Aerial view of a packed baseball field

Winners, Losers, Spectators and Cheaters!

It seems high profile sports teams and athletes are cheating more (or getting caught more). Deflategate and Sign Stealing are just two examples of prominent teams and their leaders caught cheating.

It’s not just players and coaches, sometimes the referees are the culprits. In 2007, a referee served 13 months for “point shaving,” which for those unfamiliar, means making calls to change scores.

However, one thing I don’t see is spectators cheating to change the outcome of games we love. Yes, the home field advantage may sometimes be real, but I can’t recall fans causing teams to win or lose directly.

With the big game behind us, let’s focus and draw an analogy to the cheaters (cyber-criminals) in our game (closings). Unlike sports, these cheaters are not the players, coaches and GMs (or in our business known as parties, agents, mortgage pros, builders and attorneys), they’re the spectators (Cyber Criminals). These spectators are not our fans, but they are constantly on our field.

Cyber criminals are the spectators for at least two reasons, (1) they are watching us, all of us, whenever possible through “broadcast TV” (known as internet) and (2) they aren’t supposed to be in the game or impacting the game but they are!

One headline from a CNBC headline dated 9/11/19 notes, “Email wire fraud is so simple for criminals to pull off, its cost companies $26 billion since 2016, says FBI” It hasn’t just cost companies billions, its costed individuals and society billions.

There are several cases throughout the country where hundreds of thousands of dollars to millions of dollars, has been intended to be wired to an escrow account but went to a criminal, some of which reside right here in the USA and some throughout the world. Sadly, it will happen again and these criminals will often get away with it!

Cybercriminals are here to win, and all of us, who are supposed to be in the game (e.g. parties, agents, loan officers, builders and closing agents, etc.), have to play hard and smart to assure the Cyber Criminals lose!

They want to win one thing – our money! It could be money to or from a firm’s escrow account, a broker’s escrow account, lender proceeds and buyer and seller funds. Cyber-criminals watch us all to find the weak link and go for the score! One win is a tragedy for someone, but these criminals win too often.

Our field of law has often been described as “happy law.” In fact, our slogan “Everyone Walks Away Happy ©”describes what we want to always happen. When we came up with the slogan, this type of cyber fraud was rare or non-existent.

Today in order to win we have to all work together to ensure victory. In sports, teams win with a game plan! So what is our plan? I lay it out below:

  1. Like any team, we start by not underestimating our opponent! The opponent is not your “co-op agent (short for cooperative), the parties, lender, the builder. Our opponent is the cyber-criminal. Our opponents are smart, even perhaps brilliant and they are ruthless lawbreakers. So, let’s acknowledge we face a formidable opponent!
  2. As the current ad says, “Stay in your lane bro!” If you’re an agent do not ask for wiring instructions, don’t offer to collect the Seller or Buyer info sheets. You have done the “heavy lifting” and while you don’t want to actually obtain or provide these items, you can certainly speak with your client and Shafritz & Dean (or another firm) to confirm things are being done timely. The cyber-criminals most often breach the “weakest technology link,” in the transaction. Lenders and closing firms spend thousands and even millions of dollars to safeguard NPPI (Non-Public Private Information). Most often, the spectator has their eyes on the agent who is more likely to use Gmail, etc. with limited investment in cyber protection.
  3. Great coaches are great communicators. Coach your clients and those sending funds to call the law firm for wire instructions or receive them through secure emails, and to verify by calling only the number you provide the party face to face or after a thorough internet search for the accurate information. This would also apply if brokers were holding earnest money (EM). One common scheme we see ourselves is the cyber-criminals telling parties something like “today is a busy day. Don’t call me just email me with any questions.” Tell your clients about this because it is almost certainly a fraudster masquerading as the closing firm employee. Insist they call and speak to someone at the firm directly.
  4. The old expression that the “devil is in the details” applies. The best teams pay attention to the details. Look closely at any email instructing you or your clients to wire funds. Both you and your clients must hover over the email address/name & check to ensure the addresses are correct. Criminals often are outside the country and their English (or computer translation) sounds nothing like any professionals English. Often the sentence is incomplete, partially incoherent and if it did not work, funny.
  5. Keep learning! The game is always changing. The criminals are always learning and adapting so we have to as well.

Remember we want to win the game, celebrate a milestone event and while there is no “I” in team there are two “i’s” in criminal. Go team and let’s win!

$100 Apple card with SCAM written across it

Beware of Email Scams

Phishing Schemes are nothing new but here’s something that plagued our firm on the first Monday (Jannuary 7th) and it’s worth letting you know about it.  It was a busy morning when all of our staff received the following e-mail –

“Hi First Name, Are you at the office? I am on a conference call & its not likely to end soon,Wondering if you could help me dash to the store quickly?”

Fortunately, just about every staff person ignored the email because they recognized it was “not my voice.”  However, the next email requested that the individual(s),

“Okay First name,I am still on conference but will be rounding up soon & I need gift cards for a group of clients i will be meeting with this morning, Kindly confirm if you can help get 5 x ($100) =$500 of iTunes gift cards at any of these stores nearby (CVS,Walmart,Walgreen & Target) ? I need them emailed to me preferrably ahead of the meeting,So you can send them to me via email as soon as you get them. Have the PIN number at the back of each card revealed by carefully scratching off the film that needs to be scratched & clearly capture Pin Code on each card with your phone.You will keep the hard copies & invoice for accounts/reimbursement,I prefer the physical gift cards for reference & record purposes. Let me know if you understand this instructions clearly? Thank You

Now there were  clues which registered with our staff – first, if I needed someone to do something for me that involved spending firm dollars for the benefit of a third party, I would call that person.

Next, the idea that I would ask as staff person to take pictures of the gift card and send the pin code is not something I would ever do nor would likely any legitimate requestor.

If the clues were not enough, there are a number of actions the staff could and did take before following the fraudster’s request.

  • Hover over the email sender purporting to be me. That will tell the staff person, that the email really was not from me.
  • The staff person could call me or text me to see if this was really a request. They would of course find  out that it was not a legitimate request.
  • The staff if they thought about both emails would likely question the syntax, tone and request itself.  Some people might ask one to dash off to a store or kindly confirm or clearly remove film and clearly capture Pin Code but that doesn’t sound anything like the way I communicate.
  • The staff person could look at the calendar and in this case there was no evidence that I was in a conference, conference call or meeting scheduled that would possibly prevent communicating with staff.

As business owners –

  1. We sent out an email encouraging all phishing schemes be reported to the entire firm to avoid any one person being duped.
  2. We initiated a requirement that any email requesting funds must not be fulfilled prior to calling/texting the requesting party to confirm the request.
  3. We trained the firm on identifying phishing schemes and especially reminded staff that hoveing over the email sender’s address is critical if anything seems

Why am I telling you about this?  Because the scheme could have resulted in tens of thousands of dollars in losses to our company.  We hope you will avoid being the victim or your company or your assistant.  Encourage communication, share schemes, put procedures in place to prevent these schemes, make your technology and IT consultants aware of any emails that make it through your spam filter.

Surprises may be great around birthdays but they are no way to start the New Year when they involve Phishing!