8/13/18 10:00 AM

Don't be a victim of Business Email Compromise (BEC) in real estate!

What is Business Email Compromise (BEC)?

According to the Internet Crime Complaint report, Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a sophisticated scam targeting both businesses and individuals performing wire transfer payments. The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

Below is the re-post of the Internet Crime Complaint Report. 

Unfortunately, BEC/EAC actors continue to heavily target the real estate sector and there has been a 136% increase in these types of crimes in recent years. Victims participating at all levels of a real estate transaction have reported such activity to IC3. This includes title companies, law firms, real estate agents, buyers and sellers. Victims most often report a spoofed e-mail being sent or received on behalf of one of these real estate transaction participants with instructions directing the recipient to change the payment type and/or payment location to a fraudulent account. The funds are usually directed to a fraudulent domestic account which quickly disperse through cash or check withdrawals and may also be transferred to a secondary fraudulent domestic or international account. Funds sent to domestic accounts are often depleted rapidly making recovery difficult.

Domestic money mules4 are frequently identified in connection with the BEC/EAC real estate trend. BEC/EAC actors often recruit money mules through confidence/romance scams. The BEC/EAC actor may groom a victim and then direct them to open accounts under the guise of sending or receiving funds as directed by the BEC/EAC actor. The accounts opened to facilitate this activity are typically used for a short period of time. Once the account is flagged by the financial institutions, it may be closed and the BEC/EAC actor will either direct the romance/scam victim to open a new account or move on to grooming a new victim.

Based on victim complaint data, BEC/EAC scams targeting the real estate sector are on the rise. From calendar year 2015 to calendar year 2017, there was over an 1100% rise in the number of BEC/EAC victims reporting the real estate transaction angle and an almost 2200% rise in the reported monetary loss.5 May 2018 reported the highest number of BEC/EAC real estate victims since 2015, and September 2017 reported the highest victim loss.

REDS lock-2017


BEC/EAC actors have been known to target all parties in a real estate transaction. The best defense is to verify all requests for a change in payment type and/or location. BEC/EAC actors often request that payments originally scheduled for check dispersal be made via wire instead. BEC/EAC actors may also request changes to the original recipient’s financial information.

BEC/EAC actors will use information that is publicly available on real estate listing sites to target victims. This may include homes that are for sale and the progress of the sale such as “under contract” as well as the contact information of the real estate agent. Be wary of any communication that is exclusively e-mail based and establish a secondary means of communication for verification purposes.

Be mindful of phone conversations. Victims have reported receiving phone calls from BEC/EAC actors requesting personal information for verification purposes. Financial institutions report phone calls acknowledging a change in payment type and/or location. Some victims report they were unable to distinguish the fraudulent phone conversation from legitimate conversations. One way to counter act this fraudulent activity, is to establish code phrases that would only be known to the two legitimate parties.

Title Companies report establishing new procedures when processing legal documents requiring all changes in payment type and/or location to be verified prior to distributing funds.

If you discover a fraudulent transfer, time is of the essence. First, contact your financial institution and request a recall of the funds. Different financial institutions have varying policies; it is important to know what assistance your financial institution will provide when attempting to recover funds. Second, contact your local FBI office and report the fraudulent transfer. Law enforcement may be able to assist the financial institution in recovering funds. Finally, regardless of dollar loss, file a complaint with www.ic3.gov or, for BEC/EAC victims, bec.ic3.gov. The IC3 will be able to assist both the financial institutions and law enforcement in the recovery efforts.

One of the ways to help avoid becoming a victim of cyber crimes is to provide education and training for your employees.
SoftPro has partnered with Real Estate Data Shield Program (REDS) to provide discounts on a variety of cyber security courses. 


Stay up-to-date on the information about industry regulatory requirements, events, customer successes, company updates, and more!

Subscribe to Email Updates

Recent Posts

see all