N4T Investigators: Cyber swindle - KVOA | KVOA.com | Tucson, Arizona

N4T Investigators: Cyber swindle

Posted: Updated:

Tucson - The area's real estate community is taking steps to prevent being victims of hacking.

A hacker posing as a title company officer recently got into emails between a person buying a home in Tucson and the title company. The buyer wired the hacker $48,000.  The buyer later found out the payment went to the unknown criminal, instead of the title company. 

"This is a rampant issue across the whole, entire United States," says Rosey Koberlein, President and CEO of Long Realty. Mary Ann Christensen, Senior Vice President of Title Security Agency, says education is an ongoing process. "Before, we didn't have to tell our staff multiple times a day about something going on with fraud. Now we do. This is new."

Kim Clifton, Broker/Owner of Tierra Antigua Realty, says, "You have fraudsters out there, as I call them, and they're ahead of the curve." Koberlein says hackers send an email that looks like it's coming from the appropriate person. Long Realty was the listing agent on the house involved in the wire fraud case. "It was devastating," she said, "It was like, "OK, this is real. It hit us. Te

Christensen said, "Technology has quickened the pace, but by quickening the pace it's also created vulnerabilities."

The FBI is investigating this case. The bureau calls it "Business E-Mail Comprise," and says since it began tracking it in 2013, organized crime groups have targeted large and small companies in every state. The losses are in the billions of dollars and climbing. 

Christensen said, "It used to be when these emails first came out they were worded oddly. Now they're worded just as if you and i were speaking. The trend we've seen is that there were particularly going after the seller and sending bad guy emails, as we call them. Instead of, 'Your money is going to this bank account, they're going to that bank account.' Well now we're seeing them go the buyer" with the phony emails.

Clifton, the head of Tierra Antigua, is another victim of the recent wire fraud case because her agency was the buyer's agent in the transaction. She told the News 4 Tucson Investigators, "My heart goes out to all people who are in this situation. And real estate is not immune to this." Indeed, cases like the recent one here have happened in many other cities. 

Clifton said, "You don't ever have to wire money. They could overnight it, a cashier's check, certified funds." But Clifton says wiring money doesn't have to be dangerous if the sender takes the proper precautions.  

The FBI says the best way to avoid being exploited is to verify the authenticity of requests to send money by walking into your agent's office or speaking to him or her directly on the phone. Do not rely on email alone.

Christensen has a message for clients: "Call us. We want to speak to you, we want to talk on the phone" and tell clients the specific instructions. 

We asked Rosey Koberlein of Long Realty, "If you could talk to the hacker who stole this money, what would you say?" She replied, "Get a life."

The biggest red flag for home buyers is any email saying there's been a change in instructions regarding the transaction. When that happens the buyer needs to call or visit the person the email supposedly came from to verify it.  

Some other methods that the FBI says businesses have employed to safeguard against Business E-mail compromise:

     -Create instruction detection system rules that flag e-mails with extension that are similar to company e-mail. For example, legitimate e-mail of company "abc_company.com" would flag fraudulent e-mail of "abc-company.com." 

     -Create an e-mail rule to flag communications where the "reply" e-mail address is different from the "from" e-mail address shown.

     -Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another.

     -Verify changes in vendor payment location by adding additional two-factor authentication such as having secondary sign-off by company personnel.

     -Confirm requests for transfers of funds by using phone verification as part of a two-factor authentication; use previously known numbers, not the numbers provided in the e-mail request. 

     -Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary. 

If you have any investigative story you would like us to look into, email us at investigators@kvoa.com or call our tip line at 520-955-4444.

Interactive Radar
Powered by Frankly

© KVOA.com 2018, KVOA.com
All rights reserved
Privacy Policy, | Terms of Service, and Ad Choices

Can't find something?