Using technology is efficient in conducting business for countless reasons. However, it can also be risky because individuals grow accustomed to quickly sharing information without ensuring sufficient security measures. Over the past year, we have noticed an increase in attempts to steal information over the internet (so called “phishing schemes”), especially via email. These scams can be quite sophisticated and may appear to come from trusted sources. We reviewed some of the more common forms of these scams, and provide a summary of the risks and risk mitigation strategies below.
1. Mortgage Fraud
In June 2019, the Consumer Financial Protection Bureau (CFPB) published an alert that scammers are increasingly targeting homebuyers in the process of closing on a mortgage. The fraud is simple and devastating. Basically, scammers hack into the email account of a party or agent in a real estate transaction, and just before the closing, send an email from a disguised email account which appears to originate from the hacked person (i.e., similar email address, same signature line, etc.). The scam email provides new wire transfer instructions at the last moment. In some instances, the scammers brazenly call the homebuyer and give new wire instructions verbally.
In the high stress and often crunched timeline of closing a transaction, some homebuyers unwittingly wire their life’s savings to a scammer’s bank accounts, where it cannot be recovered. According to the CFPB, such crimes resulted in the loss of an estimated $1 billion in real estate costs in 2017. To protect yourself from these risks, the agency recommends confirming wiring instructions with only your trusted representatives in-person or over the phone (using phone numbers you know are associated with your trusted representative), and closely questioning any subsequent changes to those instructions. More information on this scheme and ways to protect yourself—and your savings—is available on the CFPB website at https://www.consumerfinance.gov/about-us/blog/mortgage-closing-scams-how-protect-yourself-and-your-closing-funds/?utm_source=newsletter&utm_medium=email&utm_campaign=Homebuyers&utm_term=FY19MSC&utm_content=Intermediaries
2. Email Scams
A more common iteration of the scam described above involves emails that appear to come from a trusted or familiar person, asking the recipient to do something for the sender. In these cases, criminals might create an email address using the name of someone you know, with an email address similar to that of your real contact, and then ask you to do something urgent.
These tricks are quite deceiving because any website that lists names and email addresses of affiliated individuals (e.g., a school or a business) is essentially a list of people that know and trust each other. All the criminals need to do is peruse the website, create a fake email account, briefly assume the identity of one of the identified people, and send an email to one of the related parties requesting a favor—such as purchasing a prepaid debit card and emailing the card numbers in reply. Once the fooled individual realizes their error, the prepaid card will have already been maxed-out, and the victim will remain on the hook for the purchased item.
We have seen this scam exploit the usual power dynamics within corporate hierarchies. For instance, imagine a fraudulent email from a CEO to a lower-level employee, stating there’s an emergency and the CEO needs the employee to purchase a $500 gift card and send the PIN number by email. Often, the victim realizes the fraud just after hitting “send” on the email transmitting the prepaid card information. To protect yourself from these scams, carefully check the email address and other identifying information on questionable emails and texts, and be suspicious of following links or opening attachments coming from unknown sources.
3. Cyber Insurance
Businesses and individuals should take the time to learn whether their current insurance policies cover data breaches, and if not, consider purchasing cyber insurance. As internet-based scams become more common and sophisticated, many businesses and individuals are seeking relevant insurance coverages. Fortunately, insurance companies offer an ever-increasing selection of cyber insurance policies to cover data breach liabilities, such as stolen credit card numbers or health records. Cyber policies may not be included in a provider’s general liability policy, and therefore may only be available as a separate policy.
Article by James Fraser