Threat Actors Continue to Target Real Estate Transactions, Defrauding Many
As previously reported in our March 9 Bulletin, New Jersey residents and businesses involved in real estate transactions, including real estate brokers, attorneys, and title agents, are being targeted by profit-motivated cybercriminals using phishing and social engineering tactics to defraud homebuyers and agents. The NJCCIC has observed a steady increase in reported incidents involving these scams; one homebuyer was recently defrauded out of tens of thousands of dollars. Once a malicious actor has gained access to one party's email account and discovers an ongoing real estate transaction, they often wait for the most opportune time to send an email with fraudulent account details requesting wire transfers for deposits and closing costs. In other instances, threat actors simply create an email address and impersonate a known real estate or title agent. The subject and body of these emails will often portray a sense of urgency in an attempt to have targets immediately wire money before they have an opportunity to fully review the email’s content and question its legitimacy. Scams such as these are likely to increase again next year between April and August, as this is typically the most active time for real estate transactions and agents may be more likely to miss red flags in emails. Agents may also be held liable if a client loses money due this type of scam. In 2016, a title company sued a California real estate broker for $513,000, claiming the agent failed to secure his email account, leading to a fraudulent wire transfer. The NJCCIC recommends homebuyers and real estate entities educate themselves on these malicious tactics and remain vigilant during and immediately after the closing process. We strongly recommend real estate businesses implement new policies aimed at preventing fraudulent wire transfers and other scams. For example, forbid the sharing of wire transfer account information via email and instead utilize video chat applications, phone calls from trusted numbers, or in-person meetings.