017 and November 2018, sixty victims in Maryland lost over $2 million combined as a result of hijacked real estate transactions. Fitz notes that those numbers could be much higher, since many individuals and companies may refrain from reporting that they were scammed.
A BEC real estate scam usually starts with an attacker hacking the email account of an agent or company employee, often via a phishing email. The attacker then observes the correspondence within the hacked account and begins to identify potential targets. Next, the attacker will imitate the appearance of the agent’s emails and use a separate account to send spoofed emails to victims. These emails typically ask the victim for an advance payment or include updated wiring instructions, and are carefully timed to coincide with real transactions.
Employees and consumers both need to be on the lookout for these schemes. Any online transaction is a tempting target for fraudsters, and attacks targeting real estate transactions are increasing rapidly. “It’s doubled year-over-year, and as we put procedures in place, these criminals adapt,” says Fitz. New-school security awareness training can provide employees with up-to-date knowledge of phishing and other social engineering tactics.
The Baltimore Sun has the story: https://www.baltimoresun.com/business/bs-bz-bec-crimes-title-industry-20180822-story.html