AARP Eye Center
By Alan Marx, AARP Tennessee Consumer Watchdog
Scams tend to transform and migrate. Some begin in one part of the world and over time appear in wholly different geographic areas. Others begin as attacks on businesses and later morph to afflict consumers.
You may not have heard of “Business E-mail Compromise” (“BCE”). The words are not frequently used in the daily news, but BCE is a category used by the FBI to describe a particular type of fraud using computers. It is also referred to as “phishing” or “whaling.”
A common form of BCE is a request asking an employee of a company to send money through a wire transfer. The scam is to make the employee think he or she is sending the money for a legitimate reason to a legitimate recipient. To do this the scammer first researches the company to identify the employees who (1) have the authority to authorize wire transfers and (2) the employees who regularly send those wire transfers. The scammer then sends a request that appears to be from a person with authority, claiming a need for an expedited payment (for example, for an overdue invoice, a missed payout to a beneficiary who has an urgent need for the money, or some other claimed deadline that has to be met to avoid adverse consequences to the company). A common element of these scams is that the address to which the funds are to wired will appear to be real. The claim may look like this:
I have an invoice due from a company that must be paid today by wire transfer. Here are the wiring instructions. Please do this right away.
Of course, the “wiring instructions” given will contain an address that appears to be legitimate, but it is false. Once the money is sent, it usually disappears, a success for the scammer.
The Consumer Version of the Scam
BCE scams now are focusing on individuals. For most people the largest financial transaction made during their lifetime is the purchase of their house. Mortgage and real estate fraud is a substantial and rapidly growing component of white-collar criminal activity. Why? The quick answer is “Sutton’s Law.”
Willie Sutton was a famous American bank robber. When a reporter asked why he robbed banks, Sutton reportedly said, “because that's where the money is." For the sake of completeness, Sutton wrote a book in which he denied that he said this, but whether he said it or not, it became identified with him and is known as “Sutton’s Law.”
The FBI, the Federal Trade Commission, and the Better Business Bureau have warned the public about imposters who target the email accounts of real estate agents and title insurance companies. These crooks are looking for information about upcoming real estate transactions and closings. One example tells the story.
On October 27, 2016, the Boston CBS television affiliate, WBZ Channel 4, reported about Paul LeBlanc’s experience in trying to buy a house. After a long search to find the home of his dreams, Mr. LeBlanc located a lakefront house for sale in New Hampshire. It had everything he and his family wanted. He made an offer, which was accepted. Mr. LeBlanc thought he was on his way to living his dream.
Purchasing a house usually involves bank financing and the purchase of title insurance. Many of Mr. LeBlanc’s communications with the bank and the title insurance company took place by email. What Mr. LeBlanc did not know was that those emails had been intercepted. Hackers, posing as representatives of the lender, the title insurance company, or both, obtained key details about the financing, the date, and the time for the real estate closing.
Shortly before the closing date Mr. LeBlanc received an email that appeared to be from the title insurance company, instructing him to make a wire transfer for the down payment to a JP Morgan Chase bank account. At his request, his bank transferred $142,245. The following day Mr. LeBlanc received an email confirming receipt, with the message “See you on Friday morning at the closing.”
On the day of the closing, an employee of the title insurance company said the wire had not arrived. When questioned, Mr. LeBlanc’s bank reported that the money had been transferred as instructed. Mr. LeBlanc and his family lost all the down payment money and were unable to buy the house.
An FBI agent described the scam to WBZ as a “Business E-mail Compromise.” FBI statistics show that more than $3 billion globally are lost to this type of fraud. In an age in which the internet and emails have replaced face-to-face transactions, criminals have found a weak link and exploited it.
Before the internet verification of wire transfers was usually made by telephone. “Voice verification” still would be helpful, but it is not foolproof. The voice verification could come from the hackers. Any transfer of funds is vulnerable if the sender relies on telephone numbers or email addresses obtained from the scammers or if the voice verification comes in an incoming telephone call.
This extent of this fraud went further. Mr. LeBlanc said he sent emails to the title insurance company and the lender when his bank made the wire transfer, but he never received a response from anyone at either institution. The title company provided emails to WBZ showing that a fake account that purported to be for Mr. LeBlanc had been set up by the crooks to obscure communications about the receipt of the wire transfers.
Conclusion
The internet has sped up communications and helped erase the barriers of space and time, but with all the plusses come risks and dangers. We have grown so dependent on the electronic medium that we have grown complacent. The assumption is that when money is sent that it was is received by the intended recipient. Unfortunately, the second half of the assumption is not true.
It is very difficult to recover funds that are diverted in hacking schemes. The FBI told WBZ that time is of the essence when dealing with this type of fraud. If the FBI is notified within three days of an occurrence of BCE, it claims to have a 70 percent success rate in recovering the money. After that, the rate falls dramatically.
For more information about filing complaints about electronic scams with the FBI, go to the FBI’s Internet Crime Complaint Center (IC3): https://www.ic3.gov/default.aspx