Heather Murphy had sold her home to a young man who got caught up in a scam in which he wired $71,000 to a fake account. Tom Tingle/azcentral.com
One click. One-tenth of a second later, $73,000 disappeared into the ether and two Phoenix home sales were derailed.
It was no accident. Homebuyers across the country are being targeted in custom-tailored email scams aimed at stealing down payments. And the worst part isn’t losing years of savings. The scammers depend on you to send them your money.
Forget about anonymous emails promising sweepstakes wins or pleas from Nigerian princes looking to get millions out of their country. This is phishing with an IQ.
These emails are designed to electronically hijack the homebuying process at the most critical moment, just before closing. They go after specific individuals — typically buyers — by adopting the names and titles of real-estate agents, mortgage officials and title agents involved in legitimate transactions.
The FBI says the scams are among the biggest on the internet. They hit hundreds of people each year and cost Americans tens of millions of dollars. The mortgage industry also recognizes the damage the scams have caused and warns buyers and sellers explicitly how to guard against them.
When first-time homebuyer Jack Padden replied to an email on the eve of closing, he set off a cascade of events that would cost him his down payment and force him to cancel his purchase.
The financial chaos didn’t end there. Heather Murphy was depending on the sale of her house to Padden to buy a new one in central Phoenix. Her possessions were packed, movers were hired and closing was scheduled for the next day when she learned the sale was scotched.
“When I found out, I had to run down the hall and throw up,” Murphy said. “The only thing that wasn’t packed was the food in my pantry and my refrigerator.”
Collateral damage on the single transaction could have cost tens of thousands of dollars in lost deposits, salaries and fees.
Murphy stood to lose $4,000 in earnest money she had put down on her new home. Real-estate agents on both ends of the transaction would not get paid. Title companies would not collect fees. Banks would not process mortgage loans.
FBI: Phoenix-area victims lose $41M
The FBI says fake real-estate emails are a large component of so-called Business E-mail Compromise Scams, which cost victims worldwide more than $5.3 billion from 2013-2016. And it’s getting worse.
Martin Hellmer, FBI supervisory special agent in Phoenix, said 256 victims in the metro area lost $41 million in 2017.
“This is the most prolific internet crime,” Hellmer said. “We’ve seen a 655 percent increase year to year.”
No longer do criminals use a “shotgun approach” to phishing, Hellmer said. They have pivoted to a sophisticated and calculated method that involves hacking business computers to set up victims.
It’s more like the traditional sting in a con game, with email serving as the lure.
“The email carries a sense of urgency,” Hellmer said. “(Criminals) are delivering malware, monitoring emails, monitoring specific transactions in the days and weeks before those transactions.”
According to the FBI, the compromise scams start with fraudulent messages from legitimate email accounts that have been hacked. They also use lookalike email accounts requesting financial information or wire transfers.
“There are several different versions of the scam; the email message can appear to come from a business executive, a vendor, or a party to a real-estate transaction,” the FBI warns.
The scams go beyond home transactions. In some cases, people receive emails that appear to have come from within their own companies, such as a company supervisor requesting a subordinate bookkeeper to move money into a specific account, complete with wiring instructions.
Not surprising, the losses in email compromise scams “are far higher” than in traditional phishing schemes, Hellmer said.
How a first-time buyer was duped
Padden is a senior financial reporting analyst at VEREIT, a real-estate investment company in Phoenix. Interviews, email records, police reports and other documents show how he was scammed in the week before he closed.
Padden received a series of emails in September from someone who appeared to be an assistant loan officer at Primary Residential Mortgage, the company handling his home loan. The emails included letterhead, phone numbers and a website address. The subject line was the address of the home he wanted to buy.
“What time works best for you to close on the 15th of September?” the bogus loan officer wrote. “And you also need to wire your cash to close in the amount of $73,136 —wiring instructions ASAP, you can process that today or tomorrow. They need to have that prior to closing, so there won’t be any delay in closing.”
Padden responded three hours later, telling her the money “should arrive at the other bank Monday.”
The emails appeared light and breezy, almost casual, asking to confirm details known to parties involved in the transaction, including the amount of his down payment. Despite the tone, the emails were singular in purpose, seeking mostly to reaffirm when Padden would wire the money.
Over the course of two days, the scammer subverted Padden’s loan process, reassuring him that he could close early and directing him to send the down payment to a private account.
By the time Padden suspected something was wrong, his money was gone.
Beware of last-minute emails
The FBI would not talk about Padden’s case. Hellmer said the agency cannot confirm any ongoing investigations. But he said many cases share similarities.
“We want the public to be highly suspicious of last-minute wiring instructions,” Hellmer said. “We want folks to verify in person. Do not reply to emails to verify.”
The scams often originate in West Africa, Eastern Europe or the Middle East, Helmer said.
Money can be lifted from accounts within minutes of being sent. Sometimes it is electronically transferred to other accounts. Other times “unwitting money mules” are used to withdraw the funds from banks, Hellmer said.
The average dollar loss on an email compromise scam is $160,000, he said.
Red flags go unnoticed
Padden would not talk about his case. But documents show there were red flags.
The emails were grammatically incorrect and poorly punctuated. They originated from a Hotmail account. The purported loan officer used a smiley-face emoji in one reply. The wiring instructions came with crude typography and looked homemade.
The instructions directed Padden to send the money to a private account at a Chase-bank branch office on Anthem Way in north Phoenix under the name “Beatrice Pacheco.”
Murphy said she sympathizes with Padden.
“As a human being, I feel for the guy,” Murphy said. “This should be the happiest time of his life. He’s buying his first house. But he failed to exercise due diligence.”
Murphy said both she and Padden were required to sign forms acknowledging the risks of wire fraud as part of the process. She said the title company handling the sale of her home to Padden gave them a wire-fraud advisory.
The form from Equity Title encourages buyers and sellers to “exercise extreme caution.” It describes electronic transfers as a convenience that also provides “hackers and scammers new opportunities for their criminal activities.”
“Many businesses have been victimized and the real-estate business is no exception,” Equity tells customers. It also provides a list of do’s and don’ts.
Murphy said on the day she was supposed to close on her own home, Padden’s lawyer sent a letter canceling the purchase of her home and demanding the return of his deposit, saying the loss of the down payment prevented the loan from funding.
“He is a victim of fraud, I get it,” Murphy said in September. “At the same time, this is business … And I did everything I could to be cautious … He isn’t the only one losing his dream home.”
‘A fertile ground for fraud’
Jim Clifford, president of the Land Title Association of Arizona and president of Clear Title Agency of Arizona, did not mince words about the vulnerability of wire transactions.
“Let’s just call it a fertile ground for fraud,” he said. “Anybody on the planet who is going to buy and sell with a wire is at risk.”
Clifford said his company saw an increase in phishing attempts throughout the spring, with more than 50 coming in during the last weeks of March.
“And we’re just one company,” he said.
Clifford said he is aware of victims across the country and has heard anecdotes about a lawyer, a judge and others who have been duped out of a substantial portion of, if not their entire life savings.
It is rare for people to get their money back, he said.
“This is not a technological issue,” he said. “This is not about a single piece of tech that can keep you safe. This is a human issue.”
He said title companies are pushing prevention.
“There is one thing every human being can do, and that is to call a known number,” he said, adding escrow officers tell every customer “not to wire anything until you confirm it, and not with the (phone) number in the email.”
Mortgage company blamed for hack
Padden’s lawyer, Mark Dioguardi of Phoenix, blamed the fraud on Padden’s mortgage company, Primary Residential Mortgage. He said it was clear Primary’s accounts had been hacked and that scammers used company data to target Padden.
“Primary knew they had a breach, and they didn’t alert customers,” he said in an interview. “The mortgage company should make him whole. We are aware that a number of this company’s clients were victims.”
Officials with Primary Mortgage, which is headquartered in Salt Lake City, declined to comment on the situation.
Less than a week after Padden canceled his home sale, Dioguardi said the mortgage company agreed to refund the stolen down payment.
He described it as an atypical happy ending for consumers.
“Primary Mortgage has really stepped up and done the right thing,” Dioguardi said. “I am scared that people will think they can expect other mortgage companies to do the same. I think most mortgage companies would not.”
Dioguardi said the refund occurred so quickly that Padden and Murphy were able to go through with their individual home purchases.
“Jack will still get his dream home,” he said. “Jack and the seller and the brokers will all suffer no loss.”
Dioguardi said Primary required Padden to sign a non-disclosure agreement on Sept. 21, preventing him from saying anything more about the case.
Dioguardi recommends purchasing cyber insurance, saying both individuals and companies should protect themselves.
“My general experience is that most companies would have left their customers out in the cold,” Dioguardi said. “I have had other clients who have had wire-fraud scams committed on them, and they have not come out in such good shape.”
Home sweet home
Standing in the kitchen of her new central Phoenix house, Murphy also acknowledged the happy ending.
She said it was close. For one thing, the builder on her new home had gotten another purchase offer. Because she already had gone through the inspection process and was ready to close, the builder agreed to revive her deal.
“It’s OK now,” said Murphy, who works as communications director for the Arizona Supreme Court. “If by talking about it I can help even one or two people from falling into this scam, then what I had to go through would be worth it.”
Tips to avoid wire fraud in mortgage transactions
- Obtain the name and number of the escrow officer at the beginning of the transaction and do not use any other method of contact.
- Do not ever wire funds before calling your escrow officer to confirm wire instructions.
- Verbally confirm wiring instructions are legitimate and verbally confirm bank routing and account numbers.
- Avoid sending personal information in emails and texts. Provide such information in person or over the phone.
- Protect the computer system you are using with strong passwords and secure Wi-Fi.
- Immediately notify your bank, escrow officer and real-estate agent about suspicious emails.
Source: Equity Title Agency Inc.
Want more news like this? Click here to subscribe to azcentral.com.
Read or Share this story: http://azc.cc/2zQspiX