Hat tip to just some guy for sending this in – an excerpt:
BEC scammers typically engage in what Alex calls a shotgun approach. They compile contact information for random players involved in any real estate transaction—lawyers, brokers, title agencies, mortgage lenders—then send mass phishing emails to this database, waiting for someone to take the bait.
In the email, the scammers might provide a link that leads to a website resembling the real estate agent or title company’s email login page. The duped individual will type out their credentials, which might lead to an error page. Most think nothing of it—perhaps it was merely an internet connection problem. They don’t realize they’ve sent their login information to the hacker, who now has access to their email and confidential company information. Critically, they are also able to track conversations about impending home sales with buyers, ultimately zeroing in on the specific deals they want to infiltrate.
That’s the easy part. What follows is complex social engineering, in which the scammers monitor correspondence about a specific transaction for months. Without tipping off anyone, they learn the minute details of a deal. When it becomes apparent that a down payment is about to be wired, they jump in with a fraudulent email to the buyer, pretending to give official instructions from the real estate or title agent: Please wire your money to this bank account. The email can be sent from the compromised account or from a fake one that looks almost identical to that of the agent in the deal. The unsuspecting buyer wires their life savings to a criminal.
Reports about this alarming scheme exploded during the pandemic, when home prices, bidding wars, and cash deals all rose. As transaction volume swelled, so did profits for real estate companies, lenders, and banks, and hackers smelled a growing opportunity. By targeting escrow wires, scammers are able to single out a particularly easy jackpot, a transaction involving multiple parties without proper internet security and the rare instance in which a giant sum of cash is sent in a single wire.
In 2020 and 2021 the FBI labeled BECs the costliest cyberthreat, accounting for reported losses of $4.2 billion, with real estate wire fraud becoming one of the most targeted sectors. “Those numbers are floors, not ceilings,” says Crane Hassold, director of threat intelligence at Abnormal Security, an email security company. “There’s a lot that doesn’t get reported.”
