Every day I send and receive hundreds of emails without considering the ease with which emails can be intercepted by clever hackers.  I doubt anyone has much use for the fifteen daily “Thank You” emails I receive or my snarky comments to Seller’s inexperienced general counsel on his draft purchase agreement; however, I recently learned that a hacker can make productive use of an email with wire transfer instructions, but not for withdrawing funds as I first suspected. Instead hackers are changing the emailed wire transfer instructions so that funds intended for your account are sent to their bank and account.

We no longer physically attend the vast majority of our closings.  Instead, we pre-deliver to a title company executed closing documents, finalize the closing statement by email and authorize all funds to flow in and out of the title company.  Physical checks may be written by the title company to pay for smaller invoices, but the bulk of funds for loan payoffs, sales proceeds, buyer’s cash to close and, most importantly to this Firm, the legal fees, are all  sent by wire.   Some of these wires (but unfortunately not our legal fees) can total millions of dollars.

Over the past couple of months, I have been receiving telephone calls from lenders and title companies confirming the exact wire transfer instructions.   At first I was annoyed, but when the issue was explained to me, it made sense.  I will no longer just flip an email with wire transfer instructions, but instead will bring these into a .pdf and remove the words “wire transfer” from the email.  I know the .pdf can still be intercepted, revised and passed along, but suspect the hacker will feed on the low hanging fruit of those who put the instructions in the body of the email.  When in doubt, I will call the bank and confirm by phone.  I know they won’t get annoyed.