This appears to be a case of The Friday Afternoon Fraud that we have previously blogged about. According to a Housing Wire post American Pacific Mortgage (APM) is suing its insurer Aspen Specialty (Aspen) for a fraudulent wire transfer that occurred in 2015. According to APM a hacker impersonating the mortgage company’s former CEO managed to get APM to wire transfer $75,000 to a fictional company. Aspen Specialty denied the claim. ATM states that none of its systems were breached and no confidential data was disclosed.
This is one of many recent cases where a firm wire transfers monies after falling for this fraud.
In a warning similar to the Friday Afternoon Fraud the FTC and the National Association of Realtors (NAR) in 2016 advised consumers that they could be the next victim of a mortgage closing phishing scheme. The scammers hack the consumers and real estate professionals e-mails to obtain information about upcoming real estate transactions. Once cyber criminals have access to the consumers or real estate professionals’ email account, the hackers ascertain the closing dates. Then, the scammers very near closing time send an email to the buyer, posing as the real estate professional or Title Company, stating that there has been a “last minute change” to the wiring instructions. The scammers’ email instructs the buyer to send the funds to a different account, which belongs to the scammers. According to the FTC, if the buyer takes the bait, their bank account could be cleared out in a “matter of minutes.” The FTC also said that often time, the buyer will never see that money again.
How to detect the Friday Afternoon Fraud or similar e-mail modification scams:
Law Firms, accounting Firms and title agencies that hold large sums of client money are at the most risk. Even for those who do not hold large amounts of client money, it is worth considering this risk. Many supplier frauds and phishing efforts also seek to redirect funds. The following steps help against Friday Afternoon Fraud will also work against similar scams.
1. confirm client and third party payment details, for example sending $1.00 to the account details provided and confirming it has been received
2. provide information to clients confirming they will never be asked by you to send money to a different account than that given
3. be suspicious of requests to change payment details, in particular those sent by email with high urgency, and confirm them with the client on a known telephone number
4. confirm that money sent details provided by a third party lawyer is genuinely going to the party intended
Lastly, too many law firms, accounting firms and title agencies still do not carry cyber liability/data breach insurance and crime insurance. Normally your Errors & Omissions coverage will not provide coverage. Even with a Cyber Policy, it needs to be properly endorsed to specifically cover e-mail scams as not all Cyber Policies are created equal. These policies continue to be an economical way to protect a firm’s assets.