Claims Blog: BEC/EAC – They’re (Still) Here!
The Federal Bureau of Investigation (FBI) has labeled business email compromise (BEC)/email account compromise (EAC) as “one of the most financially damaging online crimes” as it is “the top cyber threat.” BEC/EAC is a scam in which fraudsters trick an unsuspecting party, typically by using a variety of social engineering and phishing tactics, into making payments to fraudulent accounts.
Since 2016, over $43 billion has been lost through BEC/EAC attacks. In 2021, U.S. losses attributed to BEC/EAC cybercrimes were reported to be almost $2.4 Billion. This is more than one-third of the total cost of all cybercrimes reported to the IC3 in 2021. In a recent article from Security Magazine, the author noted that email cyberattacks have increased by 48% in just the first half of 2022. It is no surprise that the title insurance industry has been the target of fraud schemes for many years, especially with wire transfers being utilized more often.
Some common schemes we continue to see include:
- Seller Spoof – fraudsters impersonate the seller (using an email address that may only be slightly different from the original, or using the actual seller’s email), and provide alternate bank account information for the seller proceeds.
- Lender Spoof – in a transaction involving the payoff of a prior lender, fraudsters impersonate the prior lender. They often modify the original payoff provided by the prior lender (or create one) with wiring instructions for a fraudulent account.
- Buyer Beware – fraudsters pose as the settlement or real estate agent using a similar email address, and instruct the buyer to wire their down payment funds to a fraudulent bank account.
There are many ways to protect a person or a business from becoming a victim of these costly schemes. A few tips include:
- Meticulously examine the email address, URL, and spelling used in any correspondence. Fraudsters use only slight differences hoping you do not critically analyze the spelling.
- Be suspicious about opening any email attachments from someone you don’t know and be wary of email attachments forwarded to you as they may include malware or other malicious software.
- View all changes to wire instruction with extreme caution.
- Always independently verify with the company any payments or wires being sent to a third-party by contacting them at a legitimate number, and be leery of any last-minute changes to account numbers or payment procedures.
- Confirm with the intended recipient that the wire was received.
- Be extremely suspicious if the requestor is pressuring you to act quickly.
If you do become a victim, do not wait to take the next steps since time is critical in this process. Have a plan in place and be prepared to:
- Notify your office management.
- Notify your financial institution and the recipient’s financial institution.
- Contact local law enforcement.
- Contact your local FBI field office.
- Contact your cyber-insurance, escrow security bond, and error and omissions provider.
- File a complaint with Internet Crime Complaint Center (IC3).
- Contact your title underwriter.
With our increased dependency on technology and the pace of our industry, we cannot let down our guard – we must stay vigilant! Heed the warning that fraudsters are not slowing down or giving up on these fraudulent schemes. If you are presented with any of these situations, the key is to be able to recognize the scam and then shut it down before it can infiltrate your transaction and create a web of issues.
You can learn more about identifying and preventing fraud by downloading Alliant National’s white paper – Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips.
Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips, Alliant National Title Insurance Company
Email cyberattacks increased 48% in first half of 2022, Security Magazine: https://www.securitymagazine.com/articles/98145-email-cyberattacks-increased-48-in-first-half-of-2022
FBI – Business Email Compromise: https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise
FBI – Internet Crime Complaint Center (IC3): https://www.ic3.gov/