History repeats itself

Standard

Fraudulent mortgage satisfaction schemes are back

We have heard recently that a group is engaging in a scheme to fraudulent satisfy mortgages (or deeds of trust) in California and Florida. We all know that trends in California and Florida eventually make it to South Carolina, so I wanted to make sure South Carolina dirt lawyers are aware of this scheme. This is not a new scheme, but we thought it had died down until we got this news last month.

Here are some good rules of thumb to assist you in avoiding losses and protect clients in this area:

  • Have your title examiners provide you with copies of mortgage satisfactions and releases. Two sets of eyes reviewing the documents should help with spotting issues.
  • Pay particular attention to satisfactions and releases within a year of your closings. The normal schemes involve satisfying mortgages in order to collect funds at subsequent closings.
  • Pay particular attention to satisfactions and releases that are not connected with a sale or refinance. Contact the lender for confirmation that the loan has been paid in full.
  • Don’t accept a satisfaction or release directly from a seller, buyer or third party without contacting the lender for confirmation that the loan has been paid in full.
  • Many of the fraudulent documents are being executed by an unauthorized party on behalf of MERS. Compare MERS satisfactions with others you have seen in connection with your closings.
  • Check spellings and compare signatures against those of genuine instruments.
  • Be wary of hand-written documents, unorthodox documents, cross-outs, insertions and multiple fonts.

The perpetrators of this fraud are sophisticated and will change aspects of the scheme as needed, so remain vigilant and discuss any suspected fraudulent documents with your title insurance underwriter.

Advertisements

Despicable Acts: Absentee property owners can be targets of fraud

Standard

Despicable acts

And real estate lawyers may be the best minions to prevent these crimes!

Imagine this scenario: Lucy Wilde’s family owns a farm in rural Orangeburg County, South Carolina. Since the sudden death of Lucy’s husband, Felonius Gru in 2007, no one has farmed the property. The fields are sitting fallow awaiting the opening of the estate and the division of the property among and Felonius’ heirs, including Lucy. The relatives have all fled small-town living to join the Anti-Villain League, so no one is available to literally mind the farm, and no one is in a hurry to settle the estate.

Enter Balthazar Bratt, a fraudster from Miami who sees the vacant property, searches the public records and learns the property is owned by the late Felonius Gru. Bratt also learns the property is ripe for development because it is located near the prime corridor between Charleston and Columbia, and very near Interstate access.

How can Bratt take advantage of this scenario while the Anti-Villain League employed family members are not paying attention? Absentee owners of real property are often the targets of criminals who pose as true owners offering the property for sale or as collateral for a new loan. These fraudsters may sell or refinance the property and abscond with the sale proceeds or strip any equity in the property with a new loan. The true owner has no idea the property is the subject of a real estate transaction.

In our fictional account, if Bratt was able to ascertain through the public records that Felonius Gru was deceased, a good title examiner should be able to use the same sleuthing methods.  If rural Orangeburg County is not your stomping grounds, as we say in the South, you might hire a title examiner who does have experience in the locale. In small towns in South Carolina, people know each other!

Another tip to fight criminals like Bratt is to compare the mailing address provided by the seller or borrower to the tax bill. While this step may not help in an estate situation, it may very well reveal an absentee owner located in a different address than the one provided by the fraudster.  If the address is different from the address provided to you or the lender, send a letter to the address shown on the tax bill. Your letter might simply suggest that you are happy to be of service to the buyer in the transaction and that if the seller is unaware of the situation, he should have his attorney contact you. That letter should get the attention of an absentee and clueless property owner.

Another tip is to compare signatures of the seller or borrower against documents in the public records. While we are not expected to be handwriting experts, we can spot obvious forgeries. I remember a war story from long ago where one person signed in seven spots in a deed, for the five owners and the two witnesses. The alert closing attorney called an immediate halt to the potentially disastrous real estate transaction!

A well-known and well-used technique that often works is to obtain and carefully review picture identifications for everyone who signs documents in your office. Also, do not accept an assignment of proceeds. Make sure proceeds are paid to the seller or borrower of record only.

And finally, give yourself and your staff members permission to carefully and slowly consider every aspect of your closings. Staff members should be encouraged to be cautious and suspicious and to discuss their concerns with each other or with an attorney in the office.  If the closing attorney needs a sounding board, she should call her friendly title insurance company lawyer.  I can’t count the number of times someone has called me, explained a situation, and before I could even respond, said, “oh, that’s a problem, isn’t it?”

minions

Sometimes just explaining the situation out loud to another person makes the problems crystal clear!

Be careful out there!

Ransomware: A Scary Prospect for Dirt Lawyers

Standard

The Cyberdivision of the FBI is serious about ransomware!  An FBI speaker last Friday at the SC Bar’s excellent tech seminar, an annual seminar I highly recommend for solo and small firm lawyers, emphasized awareness and employee training are critical to prevent data losses in your operation.

Ransomware is a form of malware that is most often delivered through spear phishing e-mails. Spear phishing is a type of e-mail fraud that seeks unauthorized access to confidential data. Ransomware is what it sounds like. Once the fraudster gains access, your system is locked down, and money is demanded to provide access. You have to pay for your own data!

hacker

“H4ck3rz R Us, how can I help you?”

The FBI recommends prevention, business continuity and remediation, but suggests that there is no guarantee of prevention even with the most robust controls in place. Methods of prevention include:

  • Provide extensive awareness and training for your staff.
  • Use strong anti-virus and anti-malware solutions that are set up to update automatically.
  • Regular scans should be conducted of the anti-virus and anti-malware solutions.
  • No user should be assigned administrative access unless that access is absolutely needed.
  • Those with administrative accounts should only use them when necessary.
  • Keep access to a minimum. If a user only needs specific files, he or she should not have access to other files.
  • Ask your IT professionals to implement controls to avoid common ransomware techniques.

But since prevention is not guaranteed, the most attention should be paid to business continuity and remediation. In short, back up your data regularly and regularly verify the integrity of the backups.  Secure backups. Ensure backups are not connected to the computers and networks they are backing up.

The FBI does not endorse paying a ransom to the fraudsters and teaches that paying the ransom does not always ensure regaining access to data.

The FBI encourages victims to contact a local FBI office immediately to report a ransomware attempt and to request assistance. Victims are also encouraged to report cyber events to the FBI’s Internet Crime Complaint Center (www.ic3.gov.)

A Certain Path to Disbarment:

Standard

Fake a title insurance agency and ignore a real estate practice!

In the Matter of Samaha* is a South Carolina Supreme Court attorney disciplinary case that resulted in disbarment.

This lawyer was creative; you have to give him that!

For starters, he witnessed and notarized the signature of his client’s late wife, who had died seven years earlier. He typed, witnessed and notarized a revocation of a durable power of attorney for an 83 year old retired paralegal with cognitive and physical limitations.

Perhaps the most interesting violations, however, had to do with the title insurance. (What? It’s tough to make title insurance interesting. Trust me. I try and fail on a daily basis. This stuff is only interesting to title nerds like me!)

dark path forest

A relationship with a title insurance company is essential to a real estate practice in South Carolina. The closing attorney must either be in a position to issue his own title insurance commitments and policies as an agent, or to certify to a title insurance company as an approved attorney to obtain those documents.

Consider the activities of  Mr. Breckenridge, the lawyer who was publicly reprimanded this spring for allowing non-attorney entities to control his real estate practice.** During oral arguments, he stated that he preferred to handle closings in the customary manner in South Carolina, where the attorney acts as agent for a title insurance company as well as closing attorney. But he had been suspended by the Supreme Court for a short time and, as a result, had been canceled as an agent by his title insurance company. He said he was then forced to work for an entity that hires lawyers to attend closings only.  When a problem arose with the disbursement of one of those closings, he found himself in front of the Supreme Court again.

Mr. Samaha had also been canceled by his title insurance companies. That did not stop him and his staff from proceeding full steam ahead with closings in the customary manner.  Although he originally denied any knowledge that documents had been forged in his office, he ultimately admitted that closing protection letters had been forged and issued to lenders.

A mortgage lender later uncovered not only forged closing protection letters, but also forged title insurance commitments and policies. It was not possible for Mr. Samaha to obtain any of these documents legitimately during this timeframe, because his status had been canceled as an approved attorney as well as an agent. The Court commented that, absent the forgeries of these documents, the lawyer’s real estate practice could not have functioned.

(This is not the first disbarred lawyer in South Carolina to have included the forgery of title insurance documents in his repertoire of misdeeds.***)

The Court stated that Mr. Samaha allowed his staff to, in effect, run his office. He failed to supervise them and failed to supervise and review closing documents.  He, in effect, completely ignored his real estate practice.


He also committed professional violations of a more mundane but equally scary nature. For example, he made false and misleading statements on the application for his professional liability insurance.

red card - suitHe failed to pay off four mortgages. By his own calculations, the loss was more than $200,000, but the Office of Disciplinary Counsel stated that his financial records and computers had been destroyed, making it impossible to prove the true extent of the financial mismanagement and misappropriation.  Apparently, the money from new closings was used to fund prior closings, up until the date of Mr. Samaha’s suspension from the practice of law.

 

*In the Matter of Samaha, South Carolina Supreme Court Opinion 27660 (August 24, 2016)

** In the Matter of Breckenridge, South Carolina Supreme Court Opinion 27625 (April 20, 2016)

*** In the Matter of Davis, 411 S.C. 209, 768 S.E.2d 206 (2015)

Beware of Cyberattacks on Free E-mail Services

Standard

Think a client won’t sue for misdirected funds?  Think again!

domain securityE-mail services, even those with the tightest security possible, can be hacked. We have heard local stories, as close as Rock Hill and Charleston, of funds being misdirected by cybercriminals through intercepting e-mails and sending out fraudulent wiring instructions.

Law firms have taken action: encrypting e-mails, adding tag lines to emails warning that wiring instructions will not be changed, adding warning paragraphs to engagement letters, in addition to normal security efforts. Many offices now require confirmation of all wiring instructions by a telephone calls initiated internally. No verbal verification?  No wires!

Last month, an attorney in New York was sued by her clients in a cybercrime situation. This time, the property was a Manhattan co-op, and the funds amounted to a $1.9 million deposit. The lawsuit alleged that the attorney used an AOL e-mail account that welcomed hackers. The complaint stated that had the attorney recognized the red flags or attempted to orally confirm the proper receipt of the deposit, the funds would have been protected.

The old phrase “you get what you pay for” is definitely applicable in these situation. Attorneys who continue to use free email services are putting themselves and their clients at greater risk for cyberattacks. Criminals understand that free email services have low security against cyber-intrusion, so they naturally gravitate to those accounts for their dirty work.

I heard one expert say that free e-mail services are not only not secure, they are also unprofessional! Surely, lenders will soon look at this issue as they decide who will handle their closings.

Be Vigilant to Prevent “Business E-mail Compromise” Scams

Standard

fraud alertWire fraud is on the rise! Train your staff!

United States business e-mail accounts are under attack by sophisticated fraudsters.

The FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC) and the United States Secret Service issued a financial services bulletin on June 19 warning against increasing wire transfer fraud against U.S. businesses referred to as “Business E-mail Compromise” (BEC) scams.

The bulletin warned that BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts for the purpose of conducting unauthorized wire transfers.  Many compromised accounts belong to business CEOs or CFOs. The funds are primarily sent to Asia, but funds involved in these schemes have been diverted to locations around the globe.

BEC fraud compromises e-mail accounts through phishing, social engineering or malware used to obtain the user’s password. Once an e-mail account is compromised, fraudsters begin accessing and reviewing e-mails, including meeting and calendar information, contacts lists, and information concerning business partners, vendors and customers.

This activity enables the fraudsters to interject themselves into normal business communications masquerading as the person whose account was compromised. This reconnaissance stage lasts until the actor feel comfortable enough to send wire transfer instructions using either the victim’s e-mail or a spoofed e-mail account.   E-mails are typically sent to an employee with the ability to wire funds. A common tactic is to wait until the victim is away on legitimate business travel to send new wire instructions, making it more likely that individual would use e-mail to conduct business and making it more difficult to verify the transaction as fraudulent while the victim is in transit. The requests will sometimes state that the wire transfer is related to urgent or confidential business matters and must not be discussed with other company personnel.

Other incidents involve the compromise of a vendor or supplier’s e-mail account with the intention of modifying the bank account associated with that business. This scheme may also be labeled “vendor fraud” and often involves last minute changes of the bank and account number for future payments.

red-phoneThere is a relatively easy fix: all wire information received via e-mail should be verbally verified using established business telephone numbers.

Other suggestions to guard against this fraud are:

  1. Limit the number of employees with authority to handle wire transfers.
  2. Have a second employee designated as an approver for any wire transfer requests.
  3. Be careful opening attachments and clicking on links even if the e-mail appears to be from a legitimate source if you believe wire instructions may be included in the communication.
  4. Look out for e-mails that contain significant changes in grammar, sentence structure and spelling compared to previous communications.
  5. Look out for suspicious communications particularly toward the end of the week or the end of a business day. The fraudsters will have more time to access and divert funds.
  6. Maintain a file, preferably in non-electronic form, of vendor contact information, including telephone numbers.
  7. Look out for “spoofed” e-mail addresses that are made to look like the real addresses. Fraudsters use tactics like character substitution, addition and omission to make e-mails addresses appear legitimate. Here are some examples using a Chicago Title address, richard.roe@chicagotitle.com
  • roe@chicag0title.com
  • roe@chicagotit1e.com
  • roe@chicagotitlee.com
  • roe@chicagottle.com
  • roe.chicagotitle@gmail.com
  • roa@chicagotitle.com
  1. Be wary of wire transfers to countries outside of normal trading patterns.

ic3 circleIncidents should be reported to local offices of the FBI or Secret Service or to:

Dirt lawyers, protect your businesses and your clients’ funds by following these critical guidelines!