$3.3 million. That’s the amount an employee of NETSTREIT, a REIT, wired to someone pretending to be a development partner of the company. If you think this incident, a form of business email compromise (BEC), represents an anomaly or simply bad luck, you haven’t been paying attention. According to a 2023 PSA issued by the FBI’s Internet Crime Complaint Center (IC3), BEC scams targeting the real estate sector affected 2,284 victims and led to losses of $441.1 million in 2022 alone.
Furthermore, wire fraud is only one type of fraud that threatens real estate executives and companies. And fraudsters are becoming increasingly sophisticated. But there are steps that real estate firms can take to protect themselves — through policies, training, and security measures. Below is an overview of common fraud scenarios and best practices for prevention and damage control.
Commercial real estate transactions can be particularly vulnerable to wire fraud because they happen on a regular and reoccurring basis and typically use established, straightforward processes.
POPULAR SCAMS
- Wire Fraud
According to JPMorgan Chase, commercial real estate transactions “can be particularly vulnerable to wire fraud because they happen on a regular and reoccurring basis and typically use established, straightforward processes.” The bank describes a typical pattern of BEC that leads to wire fraud:
- A criminal gains access to a known party’s email.
- The criminal monitors communications and waits until money is about to be moved.
- The criminal uses a compromised, authentic account or spoofed email address to impersonate the known party, and provides new instructions that direct the buyer to send funds to an account that the criminal controls.
- Rent Fraud
Rent fraud occurs when people advertise space for lease at properties they do not represent, says Scalley Reading Bates Hansen & Rasmussen, P.C., a law firm based in Salt Lake City. “They might take a deposit or first month’s rent and then disappear.”
- Title Fraud
Title fraud takes place when fraudsters manage to transfer an owner’s property title to themselves, often using forgery or identity theft. “They might then take a mortgage out on the property or even try to sell it,” warns Scalley et al.
- Vacant Land Fraud
One of the newest scams, which may include title fraud, involves vacant land. FBI Newark states that the scam “begins when a real estate agent gets a solicitation from a fake property owner wanting to sell their vacant lot in a rural community. A for sale sign goes up on the land. The seller asks for an all-cash sale and a quick closing.” In some cases, FBI Newark cautions, the fraudsters use fake notary stamps and seals to execute settlement documents.
The outcome? “Within weeks, the deal can be done. Meanwhile, the real property owner has no idea their land has just been sold out from under them.”
- Check-Washing
Some fraudsters still employ the old-school technique of theft and washing of checks, a scam recently encountered by Rich Commercial Realty (RCR) in Raleigh, N.C.
Although RCR delivers most of its payments electronically, it mails out a few paper checks each month. In the spring of 2024, a fraudster stole, washed, and cashed in some of these checks for larger amounts.
Once the firm learned about these thefts, it immediately shut down its operating account and placed stop payments on the remaining checks from the monthly batch. It set up a new operating account within one business day, but the fallout was still “painful,” says Street Jones, SIOR, partner at RCR. He explains: “Not only did we have to issue repayments to those who had their payment stolen, but we had to coordinate with all of the vendors that had auto-drafts set up, such as utility companies, payroll, IT, phone service provider, and others.”
PREVENTION AND DAMAGE CONTROL
Today, RCR has multiple operating accounts, and sends checks from only one, which Jones believes will limit risk. It also established a dedicated account for payroll that is separate from accounts for vendor payments.
To minimize the chances of check-theft from snail mail, the U.S. Postal Service suggests mailing checks close to the last pickup of the day or from a post office.
RCR’s experience shows that fraud extends beyond the digital realm. But the firm also protects itself from cyber intrusions. Jones says RCR pays for a unified threat management firewall with anti-virus and anti-spyware features along with application intelligence and control and content filtering. The firm also has an information security policy that every employee reviews and signs, and it provides mandatory training for all team members once a year.
Bespoke Commercial Real Estate in Chicago takes similar precautions. Peter Billmeyer, SIOR, the firm’s co-founder and CEO, says that employees undergo extensive training, adhere to strict security measures like changing their Outlook passwords monthly, and posting to Slack screenshots of emails that look suspicious. He adds that the firm never holds escrow.
Cyberfraudsters are so prolific and proficient that the larger your headcount, the risk increases almost exponentially. One bad click can open up your entire system.
Despite such precautions, Billmeyer believes that cyberattacks are almost impossible to prepare for. As he points out, cyberfraudsters “are so prolific and proficient that the larger your headcount, the risk increases almost exponentially. One bad click can open up your entire system.”
That is why he advocates cybersecurity insurance. “When starting Bespoke, I just knew from day one, you can’t mess around,” he says. “You’ve got to try to have as many things protected as you can. It’s the cost of doing business.”
Speaking of insurance, property owners should consider title insurance, which protects them from losses associated with defects in a title, which could stem from fraud. FBI Newark offers several additional recommendations for owners, such as setting up title alerts.
More generally, one of the best ways to prevent fraud, whether you’re a broker, owner, or tenant, is to cultivate a healthy dose of skepticism. Scalley et al warns against deals that seem too good to be true and recommends in-person visits to properties.
Scammers attempting to commit wire fraud often approach potential victims with urgent requests. Don’t take the bait. In such situations, Scalley et al advises: “Always verify wire instructions with known, trusted parties using previously confirmed contact details.”
Given the perniciousness of scammers today, your firm may take all recommended precautions and still fall victim to cyberfraud. If this occurs, you can report the incident to the FBI Internet Crime Complaint Center at www.ic3.gov. You can also call the FBI at 1-800-CALL-FBI or email tips.fbi.gov.
THE FUTURE OF FRAUD
Unfortunately, the outlook for fraudsters is positive. They are clever, persistent, and everywhere. It’s unlikely that any brokerage firm, no matter how much it spends on prevention, can fully eradicate the risk they pose. But a little awareness, skepticism, care, and training can go a long way.
CONTRIBUTING MEMBERS
This Article was written by Rachel Antman and originally see in SIOR