NWX-CFPB HQ (US) Moderator: Heather Brown May 16, 2019 1:00 pm CT Coordinator: Welcome and thank you for standing by. At this time, all participants are in a listen-only mode until the question and answer session of today’s conference. At that time you may press Star 1 on your phone to ask a question. I would like to inform all parties that today’s conference is being recorded. If you have any objections you may disconnect at this time. I would now like to turn the conference over to Dr. Heather Brown. Thank you. You may begin. Heather Brown: Thank you so much operator. Welcome everyone for attending this important subject - Webinar today on avoiding wire fraud in the mortgage closing process. We have an excellent speaker with us today, Cynthia Blair, who is an attorney. And she’s also president of the American Land Title Association. She’s been a real estate attorney for many years out of South Carolina, and she was elected to be the 2018-2019 president of the American Land Title Association. And they’re very committed to educating our public on this important issue that we’re discussing today that’s affecting many Americans. So we’re going to get to Cynthia shortly. I just want to run through some preliminary slides that I have for you and let everyone know that the slides will be posted within a few days after each Webinar. So probably you can check either late - well, tomorrow’s Friday, so probably check on Monday. It might be up tomorrow but definitely should be up around Monday or Tuesday. For anybody that may want to get a copy of the slides, you can download them from our Web site. And I’ll show you where in just a second. I have to go through my standard disclaimer. This presentation’s being made by myself as a representative of the Consumer Financial Protection Bureau. It does not constitute any legal interpretation, guidance or advice from the bureau. Any opinions or views stated by myself or our presenter today do not necessarily represent the bureau’s views. And any third-party links to sites in any of our materials also don’t express and endorsement for those sites, their content, or any products or services that they offer. The bureau has a mission to regulate the offering and provision of consumer financial products and services under the federal consumer financial laws. And we are here to help educate and empower consumers to make informed financial decisions. This is being offered by the CFPB FinEx and that is the Financial Education Exchange for professionals such as yourself. We’re always looking for new members, so please spread the word. We have over 5000 members now. We offer monthly Webinars, at least monthly, a monthly newsletter, and we also are hosting regional meetings or convenings. And if you have an interest in hosting a meeting in your area, we try to invite lots of our members from that particular area and do sort of regional short conferences, a half day usually, but we can do longer if needed. So if that’s something that interests you, please reach out to us at the e-mail on the bottom of this slide, cfpbfinex@cfpb.gov. Okay this is the Web site that you go to that’s our landing page for all of our adult education materials. And the URL is at the bottom. And this is where you also go to find the next Webinar. And our upcoming Webinar is going to be on disaster preparedness and liquid savings. And these are three other - this is the link to the adult education page all in one place, our e-mail address, as well as our LinkedIn site. We do have a LinkedIn group where you can post questions, articles, ask for information if you need some information from your colleagues. Just a way to try to keep folks connected, and we’re also interested in any ideas people have on how to make that become a more rigorous conversation. So we’re working on building that up too. But we tend to get several articles posted every other week or couple weeks, so it’s good to check back maybe weekly. And the date and time for our next Webinar are located at the bottom of this slide. With that I am going to hand it over to Cynthia Blair, who is going to be the speaker for the duration of our conference. Cynthia, are you ready? Cynthia Blair: Ready to go. Heather Brown: Okay, thank you so much. Cynthia Blair: And one second. My slide isn’t advancing. Heather Brown: Oh wait a minute. That’s on me. Sorry, I’ve got to change this to your slides. There you go. Thank you for saying that. You’re all set. Cynthia Blair: I still don’t see that on my screen. Heather Brown: Do you see your slides? Cynthia Blair: I do not see my slides. Heather Brown: Do you see anything that says that you need to accept that you’re the presenter? Cynthia Blair: I do not. We did this the other day, and it was there. I don’t see it right now. Heather Brown: I can advance the slides. Operator can you see if there’s anything going on in the background? Coordinator: As far as I know the WebEx is functioning properly. You might want to take the presenter role back, Dr. Brown, and see if it lets you see those slides. Heather Brown: Okay. Okay. Says I’m the presenter now. Cynthia Blair: Yeah I now see those and it’s working for me. Heather Brown: Perfect. Cynthia Blair: Great, all right. All right, we’ll get started. Thank you all so much for having me today. This is a very important topic. I wanted to - and I’m particularly pleased to be presenting to this group of financial educators because we believe that the best way to combat wire fraud is via consumer education. So you’re in the perfect position to educate consumers regarding financial issues that affect them, such as this. So we’ll briefly look at the agenda. We’re going to talk about why you care about this, what is all the hubbub about. Secondly we’re going to go through the anatomy of business e-mail compromise. We’ll touch on some of the recently reported frauds and wire fraud examples, red flags to look out for, tips for preventing wire fraud, how to respond if you are in fact a victim of wire fraud, what you can do to help combat this. And then we’ll take questions at the end. So why should you care? Well real estate wire fraud is a sophisticated scam, targeting individuals that are performing wire transfer payments. And of course that’s a tremendous issue in the real estate market because many funds are transferred via wire transfer. Not limited to the real estate market. Anywhere funds are being transferred in that manner are targets. But we know because the scammers are aware that the real estate industry is so rampant with wire transfers that we sort of have a big bullseye on us. The scam is really growing too. We’ve seen an exponential growth here. Criminals pose as legitimate business e-mail accounts to conduct unauthorized transfers of funds. The FBI’s Internet Crime Report identified 11,300 U.S. victims of real estate wire fraud in 2018. And these consumers lost a combined amount of $149 million. Between 2017 and 2018, the FBI data shows 166% increase in the amount of money lost due to real estate wire fraud in the United States. E-mail phishing scams targeting real estate transactions exploded 1100% between 2015 and 2017. Forty-seven percent of major financial institutions reported a rise in wire fraud in the last year. Twenty percent of Americans click on links in phishing e-mails that look legitimate while 50% of Americans click on links in more personalized spear phishing e-mails that look legitimate. We’ll talk a little bit about the difference between those in a few minutes. These crimes occur in every state, in every city. There really is no safe spot where there’s not the potential for wire fraud. Criminals begin the wire fraud process way before the attempted theft actually occurs. Most often, they begin with a common social engineering technique called phishing. This normally takes the form of e-mail messages or Web site form or even a phone call to fraudulently obtain private information. Through seemingly innocuous communication, criminals trick users into inputting their information or clicking a link that allows a hacker to steal login and password information. Once the hacker has gained access to an e-mail account, they’ll monitor the messages to find someone in the process of buying a home, which we know is easy enough to find. You can find properties for sale all over the Internet. And so it’s easy enough to make a few phone calls, send a few e-mails to gather information. Hacks can come from various parties involved in transactions, including real estate agents, title companies, attorneys, or consumers. Criminals then use the stolen information to e-mail fraudulent wire transfer instructions disguised to appear as if they came from a professional that the consumer is working with to purchase a home. These are the four emotions that folks need to be aware of when e-mails come in, phishing type e-mails come in, or e-mails that are seeking to accomplish a wire transfer fraud. Greed - phishing e-mails often dangle a financial reward of some kind if you click a link or enter your login information. If an e-mail offers you something that seems to be too good to be true, it probably is. Another one is urgency. If an e-mail provides a strict deadline -- this has to be done by 5:00 today; it has to be done by noon -- a strict deadline, you should be suspicious. Phishing e-mails and fraudsters are seeking to fluster the recipients by creating a sense of urgency. And oftentimes of course people want to be helpful. They want to be responsive. And so their first response is okay I’ve got to do this really quickly. And sometimes that will cause you to overlook red flags. Curiosity - people are naturally curious and phishers will take advantage of this by sending e-mails that promise to show us something exciting or forbidden and so people want to click on that. They prey on our curiosity. And finally fear. Scaring recipients is a common tactic in phishing e-mails. E-mails that threaten you with negative consequences or punishment should always be looked at with suspicion and never assume that what the e-mail says is true. These are some of the most recently reported frauds that have occurred. And they’re just horrible to think about. In Maryland, the FBI says fraudsters used fake e-mails to fool a settlement company into wiring them the proceeds of the sale of a couple’s home. And the amount was $411,548 lost. In New York, a judge was trying to sell her own apartment. She received an e-mail that she thought was from her real estate lawyer telling her to wire the money to a specific account. That amount lost was $1 million. In Washington, D.C., home buyers sued the title company for the lost money due to business e-mail compromise but also close to $5 million for an alleged violation of the RICO act. The title company which denies it had anything to do with the money going missing, said that it immediately contacted the FBI when the attack was discovered. The amount lost there, $1.57 million. And in Colorado, a couple who lost their life savings while trying to buy their dream retirement home has filed suit alleging that none of the companies involved in the transaction, including a title company, did enough to protect sensitive financial information. Their life savings that they lost - $272,000. And you can see this problem affects people all over and in, you know, a variety of amounts. Next I’ve got some examples of some spoof e-mails and some things for you to look at. In the example on the left, the real estate agent had an e-mail address that incorporated the company domain, but the from was a Gmail address. So it was designed to make the recipient think it was a legitimate correspondence. In addition, two digits of the phone number in the e-mail’s signature line were transposed. But those are - of course those are minor details that many people would overlook. In the example on the right, the e-mail address looks correct but the reply to, which isn’t actually displayed in most e-mail programs, is from Gmail or similar e-mail hosting company. So these are some of the things to look for and to educate consumers to look for if they see something talking about wiring money, telling them where to wire money. More fake e-mail red flags are domain name changes. So there’ll be a letter insert that if you don’t look closely enough you can’t tell that the I was changed to an L. It looks like it’s supposed to be. It looks like the way it’s supposed to be, but if you look closely enough you can see that there’s a letter that’s changed. Or a letter substitute. So you’ll see that numbers are placed in there for the letters, the zeroes are placed in there in place of the O’s. Again if you look quickly you would assume that it was correct. Look-alike letters, so using two V’s to equal a W, or using N and I to equal an M, or a 1 to equal an I or a zero to equal an O. So any of those combinations that can look, when you don’t look closely enough, like the letter that it’s supposed to be are things that are used to create false domains. The name and the e-mail don’t match. So you’ve got Polo Realty hacker 123. But, you know, it could be Polo Realty123 at Gmail.com, not necessarily - you would assume coming from Polo Reality but in fact because it’s slightly changed it’s not the right one. Free domains also equal danger. So if you’ve got realtor at PoloRealty.com, it’s better than realtor at Gmail.com because PoloReality.com not a free domain. Gmail of course anyone can sign up. And then finally you’ve got changes in footer or style to take a look at. So those are all red flags for folks to look at when they receive e-mails, anything that is talking about transferring money via wire transfer. So what should you do? The first thing and one of the biggest ways to combat this is to make sure that all consumers know that any time they receive instructions on wiring money, they call to verify those wiring instructions by telephone before they transfer the money. And use the phone number, a known phone number. So go to the company’s Web site. Don’t call a number that is listed on the e-mail. Obviously, the fraudsters are aware that we’re trying to educate consumers to call to verify so they’re going to include a number for you to call. Hey, you can call this number to verify. We need consumers to be aware that that’s not what you want to do. The fraudster’s on the other line ready to certainly verify that those are the correct wiring instructions. So consumers need to be aware they should always, always call a known number. Go to the company’s Web site or some other method of determining the known number, not the number in the Web site. Second, be suspicious, always be suspicious. It’s a shame that our society is this way but we need to be suspicious so that we protect ourselves from fraudsters. It is not common for title companies to change wiring instructions and payment info. It happens occasionally but it is normally done in a manner that a consumer in a specific transaction wouldn’t have them change while that transaction was pending. So for a title company to send an e-mail and say, “Oh, we’ve changed where we want to send the wire; we’ve changed our wiring instructions,” that should immediately be a red flag. Confirm everything. So when a consumer is at the bank about to send a wire transfer, they should ask their bank to confirm not just the account number but also the name on the account before it sends the wire. And then verify immediately. After the wire transfer is done, the consumer needs to call the title company or real estate agent to validate that the funds were received. Now it does take several minutes, sometimes a little longer than that, for a wire transfer to go through. But if the title company is immediately on notification that the wire has been sent and they can be on the lookout for it, if it’s not there within a matter of minutes or an hour or so, there’s a much quicker - much better chance of recalling the wire were it sent to the wrong place than if it goes for, you know, a day or more. Detecting that you sent the money to a wrong account within 24 hours gives the best chance for recovering money. And also forward, don’t reply. So when responding to an e-mail, hit Forward instead of reply and then start typing in the person’s e-mail address. Criminals – as we have seen on prior slides – criminals use e-mail addresses that are similar to the real one so if you’re typing in, you as the consumer are typing in the e-mail address, you will make it easier to discover if a fraudster is after you. So what happens if it happens? You should immediately call your bank and ask them to issue a recall notice for your wire. And then the wire transfer fraud needs to be reported to IC3.gov, www.ic3.gov. And then also the next step would be to call the regional FBI office and the local police. It’s a little bit of a process but these are important steps to take to first of all try to obtain the money back, try to recall the money and get it back, and second of all so that law enforcement can have more information on these fraudsters. IC3.gov is the FBI’s crime center. And what it’s doing is aggregating the data that’s put in there about fraudsters. And they’re having success with catching criminals. Now there are many, many out there. But when there are successes, we know that it’s working. So the more data that the FBI can compile in this Web site, the better and the better chance they have for finding details that may help lead them to arresting a fraudster. And again as I said before, detecting that the money is sent to the wrong account within 24 hours offers the best chance for consumers to recover their money. After that it becomes very close to impossible. So unfortunately we weren’t able to play this video for you. We tried to get it to where we could play it but we were concerned that the audio on this particular Webinar just because of the way it’s done, the audio and the video wouldn’t come out as well. So this is a video that the American Land Title Association created. It’s about two minutes. It provides four tips on how consumers can protect their money and offers advice on what to do if they have been targeted by a scam. We encourage everyone to use this video, post this video, use it in any manner that you’d like where you’re educating consumers because the more this video is out, the more consumer awareness we have. I believe that - let’s see, I believe that we’ve posted the link to - well you can see it down there actually. If you go to YouTube.com/altavideos, you can obtain his video. And feel free to use it. I urge all of you to go after this Webinar is over. Go and take the two minutes to look at the video. And then feel free, like I said, to use it in any educational opportunity that you have in front of consumers. We think this is a great video to help raise awareness. So what can we all do together? Well I am excited to tell you about a new advocacy initiative that’s launched by the American Land Title Association, the Coalition to Stop Real Estate Wire Fraud. We know just how vulnerable consumers and our industry is to wire fraud. We know that we cannot educate consumers about the risk of wire fraud by ourselves. So what are the goals of the coalition? Well for every real estate title, mortgage, and escrow professional, we need them to raise awareness about the risk and urgency of the problem. We need to be able to provide concrete steps to prevent the risk of wire fraud when buying a home or whenever transferring money via wire. And when we identify and empower those who have been victimized, they can be heard and then they can advocate for other solutions. We know that consumers are not sufficiently worried about this problem. Half of consumers we surveyed in March said they are not concerned about wire fraud at all. But nearly 3/4 of them were warned by their real estate agent, title company or bank as part of the home-buying process. And 76% of people said they’d never seen coverage of real estate wire fraud on the news. But we know these statistics do not capture those heartbreaking stories of lost life savings of the people targeted that we talked about earlier. And those are just a few examples of the literally thousands and thousands that exist. What’s shocking however is that the majority of scams aren’t even reported because of embarrassment or sensitivity around litigation, liability. The FBI estimates that only 12% to 15% of all fraud gets reported. So if you take the 2018 statistics of 11,300 people and $149 million, and you multiply that to get 100%, you can imagine where we really are, or we think we really are, with regards to this kind of fraud. We know that consumers are most vulnerable when they send their earnest money deposits and then especially when they wire their cash to close. Earnest money deposits are done at the earlier stage. Cash to close is at a later stage. So the fraudsters had a lot of time to gather the information about when a transaction is about to occur. So we need to empower the professional community with tools. We need to empower victims and educate consumers about IC3.gov I just talked about a few minutes ago. We have a duty to care for our clients, scare them frankly, and explain very firmly that they deploy best practices. And then we need to share our experiences. You can also help in this national media campaign to raise awareness. We need video experiences. Go to StopWireFraud.org to record your own wire fraud story. And this is where you would send consumers in the event they have been a victim. The experiences that can be shown by the videos of actual victims to wire fraud can help warn others and then contribute to the conversation. So we hope that everyone on this call and everyone within their sphere of influence will help join us in the Coalition to Stop Real Estate Wire Fraud. I hope that this Webinar has told you - I’ve given you enough information to see how urgent and terrible this problem is. And again as I emphasized in the very beginning, consumer education is the number one way we could combat this. So I hope I’ve offered some solutions, some opportunities for additional education, some resources. And at this point I will take questions if there are any. Heather Brown: Thank you so much Cynthia. That was really informative and very efficiently delivered. I wanted to let everyone know - Operator, would you mind letting everyone know how to open their lines? Coordinator: Absolutely. If you would like to ask a question at this time you can press Star 1 on your phone and record your name when prompted. If you need to withdraw your question you would press Star 2. Again to ask a question by phone, please press Star 1. It will take a few moments for questions to come through. Please stand by. Heather Brown: Thank you. I had a quick question Cynthia while we’re waiting to see if there’s any other questions that que up. I was just wondering how the people that are perpetrating these frauds are gaining access to the information. Are they using public records or are they, you know, compromising the e-mail of some of these title companies? What do you think is happening? Cynthia Blair: Well, so data about home sales is easily obtainable. We know that you can easily look on Zillow or Realtor.com or any of these other platforms to find homes that are for sale. And you can also find out who the real estate agent is. Oftentimes we find that that’s where it initiates. They gather data from the real estate agent. They may call posing as an interested party to find out whether or not it’s already gone under contract. If they gather information - if they’re able to get information initially that tells them okay a transaction is probably pending then we find that oftentimes the real estate agent or other parties to the transaction are then the targets. So title companies are the target. We find that many, many title companies have put in place a lot of security on their e-mail. So we find that while not impossible for it to be the title company that gets hacked, it is most often the real estate agent. And this is really because so many real estate agents use the free domains. So they’re using Gmail or they’re using Hotmail or they’re using one of those free domains for their e-mail which is much easier to penetrate. So once they have penetrated the e-mail then they’re watching the e-mail traffic. They may also at that point find out who the parties to the transaction are, the seller, they buyer, and their e-mail addresses and perhaps their e-mails. They may also be using a free e-mail domain which would again be something they could hack into and continue to gather data. They can find out who the title company is. They may make telephone calls to the title company to ask questions and ask questions that aren’t necessarily private information. But if they’re asking, “Oh, is a sale happening,” not that somebody would necessarily give out a closing date but somebody might give out some information that could be used in a fraud. So all of these ways are ways where fraudsters can gather the information. And then once they’re in an e-mail they either create a domain that looks like it so they’re appearing to be as though they’re from the title company. Or they monitor the traffic and just send an e-mail directly from - maybe from the realtor or proposing to be from the realtor sending those fraudulent wiring instructions. So that’s kind of how we find the most often these things occur. Now as I talked about phishing and spear phishing, we’ve all seen those e-mails that come in asking you to click on a link. And they may be - they’ve become much more sophisticated. I know that my companies receive them often. They start out and say, “Closing disclosure attached.” They know that we’re a title company. They know that we may expect something like that to come in. Now we look very carefully at who’s sending it. And, you know, if it’s somebody from a title company in another state, well we know that closing disclosure wouldn’t - nobody would be sending us a closing disclosure. But if they’re asking to clink on a link, “Oh, download this; I need you to look at this,” those are red flags. And we educate our staff. And many folks in the title industry have begun initiatives to educate their staff on those exact things. So if somebody’s sending you something asking you to click on it, that’s a red flag. Stop. Let’s take a look. Let’s make sure that it’s not something that is dangerous before you click on a link because that can oftentimes get someone into your system. Heather Brown: Great, thank you for that information. Operator did we get any questions in que? Coordinator: I’m showing no questions by phone at this time. But again as a reminder you can press Star 1 on your phone and record your name if you have a question. Heather Brown: Okay. Well it sounds like you’ve answered all the questions in your presentation. It was very interesting and it really helped me see how sophisticated some of these things are. It makes me want to be more vigilant as well. And I just really appreciate you taking time to share this information with us. We are going to post this recording online so that folks that were not able to come today will be able to see it. And hopefully we’ll spread the word to more people. And everyone that’s on the call could please let those they know around them that would benefit from knowing about this information, let them know the Web page that we have, ConsumerFinance.gov, going to Adult Ed where they can get a copy of it and also to view the actual presentation that’s on YouTube that we would have loved to share with you. It’s just a couple minutes but it gets a lot of information out there. And so that could also be circulated widely. And Cynthia, I also invite you to our LinkedIn page. And you’re welcome to post that video there as well. Cynthia Blair: Great, thank you so much and… Heather Brown: Operator - go ahead, I’m sorry. Cynthia Blair: I was just going to say thank you very much for allowing us to present on this very important topic today. Heather Brown: Our pleasure. Operator before we conclude are there no other questions? If not you can give the concluding instructions. Coordinator: Thank you. Yes we still show no further questions so that does conclude today’s conference.. Thank you for participating. You may disconnect at this time. END NWX-CFPB HQ (US) Moderator: Heather Brown 05-16-19/1:00 pm CT Confirmation # 9011332 Page 20