It happened to us – hackers got into somebody’s account.

They posed as the escrow officer and tried to divert my buyers’ down payment to the wrong bank account.  Their timing was impeccable too.

Six days before closing, an email was sent to the buyers that looked like a normal email from the escrow officer:

Good morning (buyers’ names),

We are getting close to closing. It is important that we get the Cash to Close to avoid delays in closing.

Please tell me when you would wire the Cash to Close.

Regards, (escrow officer’s name)

The buyer asked for the amount and for wire instructions by email – and the hacker responded three times by email and even sounded like the escrow officer.  This was the tip-off though:

Please find attached the wiring instructions. It is an account of one of our subsidiary company as our main account is currently undergoing compliance audit. As such, any funds entering the account would be held for review which would grossly affect the scheduled closing date.  The total closing cost is X.

The hacker asked for an amount that was within $2,000 of being accurate, and if the buyers had been in a big hurry, they might have just sent it.

Thankfully, Mr. Buyer called the escrow officer direct to verify. The escrow officer was stunned – she hadn’t sent any emails to the buyers that day!

Because no crime was actually committed, the escrow, title, and mortgage companies just shrugged it off.  We won’t ever know who the hackers were, or how they got in, but to call it unsettling is an under-statement.

From my buyer:

We felt very unnerved yet relieved. I couldn’t sleep that night, knowing how close we came to losing a substantial amount of money, by nearly anyone’s standards. I personally felt helpless, because I’m not sure what I could have done to recognize this fraud. We consider ourselves pretty plugged in and so we didn’t think twice about getting a wire request from escrow.

The bottom line is, escrow and bank request a lot of items and need responses ASAP so that escrow proceeds to a timely close. Therefore buyers are, in many cases, reading highly technical documents ‘on the fly’, often from smart phone screens. In my case, this meant that I was usually just skimming documents and electronically signing without really studying the material.

The escrow company did say in their instructions that buyers should call before wiring any funds. I didn’t notice this until after the attempted theft of our money. In the future, I would like to see escrow go back to speaking with buyers more often, instead of just emailing documents for signature. It sets a more personal tone and makes buyers more comfortable in picking up the phone to talk to the escrow agent with questions, rather than always relying on electronic communication.

Some escrow companies are now encrypting their wire instructions, but they are missing the point.  The hackers are way ahead of us!  All they need is a copy of the purchase contract (which agents, buyers, sellers, escrow and lenders email around unsecured), and the hackers can figure out the rest.

They just pose as the escrow officer a day early, and ask the buyers to wire the down payment and closing costs to them!

Pin It on Pinterest