Threat actors can perform reconnaissance by searching for and weaponizing publicly disclosed data and using a variety of impersonation techniques to convince their target that they are known and trusted parties involved in real estate transactions, including attorneys, real estate agents, brokers, title agencies, escrow services, mortgage companies, third-party vendors, buyers, and sellers. To appear legitimate, they spoof a familiar contact’s source name or email address or use domain names that mimic a trusted source in spearphishing attacks. The messages typically instruct the target to transfer funds, divulge sensitive information, or submit account credentials via phishing links to the threat actors posing as trusted individuals.

Threat actors target and gain unauthorized access to legitimate email accounts using compromised credentials. Compromised email accounts contain a wealth of information, including personally identifiable information (PII), various forms of identification, legal documentation, settlement statements, closing disclosures, and pre-closing transactions. One part or a combination of this information can be used to commit further malicious activities, such as identity theft and fraud. Real estate wire transfer scams can result in system compromises, data breaches, financial losses, and reputational damages.

The NJCCIC continues to receive reports of impersonation scams and wire transfer fraud in real estate transactions. Threat actors targeted numerous New Jersey title agencies and real estate attorneys, compromised email accounts, and sent fraudulent wire transfer instructions. The funds were typically transferred before the scheme was discovered. Threat actors are likely to increase their targeting as spring and early summer approaches, as these seasons generally are peak for real estate, both selling and buying.

Recommendations

• Refrain from responding to communications, opening attachments, and clicking links from unknown senders and exercise caution with communications from known senders.
• If communications contain changes to payment options or bank information or are suspicious, contact the sender via a separate means of communication—by phone using contact information obtained from official sources or in person—before providing sensitive information or funds. 
• Navigate directly to legitimate websites and verify websites prior to submitting account credentials or providing sensitive information.
• Establish strong passwords and enable multi-factor authentication (MFA) where available, choosing authentication apps or hardware tokens over SMS text-based codes.
• Implement new policies for real estate businesses, including real estate attorneys and title agencies, to help prevent fraudulent wire transfers and other scams.
• Never trust email as the sole source of instruction for wiring money related to these transactions. Instead, receive confirmation of these details in person or over the phone from trusted numbers.
• Utilize digital escrow services to safeguard the interests of real estate buyers and sellers.
• If funds are unintentionally wired to a fraudulent account, immediately notify a supervisor, banking institution, the FBI, and the US Secret Service so that attempts can be made to stop the wire transfer. Unless the fraudulent transaction is discovered quickly (typically within 48 hours), it can be difficult, if not impossible, to return the stolen funds.
• Report these types of scams to the associated entity or individual immediately and the FTC, FBI’s IC3, and the  NJCCIC to limit proliferation.
• If personally identifiable information (PII) has been compromised, review the  Identity Theft and Compromised PII NJCCIC product for additional recommendations and resources, including credit freezes and enabling MFA on accounts.

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals.