On March 30, 3023, the Financial Crimes Enforcement Network (FinCEN) issued a Financial Trend Analysis focusing on business email compromise (BEC) trends and patterns in the real estate sector (referred to as “RE BEC”). The report is required under Section 6206 of the Anti-Money Laundering Act of 2020 (AMLA). This section of AMLA requires FinCEN to periodically publish threat patterns and trend information derived from BSA filings. To date, FinCEN has published four other reports. BEC attacks and scams continue to rise and FinCEN has issued several pieces of guidance in recent years, including an updated advisory and a fact sheet regarding the Rapid Response Program (RRP), which assists victims of BEC attacks.
The real estate sector is not immune from BEC attacks and is particularly vulnerable given the high-dollar value of transactions and numerous entities involved. This vulnerability was likely exacerbated given the average price of homes increased significantly during the review period. FinCEN previously reported in 2019 that the real estate sector was the third most targeted sector for BEC attacks. BEC attackers target businesses and organizations that conduct wire transfers and rely on email communications regarding the transfers, typically compromising a key email account to fraudulently direct funds to the attacker.
The analysis provides data filed with FinCEN between January 2020 and December 2021. During the reporting period, there were a total of 2,260 filings reporting $893 million in RE BEC incidents.
Key highlights of the analysis include:
- Four money laundering typologies were identified: money mules used to obfuscate ties to attackers, money mules recruited through romance scams, ties to other fraud types, and the use of alternative payment systems to convert illicit proceeds (such as convertible virtual currency).
- The average value of RE BEC incidents increased in 2021 with an average monthly value of $116,233.
- Nearly 88% of incidents involved initial domestic transfers of funds to accounts at U.S. depository institutions. The top three international destinations of transfers included Hong Kong, China, and Mexico.
- The report could not fully analyze fund recovery success rates, as some filings did not include this information or recovery efforts were initiated but not yet determined. Of the filings that did include this information, roughly 22.21% of depository institutions recovered the full amount of the funds and 20.37% indicted no funds could be recovered.
- As reflected by the following chart, title companies and closing entities were the most frequently impersonated party, followed by investors and realtors as the most frequent impersonations.
The report also highlighted the importance of detecting and mitigating RE BEC attacks through system assessments of vulnerability and taking action to increase resiliency against attacks. In addition, FinCEN encourages the adoption of a multi-faceted transaction verification process and training and awareness to identify and evade phishing attempts.
In the press release accompanying the analysis, FinCEN noted that “[t]oday’s report emphasizes the critical role of timely reporting of cyber-enabled crime to enable FinCEN and law enforcement to interdict, freeze, and recover stolen funds through cyber-enabled fraud, such as BEC, through FinCEN’s Rapid Response Program (RRP).” As indicated in the report, the success rates of recovering funds are mixed but FinCEN has had greater success rates in identifying and freezing funds when victims or financial institutions report unauthorized and fraudulent BEC wire transfers to law enforcement within 72 hours of the transaction. The report also promoted the use of information sharing under a Section 314(b) program, and the continued reporting of RE BEC attacks through SAR filings.