Seattle, WA — First time homebuyer Quang Hoang had picked the perfect place.
“I just fell in love. I could imagine myself walking through the door,” says Quang, of the three-bedroom condo in Lynnwood.
But it was the perfect time for scammers who posed as his mortgage company and stole his $90,000 down payment.
“This just isn’t happening to first time home buyers, it’s happening to judges, lawyers,” says Quang.
Quang is one of more than a thousand Washingtonians who’ve lost more than $70 Million to business email compromise scams in the past two years.
And according to Special Agent Ethan Via, who oversees a team investigating complex financial crimes for the FBI in Seattle, this type of crime is on the rise.
“It’s bad, it’s real bad,” says Special Agent Via. “It’s certainly the most profitable fraudulent scheme out there right now.”
In Quang’s case, scammers found a way to get into the email conversation between Quang, his real estate agent, lender, and title company.
Then he received an email with wiring instructions.
“They’re saying everything looks good, we’re ready for you to remit the payment,” says Quang, “so I’m like ok sounds good.”
He sent more than $90,000 to a Wells Fargo account in Texas. The next day, his real wiring instructions were sent.
“Twenty-four hours later, she comes back and tells me ‘you’ve been a victim of wire fraud.’ My jaw just dropped. There’s no step by step playbook for this,” says Quang.
I had Tarik Saleh from the computer security company DomainTools investigate Quang’s case.
“So it’s a very surgical, specifically-targeted attack that was financially lucrative unfortunately,” says Saleh.
He says scammers can find their victims easily by looking on real estate websites at properties. They could target and hack an agent’s name and email.
“After they read those emails, they crafted these really similar-looking domains and kind of inserted themselves in this email conversation to say ‘hey we need you to go ahead and wire us some money,’” says Saleh.
Ethan Via from the FBI says scammers can also hack into a victim’s computer and create ‘forwarding rules’ so certain emails are sent directly to them.
“If there’s an email that contains these keywords - transfer, wiring instructions, wire - they can route it to a specific email account,” says Special Agent Via.
Once the thieves know the timing, the bad guys insert themselves in the conversation. In Quang’s case, the perpetrators created an email address with a domain that was one digit off from the lender. And they changed the domain of the title company from “.net” to .live.”
“I thought it was part of my legitimate home buying party,” says Quang, remembering when he got the fraudulent emails.
Ultimately, Qoang was able to reach Wells Fargo and was able get a little more than half of his money back.
It was a massive lesson learned. He says if the lender won’t take a check, do business with another business.
“Go see them in person for everything, especially during closing week. You’re going to be going back and forth you’re going to be signing papers, just go into their office,” says Quang.
I’ll repeat: do your business in person. But if you do get scammed, let your bank know right away and file a report with federal authorities. The FBI says the likelihood of getting your money back drops quickly after 72 hours.