Closing on a Home? Beware of Spearphishing

On November 3rd, 2017, posted in: spearphishing by konweb

We’ve highlighted spear phishing in the past and noted that what makes it most effective is when one of the parties carries some level of authority; there is a legitimate/expected reason for this authority to be contacting the victim and there is a large sum of money in play.

The Home Closing – The Perfect Spearphishing Opportunity

You have to hand it to the cybercriminal mind. When homeowners are going to closing you have:

1. An authority figure [Title or Escrow Agent]

2. A reason for that authority figure to be contacting the victim [Funds needed for settlement]

3. Large sums of money [Settlement funds].

According to an article in the Chicago Tribune this scam is growing in popularity because it works so well and yields enticingly lucrative profits.

How the Scam Works

The scam is pretty simple. It begins by the hackers finding a vulnerability in the title company’s or real estate company’s email system. Once inside, the hackers track upcoming closings and prior to the legitimate request for funds being sent to the victim, the hacker’s send their own request for funds which conveniently funnels the funds into a bank account they control.

It’s only days or weeks later when the real request comes through that the victim realizes that they sent their money to a criminal, not the title or escrow company.

“It’s unbelievable how often this is happening,” said Jessica Edgerton, associate counsel for the National Association of Realtors in Chicago. And now real estate clients who’ve been scammed are fighting back, seeking recovery of funds through the courts and turning to an FBI weapon that has been little known to the general public: the “Financial Fraud Kill Chain.”

Funds Lost Forever?

Unfortunately, it seems as though the victim is frequently left holding the empty bag when these crimes occur. As reported in the Chicago Tribune article, the FBI can help with recovery if:

  • The wire transfer was $50,000 or more in value
  • The wire transfer was international
  • The bank issues a recall notice
  • The FBI is informed of the details within 72 hours.  .

Be Diligent, Follow-up and Use the IC3

If you are going to settlement you can help protect yourself by looking for inconsistencies in instruction and following up by phone or in person with the party requesting funds to make sure that the request is 100% legitimate. And, if you sense something has gone awry using the reporting tool we highlighted just a few posts ago at

Is Your Security too Much to Handle?

Konsultek can help! Our managed security services allow even the smallest organization to have world-class security without the need for massive capital and human resource investments. Give us a call today to learn why more and more organizations are turning to Konsultek for their managed security solutions.


read more