FinCEN Highlights Money Laundering Patterns Related to Real Estate BEC Scams

On March 30, 2023, the Financial Crimes Enforcement Network (FinCEN) published a Financial Trend Analysis report detailing patterns relating to business email compromise scams in the real estate sector (RE-BEC). Using Bank Secrecy Act (BSA) data from January 2020 to December 2021, the report contains money laundering typologies used by RE-BEC attackers and provides detection, mitigation, prevention, and reporting guidance for financial institutions involved in real estate transactions.  

The 2022 Federal Bureau of Investigation (FBI) Internet Crime Report listed BEC scams among US networks’ top four major cybercrime threats. With total losses amounting to $2.7 billion, real estate wire fraud was listed as one of the most targeted sectors for the second year in a row. 

Security vendor Abnormal Security further highlighted the increasing severity of BEC scams in its H1 2023 threat analysis. According to the report, recorded BEC attacks grew by more than 81 percent in 2022.  

RE-BEC Money Laundering Typologies 

As these scams continue to rise, compliance staff should familiarize themselves with the following RE-BEC money laundering typologies highlighted by FinCEN:

• Money mules used to hide the movement of funds following a RE-BEC attack.

• Romance scams and elder abuse used to recruit unwitting money mules through social media sites and dating apps. 

• Multiple fraud types conducted in convergence with RE-BEC scams, such as identity theft, economic injury disaster loans fraud, and stimulus payment fraud.

• Alternative payment methods used to convert illicit proceeds, including online payment platforms and convertible virtual currency (CVC).

Impersonated Parties 

With industry standards that include a lot of remote communication and the ability to transact large amounts online, the real estate sector is a particularly attractive target for BEC attacks. In one May 2020 incident i, a victim was waiting to close on a property in Texas when they were scammed into wiring $123,500 after receiving a request from what appeared to be the title agent’s email. The message said that due to COVID-19 restrictions, the banks were processing funds at a slower rate. To ensure there were no delays, the fraudster requested the victim wire the funds and asked them to verify their account number, mimicking standard procedure. It wasn’t until the victim received a phone call from their actual title agent requesting the down payment check that they realized they had been scammed. 

According to FinCEN’s report, title and closing entities were the most commonly impersonated in RE-BEC incidents throughout the review period, representing almost 40 percent of recorded attacks. Other impersonated parties included realtors (23 percent) and investors (16 percent).

Title Fraud on the Rise

Another vertical of real estate fraud making headlines is title fraud, where homeowners themselves are impersonated to the point of their property being sold without their knowledge. This type of scam has become particularly rife in the Greater Toronto Area, where at least 30 homes have been fraudulently sold since late 2021. 

Red flags relating to title fraud include:

• Differing signatures
• The owner/seller lives abroad
• Recently issued identification documents
• A lack of knowledge about the property
• The seller lives at a different address from the property and has no evidence, such as bills or buildings insurance, linking them to the property
• The property is vacant, of high value, and/or has no mortgage
• The seller wants a quick sale

Guidance for Compliance Staff

To effectively and efficiently detect, prevent, report, and mitigate the risk of RE-BEC attacks, FinCEN compiled the following guidance for compliance staff:

• Assess the vulnerability of business processes and systems and consider taking action to increase resiliency
• Adopt a multi-faceted transaction verification process
• Provide training and awareness building to identify and evade spear phishing attempts
• Report BEC-unauthorized and fraudulently induced wire transfers to law enforcement within 72 hours of the transaction
• When filing a suspicious activity report (SAR) related to RE-BEC, provide transactional details and cyber-related information surrounding the incident
• Communicate and share information with other financial institutions

To report BEC scams, compliance staff must contact the FBI’s IC3 or the nearest United States Secret Service (USSS) field office. FinCEN also reminds firms to contact OFAC if there is any reason to suspect a cyber actor may be sanctioned or have a sanctions nexus.