Identifying Spoofed Emails
A fraudster's income is largely based on defrauding innocent individuals, so like most other careers, the more proficient they become at their "job", the more they earn. Real estate transactions are a huge target because it means a bigger pay day. This is simply a reminder that they are working relentlessly to defraud individuals because their livelihood relies on it.
Individuals can pay for and implement many forms of cybersecurity defenses such as security software and email spam filters; however, phishing and spoofed emails often get past the defenses and make it to the Inbox. Therefore, it is each person's job to be alert for suspicious activity to keep from becoming the scammer's next victim.
Spoofed Emails in Real Estate Transactions
In real estate transactions, scammers use phishing emails to compromise an email account of someone involved in a deal to gain access to that person's emails. Once they have access, they can read all of the emails related to the transaction and learn specific details that only those included in the emails would know (i.e. loan amount, closing date, funds needed to close, other parties involved in the transaction, etc.). Next, they will try to impersonate someone in the email thread by creating a similar email address or by forging the "email from" address. This is a process known as spoofing. Spoofed emails are emails from scammers that are made to appear like they are coming from a real person.
Spoofed emails are more challenging to spot because the messages look like they are actually coming from a known, trusted party. In real estate transactions, scammers will use transaction specific information gained from studying prior emails, to craft spoofed emails that are difficult to identify. When scammers choose who, within the transaction, they want to impersonate, they will study the prior emails written by that person and note any key words and phrases often used. Then, when crafting a spoofed email, they use those same key words and phrases, along with transaction specific details and will even copy that person's email signature to make it seem more legitimate. The scammer's ultimate goal, when sending spoofed emails, is to send fake wire instructions so funds are sent to their account, instead of the account of whomever is handling the settlement.
When reading about real estate wire fraud victims, many of them have said they had sent a few emails, back and forth with the scammer spoofing emails before receiving fake wire instructions, and they had no idea they were not communicating with the actual person. This is a clear indication that scammers are skilled at spoofing emails and impersonating people. Hence, learning to identify spoofed emails is critical for preventing wire fraud.
The following are some examples of how you can identify a spoofed email.
1. Look at the sender's actual email address.
When sending their spoofed emails, scammers often create an email address that is similar to the person they are trying to impersonate by changing a few characters, or using a different domain extensions (such as “.net” or “.org” instead of “.com”) to trick users into thinking the email has come from a friend, colleague, vendor, client or other known party . They may even create a new email account at a public domain (i.e. Gmail, AOL, etc.) by copying the person's full email address (domain and extension included) to make it appear legitimate. The unsuspecting user won't see any spelling errors in the email address and may overlook the domain. Additionally, scammers often add a Display Name to their email which distracts the user from their spoofed email address.
Therefore, if you receive an email from someone you know, but the content of the email seems suspicious, out of character, or request’s sensitive information, double check the sender’s email address to ensure it is spelled correctly and has the correct domain and domain extension.
2. Check where the email response will go.
Some scammers will send spoofed emails that appear to come from the actual email address of whomever they are impersonating. Since the email looks like it came from a legitimate source, checking the sender's email address is not an effective method of identifying a spoofed email. Scammers who spoof emails like this can easily trick users into reading their emails; however, since their goal is to correspond with the user, the scammer needs to receive the user's email reply. They accomplish this by manipulating the email's "Reply-to" settings, which are email settings that allow the sender to program where a reply email is sent. The scammer will program the email so the reply is sent to themselves and not sent to email address of the person they have spoofed.
When an email from someone you know seems out of character or requests sensitive information that is unnecessary for the sender to have, you may have a suspicion that something isn't right, so you check the sender's email address, to make sure it is correct. When the email address is spelled correctly and the domain extension is also correct, check who the Reply Email will be sent to by simply clicking the "Reply" button. Also, if you have any questions as to the validity of the email it may be a good idea to forward the email to the actual person's known trusted email address instead of replying to the suspicious email.
3. Look at the phone number in the email signature
In real estate transactions, parties are typically advised to call and confirm wire instructions before sending wires. Therefore, when scammers send fake wire instructions, they will copy and paste the email signature of the individual they are impersonating; however, they often replace the phone number in the email signature with their own phone number. This ensures the party who received fake wire instructions will call the scammer to confirm the fake wire instructions. When the scammer confirms the fake wire instructions are correct, the unsuspecting user ends up sending their funds to the scammer's account and by the time anyone realizes, the funds are no longer traceable.
Checking the area code can be a helpful indicator of whether the email is spoofed. If you know a company is based out of New Jersey, but the phone number area code is from South Carolina, a warning signal should go off in your head. However, even if the area code was from the same state as the company and the email seems suspicious, you could compare the phone number to another email from that person, but the easiest solution is find a company's phone number online, either on Google (or any other trusted search browser) or by visiting the company website. Especially when it comes to confirming wire instructions, it is recommended that the phone number is either confirmed prior to receiving the wire instructions via email or from a known trusted source (like the company's website).
Always to be On-The-Lookout for Spoofed Emails
Remember to keep these tips in mind when reading emails. Scammers are always looking for ways to infiltrate real estate transactions and exploit individuals for their own personal gain That is why it is important to always remain vigilant when receiving emails, whether it is from an unknown sender, an organization you are familiar with, or even someone you know.