The "Man in the Middle" Cyber-Attack (Wire Fraud) How it is Executed
Once a real estate investor has found a deal, they contact a title company to close the deal (it can come from a recommendation or acquaintance). The hacker waits for this opportunity
As soon as the investor sends an e-mail to the title company, the hacker, who has already broken into the investor's e-mail system, starts operating
The hacker sees all the e-mails that the investor sent to the title company. The title company replies with identifying details and the logo of the company and its signature. However, this e-mail will no longer be seen by the investor, since the hacker defined in the e-mail that every e-mail message received from the title company will be moved to the "Deleted Items" folder or another hacker designated folder
This gives the hacker full control over the media, and he can delete e-mails and send the investor fraudulent e-mails from the same email address as the company with a fake company details
In fact, a fictional reality was created with the hacker in place of the real title company
The hacker follows the investor throughout the process and sees all attachments from the bank and the title company
Even if the investor calls the title company, it will be up to date on all the details since the hacker also sent them emails on behalf of the investor. The investor will not see or understand that the hacker sent him the fake e-mail which appears to be exactly like the original with other bank details and not the real one
To clarify, the investor with get a fake details of the wire transfer by e-mail
It is important to emphasize that even if the investor calls the title company, they must make sure to speak with the real title officer and not the false contact the hacker sent.
Once the money has been transferred to the hacker's account, the probability of getting it back is 0. Commonly, the money is converted to Bitcoin or another form of cryptocurrency and cannot be detected. Authorities do not know how to cope and/or do not want to deal with such fraud. The FBI receives about 150 complaints about phishing and wire frauds in the U.S. every day
This is a particularly sophisticated fraud, with the investor exposed to devastating losses in one moment. Such theft is one of the most common thefts in today's digital world which will only worsen in scope and severity
Share this article with real estate investors in the U.S. since awareness is the first stage of protection. There is obtainable protection and preventative actions ̶ one is to carry out penetration tests for the computer/e-mail and network, and this will be expanded on in the next article.