Excited about closing on his new house, Furst Thyme Byer received emailed wire transfer instructions for his full $250,000 payment from his broker Chad at Chase N Rainbows Realtors. Complying with Chad’s instructions in the letter, Furst emailed Schneckner at Schneck’s Loans who wired the closing funds, as instructed, to what they both thought was In-O-Cent Title Company’s account. The next day, Ida at In-O-Cent Title called Furst looking for the money. Checking with Schneck’s Loans, Furst confirmed the funds were wired to the In-O-Cent Title account as directed. But In-O-Cent Title never received the money. The wiring instructions were bogus. They came from a similar email address, but it was not Chase N Rainbows’ – nor was it In-O-Cent Title’s bank account. Is anyone besides Furst responsible for the missing funds? If so, who? The title company? The mortgage broker? The real estate broker?
Maybe, but apart from the hacker who may well be residing in Nigeria and who committed wire fraud, not likely. If anyone is responsible, the simplest legal claim is “negligence.” Was there a duty owed that was breached and proximately caused Furst to lose his hard-earned money?
Starting with those who are not likely to be responsible – the mortgage broker. Schneck’s Loans received directions from Furst specifying the amount and where the funds were to be wired, which were executed. And, In-O-Cent Title received neither an errant email nor any money.
What about Chase N Rainbows? If it was their first time to be hacked, probably not.
Sad as it may be, Furst was the only one who – upon closer inspection of the email address purportedly from his broker Chad at Chase N Rainbows – could have discovered the hack.
On the other hand, Chase N Rainbows (or, In-O-Cent Title if they were hacked, as can also be the case) might be liable if they (i) knew they had been hacked before, (ii) failed to take reasonable steps to keep it from happening again and (iii) got hacked a second or third time. By all accounts, the incidence of diverted funds from real estate purchase transactions has exploded in the last year.
Tilting the Scales in Your Favor
If you are buying, lending, closing or brokering a transaction that will have funds exchanged by wire transfer, you would be well advised to manage your cybersecurity:
- Verbally confirm – both as sender and recipient of any email instructions – both the amount and the wire transfer payment destination.
- Better yet, establish a dual control policy requiring that one person originate the wire transfer request that will not be initiated without a call back to another person. Just make sure you are talking to the right person at the right place.
- Consider using a completely different email address to direct wire transfers, thereby avoiding hacking of online personal emails, like those on company websites and Facebook.
- If the email is important, be aware of the grammar, spelling and word usage. Even better, pay attention to the email address which, if hacked, will be different from the sender you know. That is, generally beware of social engineering and notify all parties concerned if compromised.