Trends, Prevention, and Loss Recovery for Victims of Real Estate Wire Fraud and Other Cybercrimes.

• Author: Feinberg, Joshua B.

With closing just days away, a first-time home buyer receives an email from the closing agent attaching loan documents and wire instructions for his "cash to close." His lawyer and his real estate agent, who are copied on the email, each respond confirming that these documents are correct and that the buyer should initiate a wire transfer as soon as possible to avoid any delays. Nervous but excited to become a homeowner, the buyer goes to his bank and obediently initiates the wire transfer. The closing agent sends a follow-up email verifying receipt of the funds and confirming the date and time of the closing. Everything appears to be on track for the big day.

A few days later, like a scene in the movie "Groundhog Day," the buyer receives another email from the closing agent, again attaching wire instructions and requesting that the buyer initiate his wire transfer. The puzzled buyer kindly reminds the closing agent that they have already completed this exercise, but the closing agent has no idea what the buyer is talking about and no record of receiving any wire. The buyer forwards copies of the previous email exchanges to help resolve the apparent confusion. Only then, upon a closer inspection, does the horrifying truth come to light: The earlier emails came from "spoof" email accounts and attached fraudulent wire instructions. The now panic-stricken buyer realizes he has just been conned into delivering his money into the hands of cybercriminals who, somehow, managed to infiltrate his transaction.

In a state of hysteria, the buyer turns to his bank begging for help, but the bank is unable to retrieve the stolen funds. He calls the recipient bank, too, but his money has already been transferred overseas. Frantic pleas to federal and local law enforcement yield nothing but expressions of sympathy and lukewarm promises to investigate the matter. No one involved in the transaction takes any responsibility and none offer any explanation as to how this catastrophe could have possibly happened. The buyer no longer has the available cash needed to complete his purchase, cannot close, and will forfeit his deposit. He has seen his hard-earned savings evaporate in the blink of an eye. With his existing lease about to expire and his worldly possessions packed in boxes awaiting movers, he does not know where he will live next week, much less when he will be able to replenish his savings and buy his first home. In short, the sky has fallen.

Harrowing accounts like this are all too real and all too common. Nameless, faceless cybercriminals hiding behind computer screens prey upon our complacency and leverage our reliance on emails, the internet, and computer and mobile technology in the handling of our affairs. As the 11th Circuit Court of Appeals noted in 2012: "In this digital age, our personal information is increasingly becoming susceptible to attack. People with nefarious interests are taking advantage of the plethora of opportunities to gain access to our private information and use it in ways that cause real harm." (1)

Innocent consumers and laypersons are not the only targets of their malicious designs. Sophisticated businesses and licensed professionals, including attorneys, often find themselves in the crosshairs, too. Despite evolving efforts by law enforcement and the private sector to investigate cybercrime, prevent loss, and spread awareness, recent government data reveals that both the frequency and the financial impact of cybercrime are increasing at alarming rates.

The IC3

In May 2000, the Federal Bureau of Investigation (FBI) established the Internet Crime Complaint Center, known commonly as the "IC3." (2) Operating within the FBI's Cyber Division, the IC3 maintains an online portal (www.ic3.gov) for the general public to report suspected internet-facilitated criminal activity. (3) The IC3 analyzes and disseminates information from the portal to law enforcement for investigative and intelligence purposes. The IC3 also seeks to increase awareness by issuing periodic public service announcements, posting cybercrime prevention tips, and publishing annual internet crime reports featuring data and trends derived from the online portal. (4)

Statistics contained in the IC3's internet crime reports illustrate how the prevalence and financial impact of cybercrime have increased dramatically in recent years. In 2017, the IC3 received 301,580 complaints of cybercrime with reported losses exceeding $1.4 billion. (5) In 2018, complaints rose to 351,936 while losses nearly doubled to more than $2.7 billion. (6) In 2019, complaints grew to 467,361 while losses ballooned to over $3.5 billion. (7) From 2015 to 2019, the IC3 received a total of 1,707,618 complaints reporting losses of $10.2 billion. (8)

Floridians are among the most frequent and hard-hit victims of cybercrime in America. According to the IC3, in 2019, Florida was tied with Texas for the second-highest number of reported victims among all U.S. states and territories, and Florida also ranked second in total reported losses, trailing only California in both categories. (9)

Available data also indicates that older age groups are generally more susceptible to cybercrime and suffer disproportionate losses compared to younger age groups. (10) Individuals under the age of 30 represented approximately 20% of reported victims and 20% of total losses in 2019.11 In contrast, individuals 30 to 59 years of age accounted for more than 55% of victims and over 50% of total losses, while individuals 60 years of age and older accounted for nearly 25% of victims and nearly 29% of total losses. (12) The IC3 concludes that elderly victims are often targeted by cybercriminals because they are believed to have more substantial financial resources. (13)

Prevalent Types of Cybercrime

According to the IC3, the categories of cybercrime that were most frequently reported to the online portal in 2019 were: (14)

* Phishing/Vishing/Smishing/Pharming --defined as "[u]nsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials." (15)

* Non-Payment/Non-Delivery --defined as when "goods and services are shipped, but payment is never rendered" or when "payment is sent, but goods and services are never received." (16)

* Extortion--defined as the "[u]nlawful extraction of money or property through intimidation or undue exercise of authority. It may include threats of physical harm, criminal prosecution, or public exposure." (17)

* Personal Data Breach--defined as a "leak or spill of personal data that is released from a secure location to an untrusted environment. It may also refer to a security incident in which an individual's sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual." (18)

In contrast, the following categories of cybercrime resulted in the highest reported losses: (19)

* Business Email Compromise (BEC)--defined as "a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments .... These sophisticated scams are carried out by fraudsters compromising email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfer of funds." (20)

* Confidence/Romance Fraud --defined as when "[a] perpetrator deceives a victim into believing the perpetrator and the victim have a trust relationship, whether family, friendly, or romantic. As a result of that belief, the victim is persuaded to send money, personal and financial information, or items of value to the perpetrator or to launder money on behalf of the perpetrator. Some variations of this scheme are romance/dating scams or the grandparent scam." (21)

* Spoofing--defined as when "[c]ontact information (phone number, email, and website) is deliberately falsified to mislead and appear to be from a legitimate source. For example, spoofed phone numbers making mass robo-calls; spoofed emails sending mass spam; forged websites used to mislead and gather personal information. Spoofing is often used in connection with other crime types." (22)

Cybercrimes, in their many forms, are highly sophisticated in their planning and execution. Schemes can be multifaceted, for example, involving both BEC and spoofing elements operating in tandem. (23) They sometimes involve a confluence of seemingly separate plots working simultaneously --for instance, one scam to separate a consumer from her money in the U.S. and another scam...