Other potential targets for a cyber–theft using emailed wire instructions are 1031 exchange accommodators who receive increased reports of attempted diversion of funds in and out of their exchange transactions, through hacked emails and altered wire transfer instructions.

On April 28, 2015, Liz Jameson, an Exchange Coordinator with Investment Property Exchange Services, Inc. (IPX1031®), was sent an email from a current exchanger including instructions for a wire transfer in the amount of $19,340. Below is the content from the email:

In her review the email, Liz picked up on a few subtle warnings that the message might not be legitimate. She noticed the spelling of advice (instead of advise) and the sender requested, "a domestic wire transfer in the amount of $19,340. So we need about 19,400. net […]." Liz realized this was a request for an estimated amount and the real exchangers already knew the exact amount required to close their transactions. 

Liz called the exchanger directly rather than respond to the email. The exchanger confirmed he did not send the email and realized his email had been hacked. Liz's proactive measures not only prevented a loss, but also informed the client his email account was compromised. What was particularly scary in this story is that from reviewing Ivan's email account and prior communications, the hacker even knew the file was in the name of Ivan's mom and dad, and that Ivan was only serving as attorney–in–fact!

For Liz's efforts in detecting the hacked email and preventing funds from being wired to a thief's account, she has been rewarded with $1,500 along with a letter of recognition from the Company.

The industry has had a similar incident with quite a different ending. In this case the fraud was perpetrated against a settlement attorney. As a result, the net sale proceeds were sent to the fraudsters instead of an exchange accommodator in the amount of $500,000!

Similar to what we have seen in the last attempt, the fraudster hacked into the actual email account of a party to the transaction. In this case, the email belonged to the paralegal of the settlement attorney. This is significant because emails from the fraudster were sent from the actual email of the individual the parties communicated with during the transaction and thus more difficult to detect.

Once in the account the fraudsters deleted the falsified emails from her "sent" and "deleted" folders, hiding the fraud and making the subsequent investigation more difficult.

In addition, the fraudsters sent an email to the paralegal impersonating the exchange accommodator, changing the wiring instructions.

What did you notice about the content of these instructions?

• The spelling of Albuquerque is incorrect.
• Routing Number is referred to a Routine No.
• Account name is not the exchange accommodator
• Coordinator is missing an "r"

The paralegal apparently failed to notice any of these items and did not call the exchange accommodator to verify the emailed instructions. Instead, the paralegal wired more than $500,000 in exchange funds to the account of ABC, LLC.

Following the redirection of the funds, the exchange coordinator received a number of emails from the paralegal's email account by the fraudsters stating she was waiting for the buyer's funds to clear before the net proceeds could be wired to the exchange accommodator. The significance of this is the fraudsters knew the "good funds requirements" and also delayed detection of the misdirected wire.

In addition to the ignored "red flags" this incident also illustrates the importance of a "Call Back Policy." If the paralegal had followed a "Call Back Policy" and phoned the coordinator to verify the wire instructions the fraud probably would have been averted.

Remember, fraudsters continue to lurk in the shadows, and we need to continue to be vigilant at detecting and preventing their crimes. Your continued attention to detail, dedication and adherence to the Company's policies are the best defenses!