From homeowner to homeless in one click: A case study on how to protect yourself

homeowner to homeless

Andrew Batson and Erika Urry had selected an impeccable and captivating residence in San Diego, California. Intoxicated by the thought of moving into their dream home, the couple could practically see their new lives. There was one step left needed to open their escrow—sending their down payment of $130,000 to their escrow officer. Andrew had received an email with wire instructions sent from an email address identical to their real estate agents. Without a doubt, Andrew wired over his family’s entire life savings—$130,000. Days later, however, the couple learned their payment never arrived. Andrew had received an email from his escrow officer asking to wire the down payment. Confused and dismayed, Andrew and Erika decided to contact their escrow officer, reminding the officer they had already wired the money. If their escrow officer didn’t get the money, who did?

Bad actors, impersonating the couple’s real estate agent, had intervened and pocketed the entire wire transfer. The email had the file attachment of the escrow officer’s actual letterhead, and the details of the real estate transaction were 100% accurate. The email included said details only someone working on the sale of the home could have known. How could a bad actor obtain all of this information? A variety of attack methods and vectors could have been employed: including compromising one or more email accounts of those involved in the transaction, pretending to be a prospective client and emailing the firm to obtain a response and thus an email signature, or finding the escrow companies’ letterhead via an internet search. The email also included details only someone working on the sale of the home could have known. Unfortunately, it can be easy for victims to believe the malicious email is legitimate, since it can actually be sent from the authentic (hacked) account of one of the real parties involved.

Cyber Tip: The best method of protection is to not trust email and to be extremely cautious when receiving emails requesting money. If your escrow officer demands a wire transfer via email, think before you click. Triple check email addresses, reconfirm with your officer that the email requesting money is actually from them.

Despite the scam’s convincing elements, there were indicators that something was wrong. The fraudulent email used an unorthodox sentence structure. The scammer’s email address and links contained clues. Hovering over any links in the email could have produced red flags, like different or similar-looking URL addresses (for example, versus the malicious URL

Cyber attackers and scammers target their victims in moments of heightened emotion. People are often distracted and/or overwhelmed when scared or elated. In the case of the Andrew and Erika, the cyber thief recognized an opportunity when they were deciding on buying their dream home. It was the perfect storm of emotions that ultimately clouded Andrew and Erika’s judgement leaving them vulnerable. Andrew and Erika’s tremendous loss to real estate wire transfer fraud is indicative of a growing epidemic. With technology changing every day, bad actors will constantly create new and innovative strategies in order to successfully execute their attack.

In 2016, the FBI found that $19 million in real estate transactions were “diverted or attempted to be diverted” by scammers, and that amount increased to $1 billion in 2017—a 5,163% increase in just one year. The most discomforting part of real estate wire transfer fraud is the rare chance of ever recovering stolen funds.

Real Estate Wire Transfer Fraud Prevention Steps:

Now that you understand the severity of real estate wire transfer fraud, here are some beneficial prevention steps one can use to help combat wire fraud:

Validate the exact wiring instructions with your escrow officer, in-person, or on the phone (Remember to validate their phone number first). Only use an escrow company that emphasizes the importance of protecting your data and money. Ask your officer for a two factor authentication on any wiring instructions sent to you. If you are skeptical of the validity of any information received, call your escrow officer. You and the officer can conduct a test wire transfer for $50 to ensure your money is safe and then reconfirm with the officer that they received the wire transfer. In that conversation, the correct account number information should be repeated verbally before taking any steps to have the funds transferred.

Don’t use insecure or “free” Wi-Fi to access or send email communications about sensitive transactions. Kaspersky Security Network (KSN) analyzed data from across the world for almost 32 million Wi-Fi hotspots accessed by the wireless adapters of KSN users. KSN concluded that, “24.7% of Wi-Fi hotspots in the world do not use any encryption at all.”

Secure your email account with two-factor authentication and use a variety of passwords.

If you’ve fallen victim to a wire transfer scam:

  • Call your bank immediately. Discuss what steps now need to be taken.
  • Notify your local police department and file a police report.
  • Notify your local FBI field office and file a complaint.
  • Visit the FBI Internet Crime Complaint Center (IC3) and file a complaint online at

Cyber-Risk Statistics: 

“Serving as a testament to the increase in cyber risk and the need for easy-to-understand, personal, cyber security guidance, Verizon published the following statistics in its 2017 “Data Breach Investigations Report:”

  • 51% of data breaches involved organized crime groups.
  • 1 in 14 people were tricked into clicking a malicious link or email
  • 66% of malware was installed by opening malicious email
  • 43% of all data breaches used social media attacks.
  • 81% of hacking-related breaches used stolen and/or weak passwords to gain access.
  • 93% of social engineering used phishing techniques.
  • 14% of breaches were caused by mistake.

Why do bad actors have such a high success rate in causing breaches? Because they wait for the perfect opportunity to strike. Antivirus software and firewalls can only do so much. There is no guarantee that any emails from compromised counter parties are valid. It takes individual intuition and awareness to realize when a breach has occurred.

Brian Krebs, a well-known cyber security researcher and investigative reporter, put together a “Cyber criminal Code of Ethics,” to convey “immutable truths” depicting how scammers benefit from a lack of investment in personal cyber security.

  • “If you hook it up to the Internet, we’ll hack at it.”
  • “If what you put on the Internet is worth anything, one of us is going to try to steal it.”
  • “Even if we can’t use what we stole, it’s no big deal. There’s no hurry to sell it, and we know people.”
  • “We can’t promise to get top dollar for what we took from you, but hey—it’s a buyer’s market. Be glad we didn’t just publish it all online.”
  • “If you can’t or won’t invest a fraction of what your stuff is worth to protect it from the likes of us, don’t worry: you’re our favorite type of customer!”

Breaches, Cyber attacks, and Hacks- How do we define them:

  • cyber-attack is when an attacker strikes against a computer system, network, or internet-enabled application or device. Hackers use social engineering against people with the primary objective of accessing, modifying, disclosing, or selling stolen information, malware, ransomware, exploit kits, and other methods. Cyber-attacks hit business every day.
  • breach is an incident where sensitive and private information is accessed or leaked without prior authorization. Social Security numbers, credit card and bank account numbers, billing addresses, tax returns, medical information, usernames and passwords, are all high on an attackers list.
  • hack refers to the practice of modifying or altering computer software and hardware without permission to do so. Hackers tend to have an in-depth understanding of computer technology. It is simply digital trespassing.

With cyber-attacks growing at an alarming rate, we must remind ourselves that anyone is vulnerable to an attack. If wiring instructions are changed via email, the buyer should confirm that by phone with the escrow officer and the buyer’s real estate agent. Speaking to each other directly could go a long way toward preventing this type of scheme from happening to you – and your business associates. You must take responsibility for you actions and be more attentive when randomly clicking and opening links. Former Cisco CEO John Chambers once said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”

Leave a Comment

You must be logged in to post a comment.