Cybercriminals Posing as Lenders & Escrow Agents for Payment Fraud

Cybercriminals Posing as Lenders & Escrow Agents for Payment Fraud

March 22, 2024 / in Blog / by Zafar Khan, RPost CEO

There’s a lot of posing going on when it comes to cybercrime.

If you’ve spent this past workweek furiously trying to figure where I’d wind up for this installment of Tech Essentials (and hopefully win your office betting pool), you can now put your pencils down because I’ve arrived in Pisa, Italy. 

My first stop was to get some truly delicious pizza, and the Trattoria was kind enough to let me put my own home-brought ants onto the pie (Armadillos are distant cousins of the anteater, of course). Next, I headed to one of the most photographed sites in the world—the famous leaning tower. Here I saw and did what I traveled all those miles to do: Pose. Yes, I posed in front of the tower; I posed with my hands on the tower; I posed with my stubbly feet on the tower; and I had to be fast because there were hundreds of other tourists hoping to pose the same way right after me. 

Why all this posing? To point out that there is indeed a lot of posing going on when it comes to cybercrime—people posing as lenders so they can get a loan “payoff” during a refinancing; posing as escrow agents to get down payment funds on homes; and posing as professional services providers, who cleverly modify invoices to siphon your business’ hard-earned cash.

I was speaking with one accounting professional on the plane yesterday who sent a routine invoice for a $125K audit to a client. The client received a phony duplicate of the invoice with altered ACH funds transfer account information. The client wound up paying the wrong account, which was, of course, the right account for the cybercriminal. The fact is that this type of cybercrime is targeting all companies that deal in money, invoices, payments, and transactions!

It was at this point that I was duty-bound to inform him that RMail’s PRE-Crime™ module is designed to prevent, detect, and disarm wire fraud attacks targeting anyone at their own email account (and even at your clients’).

As an example, I told him about how just one day after Washington-based AEGIS Land Title Group implemented our RMail PRE-Crime email security service, it detected that two of their emails had unexpected activity in Russia. The discovery initiated an investigation that found a lender involved in a re-financing transaction was fake! After investigation, AEGIS reported that the title company’s emails were delivered to a client’s U.S. server and then auto forwarded and opened on mobile devices in Russia. This activity triggered our high-risk alerts sent in real-time to the AEGIS security team. A quick investigation revealed that the title company was involved in a transaction with a fraudulent lender. Since then, AEGIS has already caught two other fraudulent transactions, which resulted in 30 phone calls. Click here to view the PRE-Crime report that evidenced the eavesdropping from Moscow.

So, you know there’s got to be a lot of posing going on (beyond the leaning tower of Pisa) for this type of attack to have occurred so early and so frequently. There’s perhaps so much posing going on that maybe an even better place to go for this article would have been the recent Oscar awards in Hollywood! But then again, I wouldn’t have been able to have such a delicious ant pizza…

To learn more about PRE-Crime protection…pre-empting cybercrimes in progress with RPost AI, don’t hesitate to contact us.