I recently attended a meeting where someone from a title company spoke about problems people run into when buying a house.
Suppose you are buying a house. You’ve made an offer. Perhaps you had to negotiate with the seller. Now it’s time to close the deal.
The title company had previously suggested that you wire the money to them and said they will e-mail you instructions when it is time. They often rely on wire transfers to transfer money. Waiting for a check to clear takes much longer.
The time they told you to expect the e-mail on how and where to wire the money has come and you are watching your inbox for that e-mail.
The e-mail arrives. You verify it is from the title company. The agent’s e-mail address is listed, the amount is correct, and everything looks right. So you wire the money, excited about taking possession of your new home.
There’s just one problem. The money never arrives. Later that day, the title company calls you to check to see if you saw your e-mail. You tell them you sent the money.
You sent it to the wrong place. That e-mail contained fraudulent wire instructions and you just sent your hard-earned money to a crook. You try to get it back, but find the money is gone.
Unfortunately, this happens too often. Fortunately, the better title companies take measures to make it less likely.
Here’s what they this title company tells their customers:
When you get the e-mail, CALL US! (Don’t rely on a phone number in the e-mail. Call us on the phone number you already know is ours.
When you call, ask to verify the wire instructions, account numbers, etc. before you wire the money. Only send the wire AFTER you have spoken to us and confirmed the information you received. Only then can you be sure you have the correct information. Most of the time the information is correct. But do you want to take the chance with large sums of money?
How do crooks steal money like this? They find out when houses are about to close, the sale price, and who the title company is. Then, just as the customer is expecting to hear from the title company, they send an e-mail pretending to be the title company. They send fake instructions, with their own account number, possibly for an offshore account. The e-mail looks legitimate. It has all the right information, except for one detail. The numbers to execute the wire transfer will send the money to them.
Once the money arrives, they transfer it out of that account. Your money is gone, and you won’t be able to get it back.
So, maybe you’re not planning to buy a house. But you could still become a victim.
Note the elements of the scenario where the crooks managed to get your money:
* You were planning to make a payment for something you wanted.
* The crooks were able to discover all the necessary details to send a convincing e-mail.
* The timing of the e-mail was perfect.
* The details in the e-mail, including the sender, all appeared to be correct.
* You were careful. You checked to make sure that everything looked right.
So, you already know to be really careful with e-mails. But, let’s look at the bigger picture:
1) It doesn’t matter whether you are looking at an e-mail, having a phone conversation, responding to a letter sent by postal mail, speaking to a live person, getting information from publications, or getting information on the Internet. There is the possibility that the information you are relying on might be put there by someone trying to steal your money (or information).
2) A lot of the information needed to convince you that the crook is “legitimate” is available to the crook. There is a lot of public information about you available to someone who knows how to find it. If you are planning to purchase something, it may be possible for the crook to find out what you are planning to buy before you make the purchase. They can also discover your interests and prepare an offer that will entice you to want something you hadn’t been planning to buy. One way or another, they can find a way to be there when you are ready to part with your money (or information).
How do you protect against this?
1) You need to remain aware of the possibility that the information you are getting isn’t legitimate. Remaining aware is different from knowing. You already know to be careful. But will you be aware at the time that e-mail arrives? That brings us to the second important element.
2) Remain ever vigilant. The time that you don’t think about it is the time that you are most likely to become a victim. If you are alert 99% of the time, that means that one in a hundred times, you aren’t. If we are talking about e-mails, how long does it take to get a hundred e-mails? If most of them are junk, you may delete all those. You probably won’t fall for the obvious ones.
But what about the one that catches your eye, that interests you in some way? That is the one that is likely to trap you. Our interest is aroused, or it is something we expected, and we forget to be careful. And, in that one brief moment, that is the one that tricks us. We lower our caution and get duped.
I recently spoke with someone at a security briefing. They said they had opened an e-mail they shouldn’t have and didn’t realize it until after the damage was done. They know better. But the e-mail referred to a current event that had an impact that was really important to them. Any one else at the organization would not have been so interested. But it spoke precisely to their experience. They opened it.
This is someone who works in security and they were tricked. They are careful. But, just for a moment, they responded without considering the possiblity that it was a trick. It only takes a second.
You know to be cautious. But, will you remember it at the time that the perfectly crafted e-mail comes in?
How can you protect yourself against that?
Perhaps reminding yourself frequently will help.
Maybe putting up a sign that says, “Think before you open” will remind you.
Or maybe you have some other way to keep yourself vigilant.
Do whatever it takes to keep yourself aware.
Do whatever you can so that, when that particularly enticing e-mail arrives, you stop and consider the possibility that it was sent to deceive you.