Transacting Business in the Age of Wire Fraud
Share This Post Now!
This month’s National Association of REALTORS® (NAR) Power Broker Roundtable discusses fraud and security strategies.
Christina Pappas, District Sales Manager, The Keyes Company, Miami, Fla.; Liaison for Large Firms & Industry Relations, NAR
Michael Volin, Vice President-Legal, Title Resource Group (TRG), a Realogy Company, Camden, N.J.
Joan Docktor, President, Berkshire Hathaway HomeServices Fox & Roach REALTORS®, Devon, Pa.
Mike Pappas, President/CEO, The Keyes Company/Illustrated Properties, Miami, Fla.
Mark Stark, CEO Broker/Owner, Berkshire Hathaway HomeServices Nevada Properties, Las Vegas, Nev.
Christina Pappas: The FBI cites wire fraud—and specifically business email compromise (BEC) scams—as the fastest-growing crime in the world, with losses to large and small companies and individuals soaring into the billions and complaints flooding law enforcement with increasing frequency from all 50 states and at least 79 countries. Cyber criminals are constantly on the lookout for new victims who they hope will wire them funds, and real estate transactions—for obvious reasons—are among the most vulnerable. With brokers looking for better ways to protect their clients and their companies, we’ve invited to our panel today a few savvy and experienced industry executives, as well as a guest from the legal team at Title Resource Group (TRG), a leader in title and settlement services. Michael, how do we begin to defend ourselves?
Michael Volin: One of the first things we need to understand, Christina, is that, in spite of all the precautions we take, cyber criminals are pervasive and persistent, and anyone can become a victim. That said, our best protections come, A, from shoring up our personal and corporate security; and, B, from educating consumers early and often during every single transaction.
Joan Docktor: As a full-service company, with title and mortgage, we know we’re vulnerable, and so we’re very strict in terms of security. We drill the basics into our agents and employees. We enforce password policies, are strict with policy breakers, and use two-factor verification. Our agents sign a pledge of understanding regarding policies, in fact, and we send out fake emails ourselves now and again just to see if anyone clicks on them. But we also know that customers can get confused, so we try to cover all the points at which they could be susceptible. No sensitive information is ever sent to a customer via email, for example. We’ll either use a secure portal or, better yet, FedEx it.
Mike Pappas: Ah, yes, back to the future. Hand-delivered instructions. Seriously though, in our offices, associates are never responsible for telling a customer where to send money; it’s also in our contract. That’s done only by our title company or closing agent, verbally or through secured emails, and we drum that into every associate and communicate with every customer.
Mark Stark: In our firm, I’m the only one who can send sensitive wires—and even then, the bank will call and I need to enter a code. In addition, our customers are told over and over do notrespond to any last-minute email or phone call requesting a change in wiring instructions. If you do, you’d best be prepared to wave goodbye to your money.
MP: The sad fact is that hackers these days create authentic-looking signature blocks that can replicate yours almost exactly, and customers can get confused—or forget. When it comes to wiring funds, there’s no such thing as too much education about fraud.
MV: Instructions to the customer should clearly say, “Call us at the number you know is accurate—because you’ve called it before—before wiring any funds. Never use a number you receive in an email, even if it looks like it’s from us, and after talking to us, call again to be sure the funds were received.”
CP: That’s one reason why our general policy is “Don’t close on Friday afternoon.” There may be nobody there to verify after 5 p.m. or on a weekend.
MV: So let’s assume for a minute that a customer does get taken, and funds are wired to a criminal. Now, we can’t emphasize enough that time is absolutely of the essence. An immediate call to your bank and law enforcement is your best hope of ever seeing that money again.
CP: And how often does that work out?
MV: Maybe more often than you think. The FBI’s Internet Crime Complaint Center—known as the IC3 center—has personnel taking complaints all over the country. Working with banks and local law enforcement, they have the best shot at recovering mis-sent funds. But again, time is not your friend in these cases. There’s information online worth taking a look at. Type IC3 into your browser. They also operate a Financial Fraud Kill Chain that’s been fairly effective in recovering international wire transfers. Again, the info is worth a look.
JD: A working relationship with the FBI is a good idea in any case.
MS: And if you don’t already have it, think cyber insurance. It’s a must-have in today’s world.