Fraud Insight from a Reformed Cybercriminal and the FBI: Fraud in 5 Easy Steps

This is Part 2 of a three-part series that contains insights from the top experts in fraud prevention. The focus is to shed light on the current state of fraud as well as how to take action before and after a fraudster strikes. If you missed Part 1 you can read that here, Part 1: The State of Fraud Today.

The following is a summary of our discussion with FBI special agents, insight from the former “Internet Godfather,” Brett Johnson, and the Title Tech Council.

Part 2
Fraud in 5 Easy Steps


After discussing the State of Fraud Today, we spent time with the FBI special agents analyzing something we all in the title industry are familiar with, Business Email Compromise (BEC). It’s the most prevalent scheme fraudsters deploy today. Thankfully, it’s something we know a lot about and are the most prepared for. But it’s still a very relevant and evolving problem. It’s also a shockingly easy scheme for would-be fraudsters to attempt.

However, education and awareness are some of the best ways to combat fraud attempts. So in order to better defend against BEC, we’ve outlined the “5 easy steps” cybercriminals run fraud schemes based on our conversations with the FBI and insights from the former “Internet Godfather,” Brett Johnson.

Step 1: Target and Recon

The first step in BEC that a fraudster will take is to search on a social network such as LinkedIn for companies that align with their interests or they deem exploitable. The ability for a fraudster to “target and recon” is made easier every day with our constant increase in transparency in our online profiles. In this step, the fraudster will identify a target by finding out where they work and then seeking those employees in the payroll department (or closing department).

Step 2: Run Business Domain

Next, the fraudster will run the company’s domain name through tools that research the website domain. Any and all information they can gain from researching will help make fraud scheme more believable. Security vulnerability is one piece of research, fraudsters also look for integrations and partnerships as ways to build their case.

Step 3: Spear-Phish the Password of the “Money Man”

This step sounds a lot more technical than it actually is. The “money man” is the person who deals with large sums of money for organizations or personally. Phishing is a term many of us are familiar with; where a fraudster attempts to trick potential victims into sharing sensitive information that could be used to compromise themselves or others. "Spear phishing” is essentially a personalized phishing attack. Most general phishing schemes are focused on mass outreach, whereas spear phishing is an attack on a single person. Again, social engineering is at play here, not hacking sophistication. So this step is where the fraudster will dupe and obtain the target’s email credentials. Spear phishing is 86 percent successful, according to Johnson.

Step 4: Target Email Contact

This is where the cybercriminal will monitor the inbox of the “money man,” says Johnson. In the real estate world, this was commonly the realtor but is now moving on to the title professional. During this step, the fraudster is looking for who the target is talking to the most regarding wiring and fund transfers. Some fraudsters are able to accomplish this infiltration without the target even realizing they’ve been compromised and are now putting other people at risk.

Step 5: Build a Similar Domain

This is the step we are trained to look for in the title industry. Do you spot the difference between the two websites below?



This step masks the email that the processor is used to seeing. The most popular way this is done is through a Unicode domain name registry. It can replicate a domain name with a security certificate using changes as simple as just removing the dot over the letter “i.” If the target isn’t paying close enough attention, some schemes can be easy to miss. There are well over 1.5 billion websites today. Making the slightest difference of URLs commonplace. Additional scrutiny is needed now more than ever—and it’s only going to be more important in the future.

Steal the Money

Technically this isn’t a step for the fraudster. Rather it’s the final action of the scheme and it doesn’t really require much explanation. If a fraudster was successful with Steps 1 – 5, their work is done. Having successfully sent a fraudulent email the fraudster now waits for the funds to be delivered to the altered account. Unfortunately, once a fraudster has stolen the money it's extremely difficult to recover those funds.

The FBI said these fraudulent emails and instructions are typically sent late Friday afternoon because fraudsters know that title companies are busy and that specific FBI agents are less likely to be working on the weekends. Educating your office and clients on what to look for and when there may be heightened risk is key to preventing BEC schemes.

In understanding the mechanics behind how BEC attacks are created, title professionals are better able to recognize and take proactive measures against the popular method of fraud. The hurdle that title professionals will have to overcome is making sure that other parties involved in the real estate transaction are adhering to the same security standards.

In Part 3 of “Fraud Insight from a Reformed Cybercriminal and the FBI” we’ll focus on what to do if fraud occurs and what happens after.

With the increasing amount of information available online and the evolving sophistication of fraud schemes, it’s crucial that title companies stay up to date on best practices for fraud prevention. But you don’t have to do it alone; we’re here to help. In fact, it’s why we created our industry-leading wire fraud prevention software, SafeWire. Schedule a free in-depth demo of the platform today.