An uptick in mortgage loan fraud.

Increasingly, cybercriminals’ spoof emails trying to trick real estate buyers into wiring funds into the hacker’s account. The fraud should put all organizations conducting mortgage loan transactions on the alert.

Wire fraud schemes, a typical method of attack, have accounted for $5 billion in financial losses to consumers since 2013, according to FBI statistics.

Multiple government agencies and trade associations have issued advisories about the scammers. Recently New Jersey warned credit unions, banks, mortgage lenders, loan originators, title insurers, real estate agents, and consumers about hackers trying to pocket mortgage funds during the home-buying process.

In July 2017 the CFPB published a warning about the wire fraud schemes on its blog. The CFPB wrote, “scammers attempt to steal the homebuyer’s closing funds—for example, their down payment and closing costs—by sending the homebuyer an email posing as the homebuyer’s real estate agent or settlement agent (title company, escrow officer, or attorney).”

First attackers try to steal the credentials to email accounts of entities involved in the mortgage process— real estate firms, brokers, title or holding companies—using phishing emails with a link to a fake sign-in page, Asaf Cidon, VP/email security at Campbell Calif.-based Barracuda Sentinel explained.

“Hackers typically crack the password of any number of realtors and then piece together a series of consumer targets who are communicating back and forth with the realtor regarding closing preparation,” John Buzzard, industry fraud specialist for Rancho Cucamonga, Calif.-based CO-OP Financial Services, said.

The hacker then sends an email to the buyer, posing as the real estate professional or title company falsely claiming there has been a last-minute change in the closing process. It then instructs the homebuyer to wire or electronically transmit the closing funds to an account the scammer controls.

If a credit union encounters a situation in which a hacker has attempted to intercept a wire transfer or otherwise commit fraud related to a real estate transaction, it should consider a filing in accordance with the Bank Secrecy Act, advised Brian Godwin interim CEO for Des Moines, Iowa-based PolicyWorks. “BSA rules require credit unions to file a Suspicious Activity Report for any criminal violations exceeding a cumulative total of $5,000 when a suspect can be identified.” In the more likely scenario when there is an unidentified suspect, the incident requires a SAR for violations totaling $25,000 or more in aggregate.

Read more about mortgage fraud in the June 20 issue of CU Times.