Protect Your Money

Buying and selling a home is an exciting time, but there can be pitfalls for unsuspecting consumers. You should be aware that criminals use wire fraud schemes to steal money meant for home purchases or the proceeds from the sale of the property. Criminals often begin the wire fraud process by using email messages, website forms, or phone calls to steal your email login and password information.

Check out these resources to protect your money:

Safeguards to Follow

Consumers are encouraged to follow these steps to help reduce the risk of becoming a wire fraud victim.

  • Call don’t email: Confirm your wiring instructions by phone using a known number before transferring funds. Don’t use phone numbers or links from an email.
  • Be suspicious: It’s uncommon for title companies to change wiring instructions and payment info by email.
  • Forward, don’t reply: When responding to an email, hit forward instead of reply and then start typing in the person’s email address. Criminals use email address that are very similar to the real one for a company. By typing in email addresses, you will make it easier to discover if a fraudster is after you.
  • Confirm everything: Ask your bank to confirm the name on the account before sending a wire.
  • Verify immediately: Call the title company or real estate agent to validate that the funds were received. The sooner it is detected that money has been sent to a wrong account, the better chance you have of recovering the money.

Social Engineering and Phishing

Don’t Take the Bait.
Criminals Use Fake Emails to Phish for Your Information.

What is Phishing?

Online fraud and identity theft are on the rise. Cyber criminals may try to steal your personal information by tricking you to click on a fake email that looks legitimate. Criminals design these messages to trick you, so they may look like real messages from companies you trust, but with fake web links, phone numbers, and attachments. This method of email fraud is called phishing.

Phishing emails often ask for personal information to gain access to your financial assets or to steal your identity. They may also place malicious code on your computer, browser, or mobile device to monitor your activity or gain access to your other accounts. Be wary of any emails from unknown senders or spoofed email addresses.

Phishing Facts

Phishing scams can appear as emails from brands you trust.
83%of organizations experienced a successful phishing attack in 2021.
51%of Americans cannot correctly identify phishing.
Phishing accounts for90%of data breaches.

How to Identify a Phishing Email

  • Poor spelling or grammar
  • Generic or non-personal greetings
  • Requests personal information (passwords, financial information, MFA pins, credit card numbers, social security numbers, etc.)
  • Unusual or unnecessary sense of urgency
  • Offers that are too good to be true
  • Emails that instruct you to transfer money or to change wire instructions

How to Identify Spoofing

Spoofing is when a bad actor pretends to be a person or organization you know and trust. In phishing scams, bad actors often spoof sender names, hyperlinks, and websites to trick you into thinking that you are interacting with a trusted source.

Spoofed Senders.

Bad actors commonly spoof the sender’s display name so that an email will look like it is coming from someone you know. Hover over the display name to see if the email address matches the purported source of the email. You can also always pick up the phone and call the sender through a trusted phone number to confirm the message is from them.

Spoofed Hyperlinks.

Bad actors will also disguise hyperlinks so that you cannot see the true destination of the link. Hover your mouse over a hyperlink without clicking to confirm it points to an address you expect.

Spoofed Websites.

Bad actors can impersonate legitimate websites by making subtle changes to the website domain name, like adding an “l” and “r” to transform “” to “”. Always double check the address bar to confirm you have not found yourself on a fraudulent website. If you have never heard of the website before, do some research on the organization before handing over your information. Call the sender through a trusted phone number to confirm the message is from them.

Did You Know that Phishing is More than Just Emails?

Not every phishing attack will look the same. In fact, bad actors can phish for your information through a variety of different platforms, such as:

Voice Calls

Vishing, a combination of “voice” and “phishing”, is a call-based scam designed to get you to share personal information or financial details, such as account numbers and passwords. While most email have robust spam filtering technologies, our phones are less adept at warning us of an attack and prone to phone number spoofing. Additionally, it’s much easier for bad actors to convey emotion and build trust over the phone, which makes it easier for them to trick you.

Text Messages

Smishing, or “SMS Phishing”, is a text-based phishing scam. Like email phishing and vishing scams, bad actors attempt to steal your personal information, MFA codes, or passwords, or infect your devices; however, in smishing, bad actors communicate with you via text.

Social Media Messages

Social media is also ripe for phishing-style scams. Bad actors can create fake individual or business profiles that appear trustworthy, and they also attempt to duplicate real accounts.

What to Do if You Receive a Phish

If a suspicious message should arrive in your inbox, here are some steps you can take to help protect yourself.

Never Click a Link Without Checking.

Hover your mouse over the text of a link without clicking to verify the true destination of the link. The true link will be displayed in the lower right corner of your browser. On your mobile device, you can similarly press and hold down on the link.

Be Careful With Attachments.

If you are not confident that the sender is legitimate and the attachment is secure, call the sender through an independently verified telephone number and confirm they actually sent the message.

Keep Your Systems Updated.

Be sure to keep your operating systems, browsers, email software, virus protection and apps updated with the latest versions. These updates will often contain fixes for certain vulnerabilities that fraudsters may try to exploit.

Report Suspicious Messages.

Most email software (Microsoft Outlook, Gmail, and others) has functions that allow you to report suspicious emails and provide the detail of the email. You can also report any fraud attempts to the Federal Trade Commission (FTC).

Do not click on links, call the phone number on the email, or reply to the suspicious message. Call the number listed on the Foundation Title and Escrow website, only to confirm the validity of the email and its content.

Have you been targeted in a wire fraud scheme?

File a complaint with the FBI’s Internet Crime Complaint Center. Watch this video to learn how to complete the form: