CEO Fraud; Escrow Wire Transfer Fraud

CEO Fraud or BEC (Business E-mail Compromise) Scams

According to the FBI, these frauds  have cost victims billions of dollars:

“The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”


Escrow Wire Transfer fraud

This fraud has been plaguing the escrow and title company business for years and costing victims huge losses.  (See below for a description of how this similar fraud is perpetuated).


The key is to end any dependence on email as an authenticating mechanism and to introduce cryptographically-secure authentication. There are simply too many different methods to successfully spoof email accounts and email addresses to do otherwise. In addition to email spoofing, spear-phishing email attacks can get people to reveal confidential information to criminals. When it comes to authenticating bank transfer requests or to releasing sensitive information, email authentication cannot be relied upon.

Using the technology of its Building Blocks (omitting its two IoT-specific elements) the TrustCentral API will offer access to unique cryptographically-secure technology capable of virtually ending these frauds.

An implementation process is not complicated. There are generally two or three parties involved in the process of approving a funds transfer:

  • REQUESTING PARTY – The person who wants funds wired (e.g., a CFO or corporate disbursements officer; an Escrow or Title Officer; or other)
  • APPROVING PARTY [optional] – A person who approves the transaction and possibly also confirms the correct account number of the receiving bank (e.g., a CEO, controller or buyer in a real estate transaction; sometimes the same as the requesting party)
  • EXECUTION PARTY – The person who wires the funds

Each pair of parties that need to communication (e.g., Requesting & Approving; Approving & Execution) initiate TrustCentral’s Inviter-Invitee Protocol to mutually establish an authenticated, secure, persistent Communication Line between themselves. This authentication process is done only one time. Once that Secure Communication Line relationship has been established, is it persistent and is available for future use. At any time, the parties can then use their authenticated relationship to digitally-sign instructions, approvals, confirmations (or other) and exchange these requests/approvals by whatever method they prefer (e.g., email, text, Dropbox, etc.). The result of this process is: (a) the receiving party can be certain that any request/approval was created by the sending party (and the sending party only); and (b) the request/approval has not been altered in any manner. If privacy is also desired, a message may optionally be encrypted so that no one can read it other than its designated recipient.

One of the steps of the Inviter-Invitee Protocol includes the trusted exchange of public encryption keys between the parties, an exchange that is facilitated by the trusted third party feature of the TrustCentral Security Ecosystem, operating through the API. (Trusted public keys are required for both encryption and verification purposes.)


No more “spoofed” emails; no more questions “is this legitimate or not?” Email impersonation can be eliminated; no more acting on phony wiring instructions that result in the sending of funds to a fraudster’s bank account. The entire process is supported with a digital audit trail.

This fraud perpetuation description is from Inwood National Bank:

“HERE’S HOW IT [ESCROW WIRE TRANSFER FRAUD] WORKS: Wire transfer instructions are emailed to the buyer. The buyer complies and follows the instructions to the letter. The next day, the escrow agent contacts the buyer asking if the money has been sent yet. The buyer checks with his bank and is assured that the funds have been transferred out. A short while later, when the money has still not shown up, everyone begins to retrace steps. As it turns out, the wire transfer instructions were bogus. The email came from an address that looked very much like that of the escrow or title company, but it was not actually theirs.

“And the recipient bank account? It was real, it just wasn’t the correct one. And, yes, it was emptied out before anyone was the wiser.

“This scheme – perpetrated by hackers – has been going on around the country for a while now. To combat this growing threat, this alert describes the steps involved, summarized below:

“First, hackers identify the email accounts of real estate agents and brokers. Most of this can easily be found on social media.  Then they hack directly into the accounts and identify emails that reference pending real estate deals. From these strings of emails, the hackers pull out specific details about the deal, such as (a) the names of the parties, (b) the title company involved, (c) the escrow officer in charge of the deal, and (d) other information specific to the transaction.

“Next, they send a fraudulent email directly to the buyer or lender, making it appear like it was sent by the real estate agent, mortgage broker, or escrow agent. These fraudulent emails now direct the buyer or lender to wire the funds necessary to close escrow directly to a different bank account than provided in the preliminary report or in the escrow instructions. Obviously, this new bank account is controlled by the hacker, not the title company or the escrow holder.

“Then, if the fraud is not detected, the money is wired to the bogus account controlled by the hacker and is immediately withdrawn.”