Wire fraud is a growing risk, especially for multifamily and other commercial real estate investors. In 2021 alone, the FBI received 19,954 complaints of business email compromise (BEC) with an adjusted loss of nearly $2.4 billion.
Commercial real estate transactions can be particularly vulnerable to wire fraud because they happen on a regular and reoccurring basis and typically use established, straightforward processes.
Fraudsters have grown increasingly sophisticated. Many have learned the who, what and when of purchase transactions, including when investors and banks finalize loan documents and send deposits.
With multifamily transactions shifting online, there’s been an increase in phishing, a fraud method in which criminals attempt to impersonate reputable businesses or known parties through email. BEC is a form of phishing and among the most common types of fraud nationwide.
“BEC is a scheme in which criminals use email to trick a person into sending funds to an account controlled by the fraudster,” said John Geronimo, Executive Director and Fraud Strategy Director with Commercial Banking at JPMorgan Chase.
BEC is usually a three-step process:
“If the victim is the buyer, the spoofed email may appear to be from the escrow officer, the buyer’s real estate agent or even the buyer’s lender, requesting immediate transfer of the closing funds,” Geronimo said.
Spotting red flags isn’t always simple. “Sometimes, the fraud attempt comes from a legitimate email address, and you just don’t know,” Geronimo said. “Even then, identifying that an ‘m’ has been replaced with ‘rn’ can be hard to spot if you’re not looking for it.”
But there are warning signs to look for, including:
“To protect against fraud, you really need a culture of vigilance,” Geronimo said. “It’s all about having internal controls and being able to deploy them effectively—many companies aren’t testing their controls and, as a result, employees aren't following them correctly or at all.”
To help protect against wire fraud, multifamily investors should:
The most effective step to take is conducting a callback. This involves using a phone number from a trusted system of records and calling to verify payment details or instructions. Never use a number sent in an email, as it could be the criminal’s—nor should an inbound call be blindly trusted in such situations.
The best way to ensure the funds are being sent to the appropriate account is by directly validating the instructions with the known party. But buyers shouldn’t rely on incoming phone calls claiming to be from the title or settlement company to verify the banking information. Fraudsters can easily use apps to manipulate their caller ID.
For fraud victims, time is of the essence.
With fraud on the rise, Commercial Term Lending’s team of local experts can help you get deals done swiftly and securely.
© 2023 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Visit jpmorgan.com/cb-disclaimer for disclosures and disclaimers related to this content.