Pennsylvania ranks as one of the top 10 states in cybercrimes, according to the 2020 IC3 Annual Report published by the Federal Bureau of Investigation Internet Crime Complaint Center.
The commonwealth is the sixth in number of victims, with 18,636 reporting crimes. And losses totaled more than $108 million in 2020, making Pennsylvania eighth in the country. That’s up about $13 million from 2019, with nearly 8,000 more victims.
Real estate is often targeted in cybercrimes. The FBI reports the most recent figures available on crimes specifically targeting real estate in Pennsylvania between 2015 to 2017 jumped 1,100%, with those losses rising 2,200%.
Real estate is also targeted through business email compromises. This scam occurs when a criminal compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Supervisory Special Agent Patrick Duffy with the FBI, Philadelphia Division, said that in Pennsylvania, BEC has seen a large increase over the last five years. In 2016, there were 312 victims reporting BEC crimes with losses totaling $8.5 million. “Victims more than doubled in 2020, with 671 victims reporting BEC crimes and losses grew exponentially to $54.7 million,” he added.
“One of the largest crimes we see is BEC,” Duffy said. “It’s a sophisticated scam that targets businesses that regularly have wire transfers. These occur on a daily basis, relatively quickly and in rural and urban areas. It’s definitely one of the largest financial scams that happens in the real estate industry. These actors are impersonating Realtors®, title companies, sellers, law firms and mortgage companies to effectively ask homebuyers to send funds to them instead of legitimate sources.”
Pennsylvania State Police Bureau of Criminal Investigation Intelligence Analyst Sean Stajkowski concurred. “Business email compromise continues to present a large financial threat to the real estate sector.”
The increased activity of the real estate market creates a potential for more cybercrimes. “The economic upturns in the industry, continued discoveries of new vulnerabilities and new types of email scam campaigns all create the potential for more people to become victims of these crimes,” Stajkowski added.
Stajkowski said whether looking at personal or business emails, people should carefully consider the source of the email and the type of request. “Do not open attachments from unknown senders and don’t follow links contained in unsolicited emails,” he said.
“Often these emails have an urgency to them and appear to be from a company that you may be familiar with,” Stajkowski said. “If transferring funds is involved, you should call the person involved using a phone number that you have previously contacted them with – don’t rely on the contact information included in the email.”
Duffy said there are several ways to avoid being a victim of wire transfer fraud and it’s important to educate employees and clients about how to spot a scam.
“Verify wire transfer requests or any changes to the vendor bank account with a two-factor identification,” he said. “That means follow up with a phone call. The person asking for the transfer should call, confirm that the instructions were emailed and read the transfer numbers over the phone to confirm. If you receive an email asking for a wire transfer, even if you’re expecting it, call the contact you have to verify it’s from them.”
“Time after time, many victims aren’t using any two-factor verification and we believe this would greatly reduce the number of crimes,” he added.
Be skeptical and scrutinize all emails. “Be suspicious of any last-minute changes to wire transfer requests, changes to where it’s being sent, if it’s from a different account. Take a big step back and look closely at what the person is asking you to do. Verify the email address and make sure it matches exactly to the previous emails you’ve received. Take the time to authenticate the information before hitting the send button,” Duffy said.
Wire transfers are usually not reversible and are often difficult to track if sent to the wrong account. “Communications with those involved in a transaction are key to ensuring that you or your client don’t become victims. You really want to make sure you or your client is transferring money to the correct place,” Stajkowski said. “Scammers will stop at nothing to steal your money and they’re very convincing.”
If someone suspects they’ve been a victim of a wire transfer crime, they should contact their local law enforcement and the FBI immediately. “If you report this to the FBI’s Internet Crime Complaint Center at www.IC3.gov within 24-48 hours and it’s a domestic crime, the FBI’s rapid asset recovery team can reach out to the financial institutions to try to freeze those funds and get them returned,” Duffy said. “All too often, people don’t report this to the FBI until several days later and it becomes much more difficult because we’re limited to what we can do.”