Business Email Compromise (BEC) has become an almost unimaginably massive problem-

 to the tune of 50 Billion dollars!

This month, the FBI's Internet Crime Complaint Center (IC3) released a Public Service Announcement discussing BEC in the Real Estate Sector.

As this is a topic near and dear to many of our clients, it seemed like a good time to talk it over.

If you've never heard of BEC, Business Email Compromise is a sophisticated scam that targets businesses and individuals who transfer funds.  It primarily uses faked or compromised email accounts to fool users into sending funds to the scammers' accounts, although some target personal information, cryptocurrency wallets, or login credentials instead.

An example  of BEC would be: an Accounts Payable clerk receives an email that appears to be from one of their usual vendors; saying that there is an outstanding unpaid invoice, by the way our banking wire information has changed, please remit payment to....  There is a legitimate looking invoice attached, and the clerk, not realizing it is not legitimate, pays the "invoice" to the new account, netting the scammers roughly $50,000.

That may seem hard to believe, but it's based on a true story. Some scammers are willing to play the long game, slowly gathering information about a business' people and operations, in order to craft a highly believable ruse in the hopes of a big payday. 

So how does BEC affect Real Estate?

Reports of BEC in the Real Estate Sector hit an all-time high in 2018, dropping slightly in the next few years only to spike again in 2021 and 2022.  Between 2020 and 2022, there was a 27% increase in victim reports and a 72% increase in reported losses due to BEC in Real Estate, reaching a total of over $446 Million dollars lost in 2022 alone.

According to the IC3:

The BEC scam targets all participants in real estate transactions,to include buyers, seller, real estate attorneys, title companies, and agents. Once a BEC perpetrator gains access to a participant's email account involved in a real estate transaction, they are able to monitor the real estate proceeding and often time the fraudulent request for a change in payment type (frequently from check to wire transfer) or a change from one bank account to a different bank account under their control. The funds may also be transferred to a secondary fraudulent domestic or international account.

How do you protect yourself and your business?

The FBI offers the following suggestions:

• Use secondary channels or two-factor authentication to verify requests for changes in account information.
• Ensure the URL in emails is associated with the business/individual it claims to be from.
• Be alert to hyperlinks that may contain misspellings of the actual domain name.
• Refrain from supplying login credentials or Personally Identifiable Information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
• Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
• Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
• Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

If something like this happens, what do you do?

Act Fast! The faster you can take action, the better.

First: Contact your financial institution and request a recall of the funds along with any necessary indemnification documents. Policies may vary between financial institutions, it is important to know what assistance your bank can offer when attempting to recover funds.

Next: File a complaint with the IC3.  The FBI will be able to assist your bank and local law enforcement in recovery efforts.



For more information, Read the PSA and Visit the IC3 webpage