New Developments in Fraud – Forged Directives, Fake Notaries And Payoff Fax Compromises

Fraudsters never rest.   After a light spring in which we saw a substantial reduction in the number of wire frauds and other real estate scams reported, this summer has been especially challenging as fraudsters continue to evolve their practices. In this three-part series, we will describe three recent scams showing the creativity of fraudsters. 

In the most recent instance, a purchase transaction closed in eastern North Carolina.  Prior to closing, the seller relocated to the central part of the state and was to receive a significant sum from the sale of her former residence.  The closing attorney, in compliance with the Safe Harbor provision of our Financial Fraud Exclusionary Endorsement, informed the seller she was to provide an original notarized proceeds directive and emailed the appropriate form.  It was very similar to our sample document available on our website, lawyersmutualnc.com.

A few days before closing, a fraudster purporting to be the seller emailed a completed form.  It requested the proceeds be wired to a regional bank with multiple branches in the Triangle vicinity.  The form was signed and notarized.  A quick google search reveals the attesting Notary is a paralegal currently employed with a local Raleigh law firm.   A more detailed investigation reveals the notary stamp is identical to instruments legitimately notarized and recorded at the Wake County Register of Deeds office.  There was no indicia of fraud on the instrument or anything which was not logically consistent with a relocating seller.

Knowing the document is forged, we are relatively certain the hacker used the image from a recorded instrument to obtain the notary’s real signature and seal.  While writing this alert, I attempted to recreate this suspected process.  I went to the Wake County Register of Deeds website and pulled an old option contract I remembered notarizing for my former law partner.  Using the ‘PrtScr’ key on my standard Dell Laptop, I grabbed my signature and notary stamp and placed the image on a blank proceeds directive.  I didn’t use a professional version of Adobe Photoshop, and I can assure everyone I have no special training.  I used a mid-grade commercial laptop and Standard Office 365, and in less than 2 minutes produced a completely legitimate looking document.   

This is further evidence of how it is no longer safe to conclusively presume a notarized instrument is legitimate, in the same way can no longer assume official bank checks are the equivalent of cash.  Printing technology (both color 2D and now 3D) allows fraudsters to produce notarized documents which look completely legitimate.  The forgeries are even slipping past the probate process at local Register of Deeds offices and becoming part of the public record. This will be the focus of the 3rd installment of this series.

For the most recent fraud, the level of sophistication displayed by the hacker showed a great deal of knowledge of the closing process in North Carolina and localized research.  It was only stopped by the closing attorney, when she followed her normal procedures and still called a previously verified number of the seller.  Further investigation reveals the seller’s Realtor was the source of the email compromise.

So how can you protect yourself from this fraud?  Below are a few steps we recommend.

1. Do not include unnecessary parties in communications involving wires.  In particular, do NOT include Realtors and mortgage brokers as they are the parties specifically targeted by criminal organizations and the most likely to be compromised.  In the immediate case, a hacker was monitoring the seller’s Realtor and sprang into action when receiving the directive.  Worse yet, the fraudster now has a legitimate copy of this law firm’s document and may now target the firm in future deals.   
2. Demand a physical ‘wet ink’ copy of the notarized directive. In the immediate case, a .pdf version of the directive was sent, and it was impossible to detect the forgeries.  An original instrument is required to for compliance with the Safe Harbor provision of our Financial Fraud Exclusionary Endorsement. 
3. Ideally, the directive will be signed in the presence of a firm employee.  This is the only method which does not require telephone or in-person verification.
4. When not possible, directives should ideally be received with other closing documents (deed, lien waiver, etc.)  While not a sure indicia of fraud, a stand-alone directive should be considered a red flag. 
5. All directives not signed in the physical presence of a firm employee require telephonic confirmation, using a previously verified number obtained from a source not in the chain of wiring communications.   The call should be initiated by the law office, as fraudsters are now proactive in calling first.  Email verification is useless, as a compromised email account is the very cause of these frauds.