WASHINGTON (Reuters) – The U.S. Justice Department announced one of its largest-ever takedowns of a global cyber crime ring on Wednesday, saying it had indicted 36 people accused of trafficking in stolen identities and causing more than $530 million in losses to consumers.
The cyber crime network, operating as an online discussion forum known as “Infraud,” ran a sophisticated scheme that facilitated the purchase and sale of Social Security numbers, birthdays and passwords that had been stolen from around the world, the department said.
The group worked under the slogan “In Fraud We Trust” and was created in 2010 by Svyatoslav Bondarenko, a 34-year-old Ukrainian, according to the indictment.
In launching it, the indictment alleges he referred to online forum as a “comfortable and safe” place to “bring together professional people for who carding and hacking become a lifestyle.”
He created a hierarchy within the organization, and vetted proposed advertising on the site for stolen wares. He also banned members from buying or selling stolen devices or other items that belonged to Russian victims, according to the indictment.
In addition to facilitating the sale of stolen information, the network also provided an escrow account people could use to launder their proceeds using digital currencies including bitcoin, Liberty Reserve, Perfect Money and WebMoney. That service was run by Sergey Medvedev, a cofounder of the Infraud site, according to the indictment.
Of the 36 people indicted, Justice Department officials said that 13 have been arrested in the United States, Australia, the United Kingdom, France, Italy, Kosovo and Serbia.
They face charges that include identity theft, bank fraud, wire fraud and money laundering.
The other defendants remain at large and the investigation is still ongoing, Deputy Assistant Attorney General David Rybicki told reporters on a conference call.
“Today marks a significant step in the battle against transnational cyber crime,” he said.
The indictment said that among the stolen items advertised were 795,000 HSBC bank logins, dozens of PayPal logins and credentials, and credit card numbers. Users could also use the site to advertise malware for sale.
In April 2016, the department alleges, Medvedev took over as the “admin and owner” of the site, after he posted on a note online saying that Bondarenko had gone missing.
Reporting by Sarah N. Lynch and Doina Chiacu; Editing by David Alexander and Matthew Lewis
Sandra Flores will begin serving a six year prison term this week for insurance fraud after a Texas Department of Insurance investigation found she had stolen $1 million from real estate transactions. She was sentenced earlier this week by a Harris County judge.
While working as an escrow officer for a Houston title attorney’s office, Flores began taking payments for real estate transactions and using them for her personal expenses.
TDI Fraud Prosecutor Jesse McClure says the crime went on for months. “She was covering her tracks by shifting funds from other transactions to make up for the money that she had stolen. She couldn’t keep up with it, and the scheme eventually fell apart.”
McClure says their investigation found Flores’ illegally moved more than $5 million from dozens of real estate deals her office was handling, with about $1 million of that ending up in her pocket.
Flores pleaded guilty to a felony charge. During the sentencing hearing, Flores’s former employer, an attorney involved in the litigation this crime caused, and an investigator who worked on the case showed how Flores’s crime had a ripple effect, threatening several homeowners with foreclosure and forcing a title company into receivership.
When Flores’s escrow officer license was revoked by TDI earlier this year she was ordered to pay more than $800,000 in restitution. McClure says that Flores has not complied with the order, and her license remains suspended.
In this year of horrendous cyberheists — Equifax the most prominent — you’ve probably taken at least a few precautions: changed passwords, stopped opening files and links from unknown senders, upgraded your computer security measures, maybe put a freeze on your credit reports.
But if you’re buying a house and heading to settlement, you could still be far more vulnerable than you think to the fastest growing form of real estate cybercrime in the U.S.: thefts of home-purchase money wired to complete closing transactions. The scam generally works like this: Hackers find an opening into a title company’s or realty agent’s email account, track upcoming home purchases scheduled for settlements — the pricier the better — then assume the identity of the title agency person handling the transaction.
Days or sometimes weeks before the settlement, the scammer poses as the title or escrow agent whose email accounts they’ve hijacked and instructs the home buyer to wire the funds needed to close — often hundreds of thousands of dollars, but sometimes far more — to the criminals’ own bank accounts, not the title or escrow company’s legitimate accounts. The criminals then withdraw the money and vanish.
According to new data provided for this column by the FBI, in fiscal year 2017, nearly $1 billion ($969 million) was “diverted or attempted to be diverted” from real estate purchase transactions, and wired to “criminally controlled” accounts. That figure is up explosively from fiscal 2016, when the FBI counted $19 million in wire transfer frauds affecting home buyers. The bureau describes the current growth rate of this type of theft as “steep,” though the sharp statistical rise may be partially attributable to increased reporting of such hacks by consumers, banks and real estate industry participants.
It’s also shocking and devastating to the home buyers involved. Consider two recent cases involving substantial losses:
▪ Last May, a Washington, D.C., couple lost $1.57 million when their wire transfer of settlement funds was hijacked after cyberthieves reportedly penetrated a title and escrow company’s email system and steered the money to their own account.
▪ In January, a Denver couple signed a contract to buy a $504,000 new home. They had sold their previous house and planned to use the $272,536 in proceeds as a down payment. Somewhere along the path to the scheduled closing in April, criminal hackers gained access to the email system of the title company, realty agent or mortgage company — no one seems to know which. The couple received genuine-looking email instructions on wiring the down payment cash in preparation for the settlement. But the instructions were bogus and the money disappeared. Nothing has been recovered.
Though cyberthefts involving home settlements have been occurring for several years, the number of attacks and the dollar amounts stolen during the past year are stunning realty industry experts, who expected that greater public awareness of the problem — and efforts by title and realty firms to better secure their systems — would thwart the hackers.
“It’s unbelievable how often this is happening,” said Jessica Edgerton, associate counsel for the National Association of Realtors in Chicago. And now real estate clients who’ve been scammed are fighting back, seeking recovery of funds through the courts and turning to an FBI weapon that has been little known to the general public: the “Financial Fraud Kill Chain.” The bureau says that it may be able to stop the transfer and recover consumers’ funds if the wire transfer amount is $50,000 or more, the bank transfer is sent internationally, the bank issues a recall notice, and the FBI is informed of the details within 72 hours. Lawyers such as Ian T. Hicks, who is suing the title agency, real estate agent and mortgage lender on behalf of the Denver home purchasers for negligence and other alleged misdeeds, is also suing the bank that transferred the money for not reporting the fraud to the FBI quickly enough to initiate a Kill Chain effort to get back the money.
So what does this surge in real estate wire fraud mean to you? If you plan to go to settlement on a house, be on alert. Red flag any closing or wiring instructions sent to you via email, especially if they involve last-minute changes to previous instructions. Verify by phone or in person with settlement personnel that they sent the instructions and that they are correct. If you are victimized, call the local field office of the FBI immediately and visit www.ic3.gov, the bureau’s internet complaint center.
Q: Three weeks ago we were given wire instructions by our escrow company and had no reason to believe that they were not real.
Our escrow officer was extremely busy and impossible to reach via telephone. She was always available via email and text. Unfortunately, we received instructions via email and confirmation via text, and it was encrypted with DocuSign authentication. We wired almost $500,000 and even sent confirmation to her as requested. Later that day we stopped by to drop off a document that had been notarized to her office and learned that they had not received our money. We were in a state of shock, disbelief, denial and depression; then enraged. The injury gets worse and the blows kept coming.
Next we had the process of trying to get our money back if possible. Nobody, including our bank, was willing to help. We found that nobody knew anything and nobody would tell us anything. The FBI and Secret Service were involved in our case. But due to the investigation, nobody would tell us anything.
We are extremely grateful that a kill chain was executed by the FBI, but we lost half our money and we now have to wait and see what happens. The half of our money that is ours is sitting at our bank but we have to wait 90 days to get it back. So we fell out of escrow and now can’t close on our home.
News flash to our fellow buyers: You may not know this, but you’re not protected when you wire money. Why didn’t we know this? Why does the bank get a pass? Why isn’t there a regulatory agency that can help consumers if something catastrophic like this happens? Why don’t consumers have insurance options for this type of loss? Why don’t people talk about this brave new world we live in? With all the technology in the world why can’t we stop this?
We want to get the word out. Thank for listening.
A: Thanks for sharing your story. It’s heart-wrenching to know that you’ve quite possibly lost $250,000 and it was gone in a flash.
We have written about wire fraud for some years. In the real estate industry, there are people in the financial side of the transaction who are constantly worried about wire fraud issues. In fact, Sam tells his real estate clients to beware of wire fraud and has them check and double-check the wire instructions before sending funds.
But you need to understand that most wire fraud issues are really email hacks. So let’s try to see what happened in your situation from what we know of other similar situations we’ve heard about.
The most frequent way hackers get wind that a person is about to wire a large sum of money is by hacking the closing agent’s, real estate attorney’s, settlement agent’s or real estate broker’s email accounts.
Once they hack into any of these email accounts, they monitor the emails, waiting for the right time to copy or mimic the owner of the email account to send out fraudulent wire instructions to an unsuspecting home buyer. When these hackers send you an email, they will instruct you to wire the funds to their bank account. They may even give you a phone number to call to confirm the wire, but that phone number will be a phony number to a person who is an accomplice to the fraud.
The other way this happens is that the criminals will learn about you through their prior hack and then hack into your email account and monitor the many hacked email accounts they have looking for active real estate transactions. They will then send them a fake email telling them where to wire the money. Again, the information will be fraudulent and any information on the email is there to entice you to fall into the scam.
In the first case, if the settlement agent, lender, broker or other person’s email was hacked, they may have some responsibility for the fraud, and the company or its insurance coverage may reimburse you. But if your email was hacked, you won’t be able to blame anybody else other than yourself.
Recently Sam had a person who called him with a situation similar to yours. In that instance, the home buyer’s email had been hacked. The hackers had monitored his email, knew he was buying a home, knew when to send him wire instructions and knew what to say. And, like you, he lost a considerable amount of money.
No system is completely secure. In fact, the Pentagon hosts hackathons to have talented coders and programmers search for ways criminals can break into their systems. But the entire wire system is at risk the way it is handled now, and the financial world needs to create a two-step authentication method to safeguard people and their money in these sorts of transactions.
Two-step authentication might look the way it does on your Gmail account; you can activate two-step authentication, so when you login to an account, there is a second security step to make sure that the sender and the receiver are in agreement as to what will transpire in the transaction. We’re not sure what the system would look like, but title companies, escrow companies and settlement agents should come up with a more secure way to set up the system so we safeguard these transactions in a better, smarter and hopefully hack-proof way.
In the meantime, here are a few steps to take to protect yourself:
1. Never wire funds to anybody or any institution unless you have checked the wire instructions independently with your title company, settlement or closing agent.
2. If you can’t or won’t confirm the information over the phone, most title companies, settlement companies and closing agents post their wire instructions online, so be sure you check their official websites. If they do, you can compare those instructions with the instructions you received.
3. Some agents will confirm the instructions you received over the phone if you give them the information you received. Just make sure you are talking to the right person at the right place.
The system is far from perfect now, but we tell our readers to be vigilant and when it comes to wire transfers and to verify and reverify the information from trusted sources. As you found out, if you receive an email, you need to make sure it’s from a trusted source. If you receive a text, you must make sure it’s from a trusted source. If you receive a call, you need to make sure it’s from a trusted source.
In the end, you need to have a good working relationship with your settlement agent to make sure that you know that “trusted” source. We can see the day when you go to see the closing or settlement agent in person and then go to the bank to initiate the wire transfer. That way, you have face-to-face information with your trusted source.
We’re sorry you got scammed. Believe it or not, you’re one of the lucky ones: You didn’t lose everything. We hope you get the rest back. Thank you for sharing your story.
A Washington, D.C., couple was scammed out of $1.5 million as they bought their dream house in which they’ll raise a family.
The couple, both federal workers, decided to use an inheritance to buy a house in Cleveland Park.
They put down $200,000 and were waiting to go to closing when they got an email that seemed to be from their title company. They replied to the email to double check and got a reply, so they wired the remaining $1.5 million to the bank.
But when they went to sign the settlement papers, they learned they’d been scammed.
“When you have a young child and you move into your house for the first time and you close on that house, that should be a really special moment, not a moment when a massive amount of money is stolen from you, so the whole experience has been marred,” said the couple’s attorney, Michael Nadel.
It appears someone hacked into the computer servers of Federal Title and Escrow and sent the bogus emails. The FBI is investigating.
The couple was able to buy the home with what was left of their inheritance. They are suing the title company and others in hopes of recovering their money.
In a written statement, a spokesperson told News4, “Federal Title continues to work with the FBI as they complete their investigation. Federal Title’s internal review has revealed that no other customers were affected by this attack.”
A mortgage expert told News4 such scams are increasingly common. He said you should never wire money based on an email, even from a trusted source. You should call the company first, and don’t use the phone number on the email — look it up yourself.
DENVER – A Colorado couple, who lost their life savings while trying to buy their dream retirement home, has filed suit against Wells Fargo Bank, Land Title Guarantee Co., Envoy Mortgage Ltd., Kentwood Real Estate Services LLC and realtor Karen Porras, alleging that none of them did enough to protect sensitive financial information.
James and Candace Butcher sold their house in Longmont and were using the proceeds — more than $272,000 — as a down payment on a new home, at 41467 Sunny Farm Circle in Parker.
They said they wanted a place closer to their son and one big enough for grandchildren.
“We were truly excited, when through negotiations, we won the bid,” Candace Butcher said. “Through the entire process, I kept saying, ‘I can’t believe this is going to be our house.’”
Within 24 hours of closing, not only was it not their house, but they lost all their money.
Butcher told Denver7 that she got a phone call from Wells Fargo the following day alluding to problems.
“They never said up front that it was fraud,” Mrs. Butcher said. “They said, ‘we’re trying to check into it.’”
“I was sick,” she added. “That was our life savings, the equity that we had built up in our home.”
The complaint filed in Denver District Court outlines the couple’s allegations.
They say that during the negotiation, inspection and closing process, the defendants routinely sent sensitive financial information through non-secure email, violating their own and industry guidelines.
On March 30, Ms. Porras emailed the Butchers and notified them that they would be receiving wiring instructions from Shannon at Land Title prior to closing, which was then scheduled for April 5, 2017.
On April 3, the couple received an email at 7:49 a.m. and 8:37 a.m. from someone identified as Shannon Ryon at Land Title, requesting that they wire $272,535.96 cash to close, and requested that they reply to the email to confirm receipt.
The email did not identify the domain name of the receiver.
At 9:04 a.m., Ashley Johnson of Envoy emailed the Butchers a “final” closing disclosure, which stated that the couple would need to wire funds in the amount of $272,535.96 to close on the property.
The dollar amount had never been discussed, nor disclosed until the Butchers received emails, with identical numbers, from a Shannon Ryon and from Ashley Johnson.
The couple’s attorney, Ian Hicks, says it appears that someone hacked into one of the companies’ servers and retrieved financial information and then sent a bogus email to the homebuyers.
Hicks said Land Title claims on its website that “Nothing is more important to us than the security of your money and your personal information… you can rest assured that your investment is protected… [w]e undergo independent, third-party audits surrounding the security procedures, safeguards and best practices… in order to provide you with the peace of mind you deserve.”
Hicks said Kentwood has made representations to the public at large, through at least its website, that it has the expertise, knowledge, and skills that enable it to safely conduct real estate transactions… and that it is familiar with the latest technology affecting the real estate transactions it handles.
He added that Envoy states on its website that it has been successful for over fifteen years because of its people, systems and technology…Envoy stands behinds its promise to make the home financing process as efficient, stress-free, and pleasant as possible for home buyers.
The Butchers told Denver7 that they went to the Wells Fargo Smoky Hill branch and spoke with a personal banker, who then contacted the fraud department. The personal banker apparently informed the couple that she was unable to get any status on the wire transfer, or any investigation by Wells Fargo, even though that it was Kelly Vance at Wells Fargo who allegedly first contacted the Butchers, to inform them the wire transfer was fraudulent.
Hicks said the Butchers asked to speak to the branch manager, Lyndsey Dehate, and said she opened a case and provided the Butchers with a reference number, and further indicated that an investigator, as well as the legal and wire fraud groups at Wells Fargo, were involved.
After spending hours at the branch, the couple went home.
On April 5, the Butchers called the branch and asked Ms. Dehate if she had contacted the FBI.
The complaint quotes Dehate as saying “Wells Fargo has a policy of not contacting the FBI in situations like this.”
Hicks told Denver7 that neither Dehate, nor anyone at Wells Fargo, ever informed the Butchers that the FBI can initiate what is known as a “Financial Fraud Kill Chain,” where the FBI can stop a wire transfer and return the funds to a U.S. victim’s bank account within 72 hours.
James Butcher called the FBI and then, with an agent on the line, contacted Wells Fargo.
“They were shuttled from one department to another,” Hicks said. “Wells Fargo couldn’t provide basic information… and repeatedly contradicted itself.”
“They said there was an investigation and then they said there was not,” he said. “They said they had a number assigned to the case and then said they couldn’t see it. It’s unbelievable.”
Risks known for years
Hicks said the defendants are all aware that scammers have been stealing money via wire fraud.
In 2016, Land Title issued an advisory explaining that over $1 billion in losses have been suffered as a result of the same scam used to victimize the Butchers.
In that advisory, Land Title listed a series of preventive measure that should be taken by real estate professionals and others involved in real estate transactions to mitigate the risks of wire fraud, including but not limited to instructing that:
1) Sensitive financial information should never be sent over unsecure email.
2) Clients should be made aware to never wire funds without first calling the intended recipient by telephone to confirm the information provided.
In May of 2016, the National Association of Realtors published an advisory warning of the risk of wire fraud in residential real estate transactions.
The advisory stated that wire fraud was so prevalent that when the audience at a recent trade association event was asked if they, or someone they knew, had been victimized, one -third of the people raised their hands.
The NAR advisory listed recommendations to ensure the security of transactions but not limited to:
1) Build a standard warning about wire scams and avoid sending sensitive information over email.
2) At the beginning of every transaction, tell clients what your communication practices are.
3) If you, or your agents, do engage in a wire transfer with a client, call them on the phone immediately prior to the transfer of funds, so they know they’re sending money to a legitimate source.
4) Always using strong passwords and change them regularly, and encourage your clients to do the same thing.
5) Brokers should consider employing a staff person who’s responsible for monitoring, updating and implementing information security systems and procedures at your company.
Bank offers money
Hicks said Wells Fargo offered to return some of the couple’s money, if they relieved them of liability.
“I rejected that offer,” Hicks said.
James Butcher said, “It concerns me that they couldn’t come forward and share with us exactly how much. It could very well be a large sum of money, and I don’t know, or it could very well be a small amount of money. I can’t afford that.”
Future up in the air
On April 7, an Envoy representative called the Butchers and asked if they still planned to close on the property. The couple informed her that it was unlikely.
According to the complaint, that Envoy representative informed the Butchers that a similar scam had just been attempted but prevented because Envoy was no longer dealing with wire transfers, only cashier’s checks.
That’s bittersweet news to the Butchers, who are now living in their son’s basement.
“We don’t even have a down payment to go buy another home,” Candace said, “so what do we do from here? Are we going to move back into an apartment?”
A spokesman for Wells Fargo said they don’t normally comment about customers’ cases.
The Butchers say they’ve closed all their Wells Fargo accounts and no longer do business with the bank.
Denver7’s calls to Land Title Guarantee and Kentwood Real Estate have not been returned.
Victims of an alleged million-dollar fraud by Orlando title agent Leaza Lopez say they trusted her because of her parents’ reputation as a Central Florida real estate couple – Michael and Linda Nabavi.
Lopez is charged with stealing about $1.3 million in funds she was supposed to hold in escrow for her clients. Although her parents are not charged, several victims said they only did business with Lopez because they knew the Nabavis.
“Her family has been in real estate for a long time, and we trusted her mom. So we assumed she was legitimate,” said Orlando businessman Base Maali, who said he lost a $50,000 deposit in the alleged fraud.
Contacted by phone, Linda Nabavi declined to comment on her daughter’s charges. She is currently a real estate agent for Century 21 Carioti.
Lopez has pleaded not guilty to the charges, which include organized fraud and stealing escrow funds. Efforts to reach Lopez and her attorney for comment on this story were not successful. According to court records, she told investigators that her troubles began when she missed two months of work following a surgery in 2014.
“Lopez stated she intended to repay all the funds she diverted, but could not provide any answer of where she would get the money,” stated an affidavit filed by the investigator for the Statewide Prosecutor’s office.
The Nabavis have owned real estate and title companies for years in Central Florida, including their current company Platinum Property International.
Another group of buyers told investigators they lost $120,000 that Lopez was supposed to be holding to close on a short sale. Jason and Rachel Costa of Orlando lost money on that deal, and said they used Lopez only because they knew the family – Rachel’s sister once worked for Nabavi at Platinum, the affidavit said.
The investigation went through the the state’s Division of Insurance Fraud; Lopez, a licensed title agent, was arrested in March. She is also facing a civil lawsuit by First American Title Insurance Company, which appointed her to her original position as title agent, according to a state news release. First American had to cover at least $1.17 million of the losses, the state said.
During a five-month period in 2014, consumers filed multiple reports to police and to the state, alleging that Lopez had stolen their money – failing to forward escrow payments to the appropriate mortgage companies.
According to state records, Lopez’ husband Miguel Lopez was president of Lopez’s company, Olde World Title, when it was formed in 2011.
The charges state that at least ten clients of Olde World Title had their escrow funds stolen. Lopez tried to conceal the fraud by making mortgage payments to some of the sellers’ mortgage companies, but stole the funds held in escrow for the hopeful buyers.
In one of the fraud examples, the investigator reported that the Nabavi’s attorney David Cohen, had sent a letter to the Costas saying that Lopez’s company had attempted to wire them their money in September 2014, but the wire was intercepted by the Office of Foreign Asset Control (sic). Upon further review by the state investigator, no such wire transfer had ever been sent from Olde World Title during that time period, the court record said.