Bulletin: SLS2016005

Date:
October 13, 2016
To:
All Issuing Offices
RE:
CLAIMS AVOIDANCE - Email Impersonation Wire Fraud Scheme Targeting Customers; FinCEN Advisory

Dear Associates:

We previously advised you of an email impersonation wire fraud scheme designed to induce the intended target – the issuing office – to wire funds to a perpetrator’s bogus account. This type of scheme continues to plague our industry.

This bulletin describes a different email impersonation wire fraud scheme, designed to cause the customer to wire funds to a bogus account. We believe the fact pattern is as follows. 

A realtor received a closing package by email, purportedly from an issuing office. The email appeared to be sent by an employee of the issuing office - an actual employee’s name was used. The email contained a “click here” link to view the issuing office’s wiring instructions. The realtor forwarded the closing package, containing the wiring instructions, to the customer (the buyer).

The instructions in the link directed the sender to wire funds to a bogus account controlled by the perpetrator.

The customer questioned the wiring instructions. The perpetrator continued to request the funds. They attempted to justify the suspicious wiring instructions and tried to pressure the customer to wire the funds to the bogus account. The realtor contacted the issuing office directly and inquired about the authenticity of the wiring instructions. Upon investigation, it was discovered that the wiring instructions were fraudulent.

It isn’t known exactly how this scheme was perpetrated. It’s possible that the realtor’s and/or the issuing office’s computers or emails were compromised. However, it appears likely that the perpetrator obtained the issuing office’s standard closing package and modified it. It appears that they created an email account to impersonate the employee of the issuing office. They used this fake email account to send the corrupted closing package containing the bogus wiring instructions.

The impersonal nature of email makes it an ideal mechanism for the perpetuation of wire fraud. This scheme is particularly pernicious in that it targets the customer, who may be unfamiliar with closing customs and practices, and more apt to comply with bogus instructions. 

FinCEN Advisory

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued an Advisory intended to help identify and prevent email wire fraud schemes directed at financial institutions and their customers. Although addressed to financial institutions, this Advisory provides red flags, developed in consultation with the FBI and the U.S. Secret Service, that may be similar to those encountered by issuing offices. Click here to view the Advisory.

If you have any questions relating to this or other bulletins, please contact a Stewart Title Guaranty Company underwriter.

For on-line viewing of this and other bulletins, please log onto www.vuwriter.com.

THIS BULLETIN IS FURNISHED TO INFORM YOU OF CURRENT DEVELOPMENTS. AS A REMINDER, YOU ARE CHARGED WITH KNOWLEDGE OF THE CONTENT ON VIRTUAL UNDERWRITER  AS IT EXISTS FROM TIME TO TIME AS IT APPLIES TO YOU, AS WELL AS ANY OTHER INSTRUCTIONS. OUR UNDERWRITING AGREEMENTS DO NOT AUTHORIZE OUR ISSUING AGENTS TO ENGAGE IN SETTLEMENTS OR CLOSINGS ON BEHALF OF STEWART TITLE GUARANTY COMPANY. THIS BULLETIN IS NOT INTENDED TO DIRECT YOUR ESCROW OR SETTLEMENT PRACTICES OR TO CHANGE PROVISIONS OF APPLICABLE UNDERWRITING AGREEMENTS. CONFIDENTIAL, PROPRIETARY, OR NONPUBLIC PERSONAL INFORMATION SHOULD NEVER BE SHARED OR DISSEMINATED EXCEPT AS ALLOWED BY LAW. IF APPLICABLE STATE LAW OR REGULATION IMPOSES ADDITIONAL REQUIREMENTS, YOU SHOULD CONTINUE TO COMPLY WITH THOSE REQUIREMENTS.

References

Bulletins Replaced:
None
Related Bulletins:
SLS2015005 CLAIMS AVOIDANCE - Email Impersonation Wire Fraud Scheme
Underwriting Manual:
None
Exceptions Manual:
None
Forms:
None