The ABCs of Wire Fraud

Banks that work with merchants, or sellers, to collect money owed to them from buyers, or customers. These transactions flow from the issuing bank, to the consumer, to the merchant, and on to the acquiring bank.

US states differ in whether or not an attorney needs to be present at a real estate closing, regardless of the price or property type. These states, known as attorney states, require both an attorney and a notary to finalize the transaction.

The process of proving a user’s identity, usually by providing credentials or other forms of identification shared between a user and the system.

A feature provided by email clients to automatically forward emails from one recipient account to another. This feature can be used by criminals as part of business email compromise to track and manipulate legitimate conversations between real estate professionals and their customers.

When information or data is stolen or disclosed to an unauthorized party, usually causing financial and reputational damage. 

A cyberattack in which a cybercriminal either fakes a legitimate-looking business email account to trick buyers and sellers into sharing sensitive information or hacks into an active business account to facilitate fraud.

An industry-leading wire fraud protection platform that gives users the ability to send, collect and confirm wire instructions and mortgage payoffs via digital device verification, multi-factor and knowledge-based authentication. Each transaction facilitated via CertifID is insured by up to $1M.

An expression of a right to something that is yours, such as a payment from an insurance provider after a policyholder experiences a loss covered by their policy.

A syndicate of five or more people in which the goal of collaboration is to promote or engage in illegal activity.

A digital currency using encryption algorithms to form and manage a virtual account system. This currency is stored in virtual wallets and can be shared with other wallets using encryption keys to confirm identities instead of more traditional, government-issued identification.

The use of digital tools and the internet to defraud or take advantage of victims. This includes crimes such as phishing, ransomware, identity theft, and other scams.

A form of insurance designed to protect a business against financial losses resulting from a cyberattack. Cyber insurance can vary in the coverage it provides, potentially covering data leaks, network breaches, attacks against third parties, and insider threats.

The processes and tools used to protect networks, devices, and data from unauthorized access, protecting their confidentiality, integrity, and availability.

A subset of the deep web that can only be browsed using a specific browser, Tor . It makes up about 5 percent of the total internet. Many dark web websites host illicit material such as stolen credit card information, drugs, guns, and other counterfeit materials.

The measures, processes, and tools employed to secure data from unauthorized access or manipulation, such as through the use of encryption, masking, redaction, or user access control methods.

The use of artificial intelligence to create images, audio, and video hoaxes of real people or situations to trick audiences into believing the digitally created subject is authentic. 

A portion of the internet that is not indexed, and therefore not searchable. This includes anything behind a paywall or sign-in screen or content that has been blocked from web crawlers. The deep web makes up an estimated 96-99 percent of the content on the internet. 

This common element of a real estate purchase contract is used to reassure the seller that a buyer is “earnest,” or making a good-faith offer to buy a property. The amount can vary based on the property value and its competitiveness, but typically is between 1%-2% of the purchase price. The funds can go toward the down payment, but if the buyer breaches the contract, the seller can receive the funds as compensation.

Errors and omissions (E&O) insurance is a form of coverage that protects a business from errors or omissions made by a business owner or their employee.

The process of converting data from human-readable text into incomprehensible text known as cipher text. The text is based on a mathematical algorithm and a cryptographic key shared between a sender and a recipient. This process is used to secure the information so only authorized parties can understand it.

Any activity that knowingly uses deception—including the misrepresentation of the trust or concealment of a material fact—to achieve a gain, typically financial.

A person that obtains money or information by deceiving people.

The instruction added to wired funds sent to joint or shared accounts managed by a bank or brokerage firm on behalf of recipients so these institutions can credit money to the right client.

An email service that gives users the ability to send, receive, and store messages. Gmail is part of Google Workspace and offers free accounts for individual users and plans for enterprise accounts.

State laws that require all funds to close escrow on a property transaction be deposited or available for a sufficient number of days before closing into the agreed upon escrow account. States that have Good Funds Laws are known as Good Funds States.

The act of compromising the integrity, availability, or confidentiality of devices or networks via unauthorized access.

The Internet Crime Complaint Center (IC3) is a division of the Federal Bureau of Investigation (FBI) focused on internet-facilitated crimes.

A crime in which a person wrongfully obtains and uses another person’s data for their economic gain, either through stealing or committing fraud. 

Like impersonation, a criminal assumes the identity of another person or entity to commit fraud, such as through the use of their credentials, phone number, or accounts.

The process used to confirm that a claimed identity is correct. It confirms that the credentials provided by a user requesting access match those previously proven to a system.

When a cybercriminal plays the role of a trusted user to manipulate another person to provide sensitive information or gain otherwise unauthorized access to a network, system, or data.

The potential for an insider, such as an employee or contractor, to use their authorized access or knowledge of a network to harm the organization. These threats can include unintentional, complacent, or malicious acts.

Financial institutions that work with buyers to provide the means or mechanism (i.e., credit card, check, debit card, or funds transfer) needed to buy a product or service from a seller or merchant. The funds move from the issuing bank to the acquiring bank.

A form of software used to record and steal a user’s keystrokes to gain access to their credentials or other sensitive information.

Confirming a user’s identity by prompting for known information about that user, such as their name, address, phone number, or account information before granting access to a system or finalizing a transaction.

During closing, this is the transfer of funds from a seller’s proceeds to the mortgage provider to satisfy the terms of the loan and repay the debt. This payoff amount can be different from the loan balance.

The act of obfuscating the origin of funds away from illegal or criminal activity to what appears to be a legitimate source. The term comes from the idea of “cleaning” dirty (i.e., criminally sourced) money.

An individual that transfers illegally acquired money on another person’s behalf, usually resulting from scams, frauds, or other crimes. Money can be transferred through bank accounts with virtual currency, debit cards, or other financial tools.

When a criminal intentionally makes materially false statements or claims to obtain a mortgage or ownership of property for profit.

When a borrower satisfies the terms of a home loan, usually through the sale of a home or by satisfying the loan's payment terms.

The process of confirming a user’s identity through the use of more than two methods before granting access to a system or network. Three of the most common include something a person knows (e.g., a password), something they have (e.g., a smartphone), and something they are (e.g., a fingerprint).

The protection of the underlying infrastructure—including the devices, applications, and software that provide connectivity to internal or external systems—from unauthorized access or use.

A cloud- or device-based software application used to store, generate, and manage user passwords to online and local accounts and devices.

A proprietary, quick process used to validate the authenticity of wiring instructions to ensure payments are not sent to fraudsters. Each payoff transaction facilitated through PayoffProtect is also backed by $1 million in insurance.

The data that permits the identity of an individual to be directly or indirectly inferred. This data can include Social Security numbers, birth dates, addresses, and driver’s license numbers, among others.

The use of unauthorized software or code running on a victim’s device to manipulate traffic from legitimate websites to attacker-controlled websites, usually without any required actions by the victim.

A technique used by cybercriminals to obtain sensitive data about a business or individual, such as bank account numbers or personally identifiable information (PII), through fraudulent solicitation via text messages, emails, websites, or phone calls.

A method to confirm the identity of a party by calling a phone number provided by that user. This technique can be one of several authentication methods.

A technique in which scammers build up trust and promises of high returns before convincing victims to deposit more and more crypto assets into bogus wallets controlled by the scammer. Eventually, the scammer cuts them off and takes all their money.

Fees required by government entities as part of a real estate transaction and collected and distributed during closing.

A form of malware specifically designed to encrypt files and data on a device to render it unusable until a ransom is paid to decrypt them.

A marketing term that refers to a source that sends leads to a primary website or business through a link-sharing method. These partners are usually part of a network of referrers that promote or advertise a product.

The process of identifying, assessing, evaluating, and mitigating financial, legal, or other risks to an organization’s resources or assets.

Seller impersonation fraud is a real estate scam where a fraudster impersonates the owner of a vacant or non-occupied property to steal the funds from the sale.

A plan to obtain money through illegal means, usually by tricking victims.

A form of fraud in which cybercriminals trick users into believing they need to buy or download malicious software, often via a pop-up, social engineering, or scare tactic.

A form of phishing in which a cybercriminal uses text messages to trick victims into clicking a link or downloading a malicious app to their smartphone.

A technique used by cybercriminals that takes advantage of human tendencies or weaknesses to gain access to personal or sensitive information that can be used to access protected systems.

Any unsolicited digital communications sent to recipients in bulk, often via email or text messages.

A form of phishing in which cybercriminals target specific individuals or groups within an organization instead of a wider, random audience. This allows the criminals to be more precise with their language or tactics to trick victims into sharing sensitive information that may lead to further unauthorized system access.

An alliance of individuals or organizations working together to complete a transaction that would be difficult to pursue individually. Both risks and resources are combined in the group investment.

A form of real estate insurance in which lenders and homebuyers can be protected from financial loss if a defect in a title to a property is discovered after closing.

An identity management method that requires the user to provide two forms of identification to access a system’s resources or data.

A party, usually a financial institution, that assumes another party’s risk in a financial transaction based on their analysis of risk. This typically applies to a mortgage loan or insurance product.

A phishing tactic that involves a voice call or voice message sent from the criminal to a victim to trick them into divulging sensitive information.

When a cybercriminal impersonates a trusted party in a real estate transaction to divert funds transferred via an interbank wire to a fraudulent bank account. This often involves altering legitimate wiring instructions with fraudulent information.

A series of actions needed to complete a task, often in sequential order or specific path, including the processing of data or other inputs. Actions can be performed by humans or systems.

A video-sharing website owned by Google. Users can upload and share videos with public or private audiences.

A cybersecurity framework that requires all users, both inside and outside of an organization's network, to continuously have their identities validated and authenticated to have access granted or maintained to a system or data.