Fraudsters — both high-tech and old school — daily attempt to use real estate and other transactions to scam our law firm, our title company and our clients out of money and property. To date, we have not been hit (some of our client have been), but we are always on guard. Fraudsters forever keep trying.
As you are growing your business — and these tips apply to businesses large and small, old and new — it is a good idea — from time to time — to gather your financial team and key executives, along with your IT professionals, and simply have a conversation about “tightening things up” and avoiding common scams.
- Are your checks (and cash) — incoming, outgoing and blank checkbooks — tightly secured and under watchful eyes?
- Are your systems too open and accessible (a simple question such as automatic screen savers with passwords that trigger when an employee is away from his desk)?
- Do you have proper insurance to protect your real risks?
- Do you have proper training and systems in place to avoid common and emerging risks?
In the end, we all have some exposure. So, eternal vigilance, the latest technology protection and training of employees new and old, is the only answer. Part of this caution is constantly “tightening up” and “changing up” your transactional practices and security procedures to avoid the latest scam.
Here are some common scams we and our clients have seen:
- In the low-tech world, fraudsters simply borrow money based upon false promises and representations. This is a time-tested and common scam. It is borne of two human instincts: (a) we want to trust people and (b) we are lured by the promise of a better-then market return on investment (if it’s “too good to be true,” it’s probably fraud). Many of these fraudsters have the appearance of business stability and financial success, but are willing to offer above-market interest rates for a personal or business loan. In the end, these loans are not properly secured and are not properly guaranteed, and the fraudster never had the ability or intent to pay back the monies.
- Similarly, we have seen clients purchase assets or entire businesses that are subject to liens or governmental enforcement actions, or the purchase price is based upon false financial documents or hidden property condition. In a business transaction, be careful of slippery buyers, sellers and attorneys who can make fraudulent closing adjustments as the numbers are flying about in a closing.
- Another low-tech fraud is thieves who rifle U.S. Postal Service mail boxes (both the blue drop boxes and mailboxes at your home or business), steal checks, and then change the payee and amount on the check and cash it.
- Pay attention here: In the high-tech world, fraudsters hack into a Realtor, investor or title company email system, and steal their email signature and logo, and the details of an imminent transaction. Then, they establish a similar email domain (with maybe one letter changed or a “dot” added). Using the new domain, they send an email to the party who is to originate a wire with false wire instructions — instructions straight into the fraudster’s overseas wire address. The email by all appearances looks entirely legitimate and it’s from a name you know and with whom you actively are dealing.
- We have written about sellers who don’t own actually property attempting to mortgage or sell the same. Read here and here.
- Finally, fraudsters use sophisticated hacking and ransomware viruses to invade your critical computer systems. They corrupt your data and hijack control of your systems, relenting only when an exorbitant ransom has been paid. Extortionists have taken over critical infrastructure such as oil pipelines, hospitals, and municipalities. Most recently, the vendor running the Cincinnati Multiple Listing Service and dozens of MLSes nationwide was the victim of a weeks-long ransomware attack that was costly and disruptive.
So, how can you protect yourself in this world increasingly fraught with risk of theft of your valuable data, money and time by those with malintent?
Here are a few ideas:
- Stay in your lane. Let lenders lend. In most cases, they are good at it. If a borrower is coming to you for a loan, it’s likely because he’s not eligible for conventional financing, and that ineligibility is for a good reason — he’s either lying, broke or both.
- Carefully use due diligence and proper documentation. If you are going to lend money or buy assets or a business, perform the kind of due diligence a prudent and sophisticated buyer or lender would undertake and obtain appropriate security and guarantees of a loan. We discuss some of the pitfalls of private lending here. Similar risks can exist in buying assets and buying whole operating businesses. Part of this process is assuring that the borrower actually owns the assets he is selling or pledging (free and clear) and that your security interest is properly and timely perfected as against that asset. In a real estate-based loan, title insurance is a key way to assure this is so. In purchasing a business, the risk is even greater in that the corporate entity may have significant residual undisclosed liabilities or governmental enforcement problems. That seller — and your purchase monies — will completely disappear by the time you learn of the fraud. Finally, the #1 “due diligence item” is to know your employees, know your borrowers, know your sellers. The internet (and now artificial intelligence tools) is an incredibly powerful way to do background on parties to a business transaction, Use it. Cautiously heed the lessons of what you find.
- Properly perfect security interests and document guarantees. When banks lend money, they want proper security for their loans and appropriate guarantors for their repayment. In most cases, banks are over-protected, and they want it that way. You do too. In both real estate and equipment-based transactions, we have seen borrowers pledge the same assets to different lenders as security for two or more loans. Obviously, in that circumstance someone is going to be left holding the bag. (Yes, fraudsters are that shameless.) Using proper real and personal property title examinations and lien searches and using appropriate documentation for loans and guarantees is critical. For example, in Kentucky, in order for a personal guarantee of debt to be enforceable, it must follow specific statutory requirements. Without that, it’s worthless.
- Don’t put checks or other key financial documents in blue U.S. Post Office boxes on the streets and don’t have checks sent to a mail box at your business or residence that is accessible by others.
- As to wire fraud, you can’t be careful enough.
- The sender of a wire should assume everything you see is a lie, the fax, the email, the logo, the wire instructions, the sender web site, the sender. Everything. Always verify everything via voice using a trusted and known telephone number for the wire recipient.
- If you smell a rat, don’t initiate the wire. Wait and check some more. Urgency — especially inappropriate urgency — is a key indicator of fraud.
- Read carefully the sender email addresses and the email. Many times the email domain of a fraudster does not exactly match the domain name with which you have been dealing. Note misspellings and grammatical errors in the text of an email that may come from a foreign sender or one unfamiliar with the parties and the transaction.
- Note last-minute changes, especially of wiring instructions.
- Note changes made on the Friday before a holiday weekend or before another holiday, and before the end-of-month, when Realtors and title company employees are more likely to be busy and careless.
- Buy cyber insurance. Your property and casualty insurance agent can offer your business cyber protection. It requires you to use good practices for the insurance to invoke, but both the coverage and the required procedures are a critical part of best practices protection.
- As to ransomware attacks, we have two pieces of advice:
- First, according to the Harvard Business Review (citing IBM), 60% of cyber attacks originate inside your organization. Either a malevolent employee or ex-employee intent on theft or vandalism (75% of attacks) or a negligent employee (25% of incidents) who falls for a phishing attack scam cause most losses. So, hire and retain employees of good character, monitor their activities, and carefully, comprehensively and quickly cut off computer access of former employees. Segregate access to data in your organization to those who need that data, and no one else.
- Second, every computer system is vulnerable. Every one. But homegrown (premises-based and self-maintained) servers are more vulnerable to a hack (in my opinion). As a result, we (a) have migrated the vast majority of our data into the Microsoft cloud (other providers are also available) (heaven help the world if they hack the Microsoft cloud!), (b) have segregated access to data to employees who need that access, and (c) have make serial backups of data that is not in the cloud.
- Understand the risks, develop training and systems to avoid the risk, and train all of your employees on cyber security procedures.
As our attorneys can assist with due diligence and proper documentation (including title insurance) of your transactions, call us!