Katie and John Waterman just bought a new house in Tampa.
Everything was going great - until their real estate agent’s email was hacked.
“They knew we had just made a deposit with the title company,” Katie Waterman said. "It was like they had been monitoring her email account for some time and just waiting for the opportunity.”
The realtor had been targeted in a growing scam that focuses on businesses that regularly do money transfers, like real estate agencies.
Jaime Moore is a station employee and also the Watermans' realtor.
“He was able to take over my email as me and communicate with these people without me knowing,” Moore said.
The hacker, who Moore later discovered was based in South Africa, put a filter on her Gmail account to block her from seeing email exchanges made from her account to the Watermans'.
“The first email he sent them said that he needed them to wire $15,000 to the title company as part of a down-payment agreement,” Moore said.
The Watermans thought the email was from Moore and called the bank to start the transfer.
“I think I’m talking to her,” Katie Waterman said. “You trust what your realtor says.”
FBI Fraud Alert
The FBI calls it a Business Email Compromise and warns that it’s an “emerging global threat.”
“It’s very sophisticated and very lucrative for the organized criminals who are perpetrating these crimes,” said Dave Couvertier, an FBI spokesperson in Tampa.
Couvertier says the scams often involve scouting company websites, monitoring the social media accounts of executives, and then hacking into their email. The crimes are generally run out of Eastern Europe, Africa and the Middle East.
The FBI has been tracking these scams since 2013 and just recently put out another Fraud Alert warning of a surge in activity. There’s been a 270-percent increase in identified victims since January.
A Fateful Text
The Watermans' case gives a unique look into the world of how these scammers operate.
In a shrewd attempt to prevent the Watermans from calling Moore to confirm the wire transfer, the hacker sent an email saying he was not reachable by phone.
“The email specifically said ‘I’m at a closing. Don’t call or text me,” Moore explained.
At the last minute, John Waterman decided to send a text anyway, as a precaution.
“So, I get a text from John and it says, ‘I’m going to wire the money,' ” Moore recounted, “and I said, ‘Oh no, what money?’ ”
She went on, “He said, ‘I got an email from you and it said to wire money.’ I said, ‘No, no! Call right now and cancel that.' ”
Luckily, the Watermans called the bank in time.
“It really, really scared us. We would have been done. We wouldn’t have been able to purchase the house, after that,” Katie Waterman said, reflecting on how close they came to losing $15,000.
“Thankfully, we were able to cancel it in time, but it was such a helpless feeling,” Moore said.
After they stopped the scam, Moore went through her Gmail settings and discovered the filter the hacker had placed on her account. When she looked at the account history, she could also see how many times he had logged in from South Africa.
“He had been logged in multiple times over the past 30-40 days. The person was actually still logged in at the time, when I was delving into it,” she said.
And while he was logged in, she could also tell what he was researching through her Google history.
“He kept Googling real estate verbiage and things like directions to the title company we were using. And he kept Googling ‘What time is it in Florida?’ ” Moore explained.
The FBI says this shows the sophistication of these criminals.
“They do their homework,” said Couvertier. “Once they’re in there, they lay back in the shadows, the electronic shadows, and they monitor email communications back and forth. They figure out the standard operating procedure and wait for the right time to attack.”
Growing Global Threat
The FBI has identified 7,000 companies victimized in the United States alone, leading to $740 million in losses. That doesn’t include victims outside the U.S. and unreported losses.
The FBI says it is imperative for businesses to be extra cautious when it comes to money wire transfers, especially because once the money is sent, it’s nearly impossible to recover. While the Watermans were facing a potential loss of $15,000, the FBI says some victims have lost as much as $250,000.
“What they need to do is set up multi-levels of verification for these wire transfers,” Couvertier said. (*Watch the video link above to hear more advice on how to protect yourself and your business from FBI Agent Dave Couvertier.)
If this happens to you, immediately report it to the FBI’s Internet Crime Complaint Center and file a complaint.
- Verify changes in vendor payment location and confirm requests for transfer of funds.
- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
- Be careful when posting financial and personnel information to social media and company websites.
- Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
- Consider financial security procedures that include a two-step verification process for wire transfer payments.
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- If possible, register all Internet domains that are slightly different than the actual company domain.
- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.