One-On-One: CertifID Co-Founder Talks About Preventing Wire Fraud

Photo byCourtesy Photo

By Kimberley Haas for The Mortgage Note

Advances in artificial intelligence combined with a fast-paced real estate market that puts pressure on industry professionals and consumers to rely on technology have led to increased wire fraud.

According to the 2024 State of Wire Fraud Report by CertifID, real estate is especially vulnerable to fraud because data on property listings is publicly available through MLS and county records, these transactions involve large amounts of money, and there are up to 10 different parties involved in closings.

Typically, fraudsters compromise business email accounts to reach their victims but have been known to accompany their phony requests with voicemails using AI to replicate the voices of trusted parties.

In 2023, CertifID’s Fraud Recovery Services division received 463 requests for help from victims of wire fraud.

CertifID works to protect real estate transactions using advanced identity verification, AI-enabled transaction verification, and threat-monitoring capabilities, enabling customers to assess risks at scale for buy-side, sell-side, and payoff transactions. Last year, customers identified and prevented $2.4 billion in suspected fraud, a year-over-year increase of 56%, according to the report.

Co-founder and Executive Chairman Thomas Cronkright recently sat down with Editor Kimberley Haas to talk about how CertifID started, warning signs consumers should look for, and how mortgage lenders can help prevent wire fraud.

Haas: Maybe we could start by just having you share in your own words your own personal story and how you got to this point where you wanted to start this organization.

Cronkright: It was a crazy series of events. To back up a little further from the point where we were victimized by fraud, I’m a member of the Michigan Bar so I started professionally as an attorney with my business partner, Lawrence Duthler.

Early in our legal careers, we ended up forming Sun Title Agency, which is a title agency in the state of Michigan. We’ve since grown that to be one of the larger agencies of its type in the state.

Ten years into the operation of Sun, we were asked to work on a commercial transaction that was the sale of a gas station here in the Grand Rapids area, so we’re kind of on the west side of Michigan, and that gas station had just a series of different liens. It was some mortgage foreclosures and tax foreclosures and some things that we call kind of “hair on the dog.” It was just one of those messy deals.

We had a purchase agreement. We got a check to support the terms of the purchase agreement which said that the buyer was going to deposit $180,000 of earnest money in favor of the seller so if the buyer backed out, that money would go to the seller.

We started title on it, we deposited the check, and then after due diligence was completed, which was only a few days, we were asked to wire off of that check, and we had called what was a very large institution at the time where we held our escrow accounts, and we were getting the green light to say, “This is good. It’s cleared. Go ahead. Send the money.”

So we did. We sent the money. We didn’t think anything of it.

And a few days after that, my phone rang by my executive assistant and she notified me that that check had come back as insufficient funds. And then that cast us down two years of civil litigation to get the $180,000 returned back to us and then ultimately being called as a lead witness for the Department of Justice because what we had uncovered and they had uncovered was the whole scam was perpetrated by one of the most prolific cybercrime organizations operating globally and has grown since our incident, likely exponentially.

This was flat out sophisticated, organized crime. This was not some hacker interested in trying to have some outsize payday. I mean the layers, and the coordination, and how this thing spanned globally was not only enlightening but it was mind blowing.

CertifID originated from this idea that bad actors insert themselves in a real estate transaction by impersonating a trusted party. They get the information through some sort of e-mail compromise, which we now call business e-mail compromise.

Why real estate? Real estate is likely one of the most public facing transactions in the United States because of the MLS.

The MLS and the syndication of MLS data is just a nonstop deal board for these bad actors. And then they take that information and they use sophisticated fishing lures to try to get people to give up account credentials. They go into an account, they change rules, and then they just start siphoning off emails relating to upcoming transfers or transactions that are closing.

They weaponize that information against the victim that is about ready to send money in connection with a real estate closing, so a buyer would be approached by a fraudster impersonating the title company or closing attorney’s office.

Those communications have advanced with the use of AI and how believable they are, so to the consumer that’s not educated and not prepared, they’re looking at the rest of the emails that the fraudster had copied and pasted in the same email chain and says, “This must be so and so from the title company. I better get the money there because I’ve been in this wait and see transaction for the last 40 days anyway. They say something, I do something.”

Every single possible transfer of funds in a real estate transaction is at risk and I’m not trying to over-inflate what this actually looks like. It’s just the truth.

Haas: I’m really glad that you went through that with us because I think it really lays the groundwork for the conversation that we need to have and the things that we need to be able to provide our readers with, which are some of the warning signs that they may be able to pick up on. It sounds like these people are so sophisticated that they’ll do entire e-mail chains, and it’s not just something that we plainly view as Americans as potential fraud.

Cronkright: There’s a standard of care that is developing in the court system around educating, engaging, and protecting the consumer around this risk, even though it’s the consumer’s responsibility and their obligation to get their closing funds in for closing.

It really looks like the ability to say, “Did I educate, did I engage, did I set the consumer up for success?”

In our world, both my world as a large title agent, and in the world where I’m helping lead CertifID along with the team, that means safely putting things into the hands of the actual consumer that needs the protection, validating that they received it, and getting them to agree that “I’m only going to follow these instructions.”

And then we provide continual information as a reminder for when you wire, you can only trust what’s coming through the certified system.

The biggest challenge that we have with consumers is they’re communicating so much through mobile devices, so they’re reading and responding on their phone primarily, and when a fraudster approaches as a consumer it will look like it’s coming from a trusted party, their real estate agent, their mortgage lender, or the title escrow officer that’s been assigned to help them.

So let’s say Jane Doe is the lender. In the email on the consumer’s phone, it’s going to say Jane Doe in the front line and consumers aren’t trained to click that and really expand it to say, “Wait a second. This actually is coming from closingescrow123@gmail.com. It’s not coming from my mortgage lender or my financial institution providing the loan.”

Because somebody’s e-mail was compromised, now Jane is saying, “Hey, I just received these wiring instructions from the title company, could you please wire them out today? Send me confirmation. I’m back-to-back with other closings and I’ll get to you at the end of the day.”

The money gets transferred and then the money is gone.

The telltale signs are being asked to receive or wire funds and that request is coming somewhat out of the blue. It’s a new, or it’s a revised request, with a sense of urgency and typically a request for confirmation once those funds have been released.

The problem is, with AI now, is a lot of the things I could have told you 24 months ago have been removed because they’re using AI to draft essentially pitch-perfect emails to approach the buyer.

Photo byCourtesy Photo

Haas: I really think that the thing that puts blinders on for a lot of people, especially when it comes to real estate, is it’s emotional. Buying a home in any capacity, whether it be your primary residence or a place down at the shore to spend time with your kids in the summer, there’s a lot of emotion attached.

I think anytime human beings get emotional, reason, to a certain degree, goes out the window.

Cronkright: I think you’re hitting it on the head. These transactions are always triggered off of some life moment. So either expansion or contraction of a household, new household formation, loss of loved ones. You’re right, it’s big time, and we only do it a few times in our lives.

Haas: How about on the commercial real estate side? Commercial real estate, of course, has some of those emotions and things. People are starting a business, selling a business, whatever, but these are the types of transactions people within the commercial world are more used to. What are some of the things that they can maybe pick up on if fraudsters are picking at them for some reason?

Cronkright: Commercial has less emotion but it has more trust and you can still exploit that trust. In a lot of ways, they do that through more of a focal point on the lawyers representing the parties or the commercial brokers representing them.

I think on the commercial side, there are longer transactions, they’re higher value transactions, much more owner equity is moving, and there’s this sense that the professionals involved are not going to be targets of any type of email breach and fraud, and I think it’s that optimism bias, or that experience bias, that almost override either the willingness to add layers of security or education to the consumer.

Haas: How can loan officers help with this?

Cronkright: I think in a perfect world, the lexicon is all the same between mortgage lending, brokerage, and title settlement and what I like about the loan officers is typically they’re the first point of contact to get that prequalification letter.

This is what the lenders need to say, “There is no world, ever, where in an e-mail that looks like it’s coming from me, or my team, or my processor, that there will be title company wiring instructions attached. Period. It cannot and will not happen.”

Because sometimes education is also what it shouldn’t look like, not what it should look like. “The title company will get ahold of you. They’ll use a platform like CertifID or they’ll somehow get you the wiring instructions securely and they’ll validate those with you.”

Lenders do have a role to play in this to say, “You’ll never get it from me, and if you do independently, find a number and call me. Call the agent or call the title company. Do not send money off an e-mail, or text message, or phone call, any of that, no matter what it’s saying. Even if it sounds like it’s me.”

CertifID has locations in Austin, Texas, and Grand Rapids, Michigan.