Timeline of a Transaction Gone Wrong: The Last Minute Change in Payment Instructions

This is a supplement to an earlier post about this scam.  Look at the steps involved in a typical transaction and think about where you can step in to slow down the process and prevent funds from being sent to a criminal.  
 

Standard business procedures

The lawyer* (title insurance agent) has an assistant that helps with real estate transactions

  • —The role of the assistant is to prepare documents and payments for the transaction
  • —The lawyer reviews the assistant’s work prior to the transaction
  • —*Lawyer and title insurance agent are the same person in this example

Pre-transaction: The parties prepare          

—The lawyer and the real estate broker often have a history of handling transactions together

—The transaction paperwork is all prepared in advance

—Account numbers for the wire transactions are all exchanged as part of the closing documents

—Instructions to wire the payoff funds and sellers proceeds are all set up a few days before the closing

Pre-Transaction:  The criminals prepare

—A cyber criminal has been monitoring the emails exchanged between the lawyer and broker

—A legitimate looking email is sent to the lawyer or, more commonly, the lawyer’s assistant 

—The email contains new wire instructions 

  • —Believability and timing are the two keys to the scam
  • The email has an address that looks legitimate
  • The email has a legitimate reason for the change in wire instructions
  • The email arrives at a time of chaos or urgency when the recipient is less likely to fully scrutinize the message

The scam

The wire instructions are changed according to the new “corrected” instructions

The closing takes place and the funds are wired to the new “corrected” account number

—The funds are received in the criminals account and are immediately withdrawn

The criminal's account is closed

Post Transaction:  Stage 1

Days go by and the lawyer has no idea a cyber criminal has stolen a few hundred thousand dollars

A few days after the closing the lawyer receives a call from the mortgage company or seller complaining that they haven’t received their funds

  • The lawyer assures the caller that everything is fine and offers to look into the problem and call back once the “mistake” is corrected at the bank

Post Transaction:  Stage 2

The lawyer is told by the bank that the funds have been wired out

The lawyer confirms the amount and account number

—Research is then done and (at some point) the lawyer realizes that the funds have been stolen

—The lawyer then calls the mortgage company or seller and explains the problem / situation / fraud

  • It is recommended that the lawyer also call the FBI and report the crime

Post Transaction:  Stage 3

—The lawyer calls the insurance company to submit a claim for the funds that have been stolen

—The insurance company then informs the lawyer that the loss is NOT covered by insurance

  • —The funds have been sent to the account intentionally designated by an authorized party at the lawyer’s firm
  • —The lawyer did not have proper cyber security in place (e.g. outdated firewalls)
  • —This is not an act of negligence
  • —This is a ministerial task, not the practice of law

Post Transaction:  Stage 4

—The lawyer needs to pay the stolen funds, possibly a few hundred thousand dollars, OUT OF POCKET

—Prevention

—Treat any change in wire instructions with extreme skepticism. 

—The level of due diligence should be the same as a transaction that you are personally spending a few hundred thousand dollars on

—If the instructions are fake and you (or your authorized representative) give the instructions to wire the funds – you may be spending a few hundred thousand dollars

—Avoid using words and phrases such as “wire instructions” and “payment instructions” in the subject line of an email

Prevention

—Once the payment instructions have been received, NO changes should be made without extreme due diligence

—Whenever an email is received, take the time to verify the email is legitimate 

  • Scrutinize the sender – is this the exact email address of the person you have been dealing with?
  • If you respond to the sender, do not hit reply.  Hit "forward" and use the email address you have in your directory for the other party
  • Pick up the phone, call your contact at the other company, and speak only with your direct contact
  • Scammers are sophisticated enough to call your office to verify the new instructions sent in the email
  • You need to dial the phone and make the call to the number you have in your records for the other party