The representation of fraud victims has become one of our larger practice areas over the past few years with new frauds emerging all the time. One dangerous but common type of fraud involves Mortgage Wire Fraud (MWF), a type of fraud where the fraudster sends an email to the purchaser of a home requesting money for the closing attorney’s escrow account. In many cases, the purchaser will send the money requested to the fraudster learning only later that the money went to someone other than the closing attorney, and when it comes time to close on the purchase, the home buyer has no money left. Who is responsible for this loss, and what can be done to recover the loss? Before answering these questions, it is necessary to understand the home purchasing process.
The Home Purchasing Process.
Although there is some variability in the purchase of a home, in most cases, there will be multiple parties involved in the transaction. There will be the seller, who will most often be represented by a real estate agent and a buyer who may or may not be represented by a real estate agent. There will also be the bank or mortgage company that currently holds a mortgage on the property (which will need to be paid off) and a bank or mortgage company providing funds for the purchase of the property. Most importantly, there will be a law firm, an attorney, or a settlement agent who will calculate the precise amounts due from or to all parties at the closing. Often, the settlement attorney or agent will want the funds due from the buyer before the closing date. On the date of closing, the settlement attorney or agent will meet with the buyer, make sure all deeds, mortgages, releases, contracts, notes, etc., are properly executed and will then deliver documents and payments to the parties involved.
Often, the purchaser of the property will be required to pay a down payment to purchase the property. Before settlement, the settlement attorney or agent will collect the down payment, as well as closing costs and other expenses from the purchaser to finalize the settlement. This is where Mortgage Wire Fraud occurs. The amount needed to finalize the sale may be in excess of several hundred thousand dollars.
The Fraud.
Shortly before the proposed closing date, the purchaser will receive an email from someone purporting to be employed by the settlement agent detailing the timing of the closing and requesting the purchaser’s funds be transferred by wire to the law firm’s escrow account. This is a common practice throughout the United States, and, in most cases, there is nothing unusual about the transaction. In most cases, the funds will be transferred, and the closing will occur exactly as it is supposed to happen.
In some cases, however, fraudsters will have compromised the computer systems of one of the parties to the transaction and know the details of the transaction. They may also use the actual name of an employee of the settlement attorney or agent. Using a figure that is very close to accurate, they will send an email, just as a legitimate law firm would, requesting money to be wired to the firm’s “escrow account”. However, the account will not be the firm’s escrow account but rather an account set up by the fraudster. Before the purchaser realizes there is a problem, the money will be gone. Usually, the money is transferred to a financial institution outside the United States, and from there, it will go to the fraudsters.
Who is Responsible for the Fraud?
The fraudsters are the people responsible for the fraud, and their conduct should be reported to the FBI Internet Crime Complaint Center and the Federal Trade Commission. Other than that, most online sources blame the purchase for transferring funds, absolving all other parties from responsibility. In most cases, the fraudsters will initiate a phishing attack against the purchaser. This will look like a genuine email from the settlement attorney or agent, and it will direct the purchaser to transfer funds to what appears to be an escrow account belonging to the settlement attorney or agent. The unsuspecting purchaser will follow the instructions, and the funds will be lost.
Except it may be far more complicated than that. Some of the questions that will need to be answered are: how did the fraudsters know of the closing? Where did they obtain the settlement amount (which is always relatively accurate)? How did they know the employees who were involved? For a Mortgage Wire Fraud scheme to be successful, the fraudsters must have accurate information about the transaction. While this could come from a hack of the purchaser’s account, it could also come from a hack of the realtors, the settlement agent or attorney, one of the banks involved, etc. All organizations in the U.S. must maintain adequate internet security measures, and a failure to have adequate measures can serve as a basis for liability.
There are several statutes that provide a basis for liability. These include the Gramm Leach Biley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act. In addition, many states have statutes that provide for civil recovery when a data breach has resulted in financial harm to people. It may be appropriate to retain a cybersecurity professional with expertise in hacking investigations to determine who initially disclosed the relevant information to the fraudsters.
Not every case, however, requires cybersecurity expertise to resolve. We have had cases where employees or contractors have stolen data and sold it to fraudsters, facts that make it far easier to recover damages. It is therefore important to understand the flow of information, especially the way in which it was compromised and how it made its way to the fraudsters.
It is also important to understand cyber security. One of the most unusual aspects of these cases is the fact that the fraudster somehow obtained evidence about the closing, including the amount the buyer needed to pay. How, and from whom, did they obtain this information? It is possible some of the parties involved in the transaction may not have adequate security measures in place to protect the confidential information of the buyer. If a hacker enters a law firm or realtor’s protected computer system and steal the information, the law firm or realtor may be liable if its security was inadequate. This determination requires the involvement of cybersecurity experts who can often determine how the system was accessed.
In the case of Owens v. Ally Bank, et al., a case filed in September of 2024, the plaintiffs allege that Ally Bank’s online subsidiary had “unreasonable and inadequate” security practices in place that left the personal data of “potentially billions” of its customers exposed to theft. This is one of a variety of cases working its way through the court system attempting to determine the limits of liability for cybersecurity failures. Many of these cases focus upon the harm suffered by the plaintiff.[1] In the case of a mortgage fraud that results in a substantial loss of funds, liability should be easily established.
[1] See Webb v. Injured Workers Pharmacy, LLC, 72 F.4th 365 (1st. Cir. 2023) holding that a plaintiff must establish a present, concrete harm associated with the breach.A recent scenario presented to us involved a buyer who, after receiving a fraudulent email from the fraudster, contacted a paralegal at the law firm conducting the closing and confirmed both the amount of the wire and the account number it was to be sent to. Unfortunately, the paralegal involved did not double check the account number, causing the buyer to lose several hundred thousand dollars. Liability would arise in this scenario as well, although it would involve an allegation of negligence by the law firm’s employee.
There are a variety of ways that liability can arise, and it is important to ensure that the law firm retained to investigate the case has the background to undertake what, in most cases, is going to be a complex and difficult case.
A Note About Attorney’s Fees and the Role of Experts.
We receive a lot of calls from people who have lost money and are now desperate to recover it. While we play a crucial role in this process, we are not cybersecurity experts. Cybersecurity experts frequently have decades of experience working with computer and network systems, as well as specialized training in the investigation of data breaches. Before any case can be filed, it is important to understand what happened and who is responsible. This task requires the employment of a cybersecurity expert. The expert will often work for an attorney who understands the law surrounding cybersecurity and the need for adequate protection for personal data. In the early stage of an investigation, it takes time and money to determine what happened. The process is tedious and difficult. While we frequently engage in contingent fee agreements with clients in pursuit of the organizations that were breached, we cannot do so during the investigative stage of a case.
It is often heartbreaking to hear that an elderly couple, for example, has lost their life saving at the hands of a fraudster, and although we would like to help, we cannot do so for free. Neither can the cybersecurity expert. In appropriate cases, we will quote a small, fixed fee to conduct an investigation. The cybersecurity expert will also charge their fee. The investigation should indicate who is responsible and provide the basis for suit against a party or parties. If it is determined that a liable party exists and can be sued, we will usually agree to a contingent fee to pursue the responsible party.
Another matter to consider is how hacking occurs. While there are many types of hacks with varying degrees of sophistication, many involve “phishing”. A phishing attack is designed to encourage a victim to reveal sensitive information or to install some form of malware that will, in turn, reveal sensitive information to the fraudster—this may involve passwords, account numbers, etc. Law firms, banks, realtors, and just about any other party in a real estate transaction can be the victim of a phishing attack, including the buyer. If it is the buyer of the property who discloses sensitive information to the fraudster and the fraudster then uses that information to misdirect a payment to the fraudster instead of the law firm conducting the closing, there is usually very little that can be done to collect the loss.
Therefore, it is important to beware of phishing attacks. These attacks are growing in sophistication. In a recent case, fraudsters contacted a client by email (a frequent medium for phishing scams) to inform him his PayPal account had been overcharged. The client then called the number on the email, and the fraudster spent about ten minutes warning the client of the dangers of cybertheft. He then obtained sufficient information from the client to steal most of his life’s savings. Anyone can be the victim of a phishing attack.
It should also be obvious that we cannot help everyone who calls us. Often, our investigation will reveal that the loss came from a phishing attack on the client’s devices. However, it is important to understand what happened, and, in many cases, we can help the client understand their losses. If you or a family member have experienced a loss, please contact us. We would like to find out what happened and recover the loss for you, if possible.
Dennis Boyle
Founder / Partner
Mr. Dennis Boyle is an accomplished white-collar criminal defense and complex civil litigation attorney who practices throughout the United States and internationally.