You must first complete IREBEA before viewing this Lesson
Reading Time: 33 minutes

Mortgage Closing Scams: How to protect yourself and your closing funds

Closing on a new home can be one of your most memorable life moments. It’s the final and one of the most critical stages in the home-buying journey, but with the exchange of key paperwork and a sizable down payment, it can also be a stressful experience, especially for first-time homebuyers.  

The FBI has reported that scammers are increasingly taking advantage of homebuyers during the closing process. Through a sophisticated phishing scam, they attempt to divert your closing costs and down payment into a fraudulent account by confirming or suggesting last-minute changes to your wiring instructions. In fact, reports of these attempts have risen 1,100 percent between 2015 and 2017, and in 2017 alone, there was an estimated loss of nearly $1 billion in real estate transaction costs. 

While it’s easy to think you may not fall for this kind of scam, these schemes are complex and often appear as legitimate conversations with your real estate or settlement agent. The ultimate cost to victims could be the loss of their life savings. 

Here’s what you should know and how to avoid it happening to you.

 

play video

Transcript

You get a flood of messages from friends and family. They’re getting emails from you with seemingly random links, or messages with urgent pleas to wire you money. It looks like your email or social media account might have been taken over. What do you do? For starters, make sure your security protections are up-to-date, reset your password, and warn your friends.

Your friends and family are getting e-mails from you that you didn’t send. Or maybe you want to check your e-mail, but wait, you can’t login. Sound familiar? Chances are your e-mail’s been hacked.

Don’t panic. The situation can be fixed. Start by updating or installing security software from a company you can trust. And set it to update automatically.

Hackers often hijack accounts by infecting your computer with malware. So it’s important to scan your computer first. Delete anything that identifies as suspicious and restart your computer. Now you’re working with a clean slate.

Next, if you can get into your account, change your password. If you use similar passwords for other accounts, change them, too. Passwords are the keys that open your accounts. They have to be memorable for you, but hard for someone else to guess. Some people use software that manages passwords to help create strong passwords and keep track of them.

If you can’t get into your account, check with your e-mail provider to find out how to restore it. Once you’ve got your account back, and check your account settings to make sure no one added any links to your e-mail signature, and that your e-mails aren’t being forwarded to someone else.

Finally, let your family and friends know your e-mail was hacked. Think of it as spreading good computer karma. And they may have some work to do, too. Want to know more about protecting your e-mail from hack attacks? Visit onguardonline.gov.

How You Know You’ve Been Hacked

You might have been hacked if:

  • friends and family are getting emails or messages you didn’t send
  • your Sent messages folder has messages you didn’t send, or it has been emptied
  • your social media accounts have posts you didn’t make
  • you can’t log into your email or social media account

In the case of emails with random links, it’s possible your email address was “spoofed,” or faked, and hackers don’t actually have access to your account. But you’ll want to take action, just in case.

What To Do When You’ve Been Hacked

1. Update your system and delete any malware

Make sure your security software is up-to-date

If you don’t have security software, get it. But install security software only from reputable, well-known companies. Then, run it to scan your computer for viruses and spyware (aka malware). Delete any suspicious software and restart your computer.

Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically

Software developers often release updates to patch security vulnerabilities. Keep your security software, your internet browser, and your operating system up-to-date to help your computer keep pace with the latest hack attacks.

2. Change your passwords

That’s IF you’re able to log into your email or social networking account. Someone may have gotten your old password and changed it. If you use similar passwords for other accounts, change them, too. Make sure you create strong passwords that will be hard to guess.

3. Check the advice your email provider or social networking site has about restoring your account

You can find helpful advice specific to the service. If your account has been taken over, you might need to fill out forms to prove it’s really you trying to get back into your account.

4. Check your account settings

Once you’re back in your account, make sure your signature and “away” message don’t contain unfamiliar links, and that messages aren’t being forwarded to someone else’s address. On your social networking service, look for changes to the account since you last logged in — say, a new “friend.”

5. Tell your friends

A quick email letting your friends know they might have gotten a malicious link or a fake plea for help can keep them from sending money they won’t get back or installing malware on their computers. Put your friends’ email addresses in the Bcc line to keep them confidential. You could copy and send this article, too.             

Protections

How to Protect Your Computer 

Below are some key steps to protecting your computer from intrusion:

Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

For Business Scams Against Your Small Business

March 14, 2019

 

Learn how to spot scams against your small business. And talk to your colleagues about it, too. Scammers target small businesses with fake check scams, utility scams, and other scams, but knowing how these scams work can help you avoid them—and protect your business. Learn more at https://www.ftc.gov/smallbusiness.

Scammers have lots of tricks to get your business’s money, like sending fake invoices or pretending to be the government. There’s nothing they won’t try. But knowing how scams work can help you avoid them and protect your business. Learn how to spot scams against your small business and talk to your colleagues about it too. Learn more at ftc.gov/smallbusiness. 

Cybersecurity Basics for Small Business

Internet Fraud

Internet fraud is the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them. Internet crime schemes steal millions of dollars each year from victims and continue to plague the Internet through various methods. Several high-profile methods include the following:

  • Business E-Mail Compromise (BEC): A sophisticated scam targeting businesses working with foreign suppliers and companies that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
  • Data Breach: A leak or spill of data which is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected, or confidential information that is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
  • Denial of Service: An interruption of an authorized user’s access to any system or network, typically one caused with malicious intent.
  • E-Mail Account Compromise (EAC): Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised e-mails to request payments to fraudulent locations.
  • Malware/Scareware: Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
  • Phishing/Spoofing: Both terms deal with forged or faked electronic documents. Spoofing generally refers to the dissemination of e-mail which is forged to appear as though it was sent by someone other than the actual source. Phishing, also referred to as vishing, smishing, or pharming, is often used in conjunction with a spoofed e-mail. It is the act of sending an e-mail falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user’s information.
  • Ransomware: A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through spear phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as Bitcoin, at which time the actor will purportedly provide an avenue to the victim to regain access to their data.

Frequent instances of Internet fraud include business fraudcredit card fraudinternet auction fraudinvestment schemesNigerian letter fraud, and non-delivery of merchandise. For information on the most common complaints and scams, see the annual reports of the Internet Crime Complaint Center (IC3), a partnership of the FBI and the National White Collar Crime Center. Also see its information on Internet Crime Schemes and its Internet Crime Prevention Tips.

Cyber Crime- FBI

The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. The threat is serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators. Just as the FBI transformed itself to better address the terrorist threat after the 9/11 attacks, it is undertaking a similar transformation to address the pervasive and evolving cyber threat. This means enhancing the Cyber Division’s investigative capacity to sharpen its focus on intrusions into government and private computer networks. 

For more information on the FBI’s cyber security efforts, read Addressing Threats to the Nation’s Cybersecurity.  

Key Priorities 

Computer and Network Intrusions

The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 centers around the country.

Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights, to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal personal information and sell it on black markets, to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.

Today, these computer intrusion cases—counterterrorism, counterintelligence, and criminal—are cyber program priorities because of their potential national security nexus.

In recent years, we’ve built a new set of technological and investigative capabilities and partnerships—so we’re as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents. Those capabilities include:

  • A Cyber Division at FBI Headquarters to address cyber crime in a coordinated and cohesive manner;
  • Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with agents and analysts who protect against and investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud;
  • New Cyber Action Teams that travel around the world on a moment’s notice to assist in computer intrusion cases and gather vital intelligence that helps us identify the cyber crimes that are most dangerous to our national security and to our economy;
  • Our Computer Crimes Task Forces that combine state-of-the-art technology and the resources of our federal, state, and local counterparts;
  • A growing partnership with other federal agencies—including the Department of Defense, the Department of Homeland Security, and others—that share similar concerns and resolve in combating cyber crime.
Cyber Agent

Ransomware 

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable items— including family photos, videos, and other records—can be devastating for individuals as well.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, such as an invoice or an electronic fax, but that actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking website address, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

Once the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, often with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. In some newer instances of ransomware, cyber criminals are seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization will get its data back—there have been cases in which organizations never received a decryption key after paying the ransom. Paying a ransom also emboldens current cyber criminals to target more organizations and offers an incentive for other criminals to get involved in this type of illegal activity. In addition, by paying a ransom, an organization may inadvertently fund other illicit activity.

As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—the FBI recommends organizations focus on:

  • Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan in the event of a ransomware attack.

Here are some tips for preventing ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure anti-virus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read-specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly and verify the integrity of those backups.
  • Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
 
 

Old Fashion Fraud

Reading Time: 27 minutes

Old Fashion Fraud

OWNER OF REAL ESTATE ESCROW COMPANY INDICTED FOR BANK, WIRE AND MAIL FRAUD

Unfortunately there are many examples of ESCROW Fraud.

DON”T DO IT!

DOJ

FOR IMMEDIATE RELEASE

Friday, August 4, 2017

Defendant Falsified Documents, Altered Checks and Embezzled Money from Trust Account

The owner of a now defunct real estate escrow firm was indicted last month by a federal grand jury on ten counts of bank fraud, and one count each of mail and wire fraud, announced U.S. Attorney Annette L. Hayes.

LORI LYNN ANDREW

48, of Cashmere, Washington, the owner of Hartman Escrow, Inc., was arrested and arraigned on the indictment August 3, 2017. The Washington State Department of Financial Institutions arranged for a receiver to take over the Tukwila, Washington escrow company in 2012 after finding evidence of fraud. ANDREW had her license to act as an escrow agent suspended in 2013 and her license has since been revoked.

According to the indictment, beginning in about January 2011, and continuing until July 2012, ANDREW used a variety of means to defraud financial institutions and individual home buyers and sellers who were involved in various real estate transactions. ANDREW made, or had others make, false settlement statements on the transactions listing false or inflated fees and charges to hide the fact that she was embezzling money.

ANDREW forged signatures on various statements and created false invoices, statements and bills; she altered and deposited checks to her company account that should have gone to others; she took funds from her trust account and transferred them to her personal account for her own use. ANDREW used the money for casino payments, credit card bills and other personal expenses. ANDREW defrauded individual customers as well as Bank of America, Wells Fargo, Citi Bank, Chase and GMAC.

In all the indictment alleges ANDREW defrauded the financial institutions and other customers of approximately $2 million.

The charges contained in the indictment are only allegations. A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.

Each count of bank, mail or wire fraud is punishable by up to 30 years in prison and a fine of up to $1 million.

The case was investigated by the Washington State Department of Financial Institutions, the FBI, the Postal Inspection Service (USPIS) and the Housing and Urban Development Office of Inspector General (HUD-OIG).

The case is being prosecuted by Special Assistant United States Attorney Hugo Torres and Assistant United States Attorney Norman Barbosa. Mr. Torres is a Senior King County Deputy Prosecutor specially designated to prosecute financial fraud cases in federal court.

 

FACTUAL FINDINGS

Failure to Comply with Director’s Authority.

On or about July 10, 2012, the Department served Respondents with a Subpoena to Provide

Documents and Records requiring Respondent Andrew to provide certain records by July 16,2012, or a

Temporary Cease and Desist Order (TCD) would be issued. Respondent Andrew did not provide the

records by the due date and on or about July 18, 2012, the Department issued a TCD requiring

Respondent Andrew to produce the records immediately. The TCD was served on Respondent Andrew

on or about the same day, and served by Federal Express overnight delivery on July 28,2012, but

Respondent Andrew did not provide the records as required.

Providing Altered Bank Statements.

On or about June 21, 2012, Respondent Andrew provided the Department with copies of what she represented to be the monthly statements for Respondent Hartman Escrow’s general account at Key Banle

On or about July 25, 2012, the Department received copies of the actual monthly statements for the general account directly from Key Bank. A comparison of the two sets of statements revealed that among other deceptions, Respondent Andrew had altered the account statements she provided the Department to conceal more than $2.1 million in transfers from the trust account to the general account. The differences between the general account statements provided by Respondent Andrew and those provided by Key Bank are as follows:

Hartman Escrow, Inc. General Account Bank Statements

Dec-II

The statement was altered to conceal 6 transfers totaling $23,754.28 from the trust account to the general account.

Jan-12

The statement was altered to conceal 13 transfers totaling $188,135.42 from the trust account to the general account, and did not include a page listing a $5,000 transfer from the savings account to the general account. Feb-12

The statement was altered to conceal 8 transfers totaling $161,074.45 from the trust account to the general account.

Mar-12

The statement was altered to conceal 7 transfers totaling $359,864.86 from the trust account to the general account, and a separate transfer of$291,164.86 from the trust account to the general account.

Apr-12

The statement was altered to conceal a transfer totaling $145,582.28 from the general account to the trust account, and a $5,000 transfer from the general account to Respondent Andrew’s personal account.

May-12

The statement did not include three pages, two of which listed 18 transfers totaling $237,507.32 from the trust account to the general account. Another missing page listed a $10,404.49 transfer from the general account to the trust account and two credit card payments totaling $45,785.15.

Jun-12

The statement was altered to conceal 15 transfers totaling $762,758.15 from the trust account to the general account, and did not include a page listing a $5,000 transfer from the savings account to Respondent Andrew’s personal account.1.3 Conducting Business in such an Unsafe Manner as to Render its Further Operation Hazardous to the Public.

The Department reviewed bank statements and reconciliation records of Respondent Hartman Escrow, Inc. and noted numerous questionable transactions. For example, two month-end reconciliation Trial Balance reports printed on April 30, 2012, show the escrow trust account of Respondent Hartman Escrow to be significantly overdrawn.

The first report lists  overdrawn escrow accounts with an aggregate negative balance of$I,090,755.09; the second report  lists overdrawn escrow accounts, but with a lower aggregate negative balance of $205,400.94. The overdrawn escrow accounts indicate Respondent Andrew disbursed more money from the accounts 6 than received.

The number and aggregate dollar amount of the overdrawn escrow accounts is unusual, 7 and indicates much larger shortages in the trust account may exist.

The June 2012 general account statement for Respondent Hartman Escrow shows six transfers 10 from the general account to the trust account totaling $678,548.

The number and aggregate dollar amount of these transfers are unusual, and indicates an attempt to “cover” overdrawn escrow accounts.  The Department has identified suspicious transactions in ReSpondent Hartman Escrow’s general 13 account between December 2011 and July 2012 of approximately:

• $2.1 million in transfers from the trust account to the general account;

• $212,000 in checks and transfers payable to Respondent Andrew or her husband;

• $103,000 in checks payable to casinos in Washington and Nevada; and

• $65,000 in checks and transfers payable to a Nordstrom-branded VISA credit card.

Order Taking Possession-Termination of Employment.

On or About July 31,2012, the

Director issued an Order Taking Possession of Hartman Escrow, Inc. and served a copy of the Order

on Respondent Andrew. In its capacity as the controlling entity for Hartman Escrow, Inc., the

Department has terminated the employment of Respondent Andrew as Designated Escrow Officer,

Escrow Officer, and any other employment capacity for Hartman Escrow, Inc.

II. GROUNDS FOR ENTRY OF ORDER

Requirement to Comply with Director’s Authority. Based on the Factual Allegations set

forth in Section I above, Respondent Andrew is in apparent violation ofRCW 18.44.400(1) and RCW

18.44.420(2) by failing to provide documents and other materials required by the Director.

Prohibition against Making Material False Statements.

Based on the Factual Allegations set forth in above, Respondent Andrew is in apparent violation by making materially false statements to the Director concerning the affairs of Hartman Escrow, Inc.

Requirement to Properly Administer Funds held in Trust. Based on the Factual

Allegations set forth  above, Respondent Andrew is in apparent violation failing to properly administer funds held in trust.

Status of Escrow Officer License.

Respondent Andrew’s license to conduct business as an Escrow Officer is no longer in force and must be surrendered to the Department.

ORDER

Based on the above Factual Findings, Grounds for Entry of Order, and Authority to Issue

Temporary Order to Cease and Desist,  the Director finds that the public interest will be irreparably harmed by delay in issuing a cease and desist order. Therefore, the

Director ORDERS that:

  1. Respondent Lori L. Andrew shall immediately cease and desist from engaging in any act or
  2. acts, directly, indirectly, or through any 3rd party, which in any way affects Hartman Escrow, Inc. Such
  3. acts include, but are not limited to, conducting any escrow transaction or any part of any escrow
  4. transaction, conducting any contract collection activity, accessing or attempting to access any account
  5. in the name of Hartman Escrow, Inc. in or at any financial institution of any kind, obtaining or
  6. attempting to obtain credit of any kind on behalf of Hartman Escrow, Inc., incurring any debt on behalf
  7. of Hartman Escrow, Inc., accessing or attempting to access any computer system, telephone messaging
  8. system, or any other business system of Hartman Escrow, Inc., accessing any real or personal property
  9. owned by or registered in the name of Hartman Escrow, Inc., or any other act having any relationship to Hartman Escrow, Inc.

Hartman Escrow, Inc. regardless of the status of the file or the current location of the file (other than those at the Tukwila office), and including any and all copies of said files. Further, Respondent Andrew shall immediately surrender to the Department any and all other files related to the business operations of Hartman Escrow, Inc., any and all title and ownership documents for property owned by Hartman Escrow, Inc., any and all documents and contracts evidencing property or services leased or rented in the name of Hartman Escrow, Inc., and any and all documents of any nature belonging to Hartman Escrow, Inc. Respondent Lori L. Andrew shall immediately surrender to the Department all business related equipment owned, leased, or rented by Hartman Escrow, Inc., including, but not limited to: cell phones, smart phones, computers, and all other business equipment of any nature, regardless of whose possession such equipment is currently in.

Respondent Lori L. Andrew shall immediately surrender to the Department all credit cards for any and all accounts in the name of Hartman Escrow, Inc, and all keys to any property owned, rented, or leased by Hartman Escrow, Inc, including office keys and truck keys, regardless of whose possession such credit cards and keys are currently in.

All files, documents, and property which Respondent Andrew has been ordered to immediately surrender must be surrendered at the Hartman Escrow, Inc. Tukwila office location between 8:00 a.m. and 5:00 p.m. no later than the first business day following service of this Order on Respondent Hartman.

This order shall take effect immediately and shall remain in effect unless set aside, limited, or suspended in writing by an authorized court.

NOTICE

PURSUANT TO CHAPTER 18.44 RCW, YOU ARE ENTITLED TO A HEARING WITHIN

14 DAYS OF REQUEST TO DETERMINE WHETHER THIS ORDER SHALL BECOME

PERMANENT. IF YOU DESIRE A HEARING, THEN YOU MUST RETURN THE

ACCOMPANYING APPLICATION FOR ADJUDICATIVE HEARING, INCORPORATED HEREIN

BY THIS REFERENCE. FAILURE TO COMPLETE AND RETURN THE APPLICATION FOR

ADJUDICATIVE HEARING FORM SO THAT IT IS RECEIVED BY THE DEPARTMENT OF

FINANCIAL INSTITUTIONS WITHIN 20 DAYS OF THE DATE THAT THIS ORDER WAS

SERVED ON YOU WILL CONSTITUTE A DEFAULT AND WILL RESULT IN THE LOSS OF

YOUR RIGHT TO A HEARING AND THE ENTRY OF A PERMANENT ORDER TO CEASE AND

DESIST ON THE 21ST DAY FOLLOWING SERVICE OF THIS ORDER UPON YOu. SERVICE ON

YOU IS DEFINED AS POSTING IN THE U.S. MAIL. POSTAGE PREP AID, TO YOUR LAST

KNOWN ADDRESS.

WITHIN 10 DAYS AFTER YOU HAVE BEEN SERVED WITH THIS TEMPORARY

ORDER TO CEASE AND DESIST, YOU MAY APPLY TO THE SUPERIOR COURT IN THE

COUNTY OF YOUR PRINCIPAL PLACE OF BUSINESS FOR AN INJUNCTION SETTING

ASIDE, LIMITING, OR SUSPENDING THIS ORDER PENDING THE COMPLETION OF THE

ADMINISTRATIVE PROCEEDINGS PURSUANT TO THIS NOTICE.

UPDATE

FOR IMMEDIATE RELEASE
Friday, August 10, 2018

OWNER OF NOW-DEFUNCT REAL ESTATE ESCROW COMPANY SENTENCED TO 24 MONTHS IN PRISON FOR BANK FRAUD

Defendant Falsified Documents, Altered Checks and Embezzled more than $2 Million from Trust Account

The owner of a former real estate escrow firm was sentenced today in U.S. District Court in Seattle to 24 months in prison for bank fraud, announced U.S. Attorney Annette L. Hayes. LORI LYNN ANDREW, 49, of Cashmere, Washington, the owner of Hartman Escrow, Inc., pleaded guilty to one count of bank fraud.  ANDREW stole more than $2.1 million through a variety of techniques, including making false entries in escrow closing documents, altering accounting records, and depositing checks into the general account instead of the trust account.  At the sentencing hearing, U.S. District Judge Richard A. Jones said, “Every single time you had an opportunity to change your mind and say ‘this is wrong,’ you kept doing it.”

“This defendant chose to victimize people when they were buying or selling a home–often the most important financial transaction of their lives,” said U.S. Attorney Annette L. Hayes.  “Like all real estate escrow agents, the defendant was responsible for ensuring large amounts of money went where they belonged.  When she decided to line her own pockets rather than do her job, she crossed the line and earned the prison sentence that the court imposed today.”

According to records in the case, beginning in about January 2011, and continuing until July 2012, ANDREW used a variety of means to defraud financial institutions and individual home buyers and sellers who were involved in various real estate transactions.  ANDREW made, or had others make, false settlement statements on closing transactions listing false or inflated fees and charges.  ANDREW forged signatures on various statements and created false invoices, statements, and bills; she altered and deposited checks to her company account that should have gone to others; and she took client funds from her trust account and transferred them to her personal account for her own use.  ANDREW used the money for casino payments, credit card bills, and other personal expenses.  ANDREW defrauded individual customers, as well as Bank of America, Wells Fargo, Citi Bank, Chase, and GMAC.

In all ANDREW defrauded the financial institutions and other customers of $2.185 million.  In July 2012, the Washington State Department of Financial Institutions arranged for a receiver to take over the Tukwila, Washington, escrow company after finding evidence of fraud.  ANDREW had her license to act as an escrow agent suspended in 2013, and her license has since been revoked. The receiver was able to recover some funds for unsecured claimants, but just over $1 million is still owed to defrauded clients.

The case was investigated by the Washington State Department of Financial Institutions, the FBI, the Postal Inspection Service (USPIS), and the Housing and Urban Development Office of Inspector General (HUD-OIG).

The case is being prosecuted by Special Assistant United States Attorney Hugo Torres. Mr. Torres is a King County Senior Deputy Prosecutor specially designated to prosecute financial fraud cases in federal court.

https://www.justice.gov/usao-wdwa/pr/owner-now-defunct-real-estate-escrow-company-sentenced-24-months-prison-bank-fraud

FINAL ORDER 

Based upon the foregoing, and the Director having considered the record and being otherwise  fully advised, NOW, THEREFORE:

IT IS HEREBY ORDERED, That:

1. The license of Respondent LORI LYNN ANDREW to conduct business as a designated escrow officer is revoked.

2. Respondent LORI LYNN ANDREW is prohibited from participation in the conduct of the affairs of any licensed escrow agent for a period of twenty-five (25) years.

3. Respondent LORI LYNN ANDREW shall pay to the Washington State Department of Financial Institutions, within thirty (30) days of receipt ofthis Final Order, an examination fee of One Hundred Fifty Thousand dollars ($150,000).

STATE OF WASHINGTON

DEPARTMENT OF FINANCIAL INSTITUTIONS

CONSUMER SERVICES DIVISION

IN THE MATTER OF DETERMINING

Whether there has been a violation of the

Escrow Agent Registration Act of Washington

by:

HARTMAN ESCROW, INC. and

LORI L. ANDREW,

C-12-1 020-12-TD02

TEMPORARY ORDER TO

CEASE AND DESIST

Owner and Designated Escrow Officer,

 Res ondents.

THE STATE OF WASHINGTON TO: LORI L. ANDREW

COMES NOW the Director of the Washington State Department of Financial Institutions

(Director), by and through his designee Deborah Bortner, Division Director, Division of Consumer

Services (designee), and finding that the public interest will be irreparably harmed by delay in issuing

an order to cease and desist, enters this temporary order to cease and desist pursuant to chapter 18.44

RCW, the Escrow Agent Registration Act (Act), based on the following findings:

I. FACTUAL FINDINGS

1.1 Failure to Comply with Director’s Authority.

On or about July 10, 2012, the Department served Respondents with a Subpoena to Provide

Documents and Records requiring Respondent Andrew to provide certain records by July 16,2012, or a

Temporary Cease and Desist Order (TCD) would be issued. Respondent Andrew did not provide the

records by the due date and on or about July 18, 2012, the Department issued a TCD requiring

Respondent Andrew to produce the records immediately. The TCD was served on Respondent Andrew

on or about the same day, and served by Federal Express overnight delivery on July 28,2012, but

Respondent Andrew did not provide the records as required.

1.2 Providing Altered Bank Statements. On or about June 21, 2012, Respondent Andrew provided

the Department with copies of what she represented to be the monthly statements for Respondent

Hartman Escrow’s general account at Key Banle On or about July 25, 2012, the Department received

copies of the actual monthly statements for the general account directly from Key Bank. A comparison

of the two sets of statements revealed that among other deceptions, Respondent Andrew had altered the

account statements she provided the Department to conceal more than $2.1 million in transfers from the

trust account to the general account. The differences between the general account statements provided by

Respondent Andrew and those provided by Key Bank are as follows:

Hartman Escrow, Inc. General Account Bank Statements

Dec-II The statement was altered to conceal 6 transfers totaling $23,754.28 from the

trust account to the general account.

Jan-12 The statement was altered to conceal 13 transfers totaling $188,135.42 from the

trust account to the general account, and did not include a page listing a $5,000

transfer from the savings account to the general account.

Feb-12 The statement was altered to conceal 8 transfers totaling $161,074.45 from the

trust account to the general account.

Mar-12 The statement was altered to conceal 7 transfers totaling $359,864.86 from the

trust account to the general account, and a separate transfer of$291,164.86 from

the trust account to the general account.

Apr-12 The statement was altered to conceal a transfer totaling $145,582.28 from the

general account to the trust account, and a $5,000 transfer from the general

account to Respondent Andrew’s personal account.

May-12 The statement did not include three pages, two of which listed 18 transfers

totaling $237,507.32 from the trust account to the general account. Another

missing page listed a $10,404.49 transfer from the general account to the trust

account and two credit card payments totaling $45,785.15.

Jun-12 The statement was altered to conceal 15 transfers totaling $762,758.15 from the

trust account to the general account, and did not include a page listing a $5,000

transfer from the savings account to Respondent Andrew’s personal account.

1.3 Conducting Business in such an Unsafe Manner as to Render its Further Operation

Hazardous to the Public. The Department reviewed bank statements and reconciliation records of

Respondent Hartman Escrow, Inc. and noted numerous questionable transactions. For example, two

month-end reconciliation Trial Balance reports printed on April 30, 2012, show the escrow trust

 account of Respondent Hartman Escrow to be significantly overdrawn. The first report lists 13

overdrawn escrow accounts with an aggregate negative balance of$I,090,755.09; the second report

lists 13 overdrawn escrow accounts, but with a lower aggregate negative balance of $205,400.94. The

overdrawn escrow accounts indicate Respondent Andrew disbursed more money from the accounts

than received. The number and aggregate dollar amount of the overdrawn escrow accounts is unusual,

and indicates much larger shortages in the trust account may exist.

The June 2012 general account statement for Respondent Hartman Escrow shows six transfers

from the general account to the trust account totaling $678,548. The number and aggregate dollar

 amount of these transfers are unusual, and indicates an attempt to “cover” overdrawn escrow accounts.

 The Department has identified suspicious transactions in ReSpondent Hartman Escrow’s general

 account between December 2011 and July 2012 of approximately:

• $2.1 million in transfers from the trust account to the general account;

 • $212,000 in checks and transfers payable to Respondent Andrew or her husband;

• $103,000 in checks payable to casinos in Washington and Nevada; and

• $65,000 in checks and transfers payable to a Nordstrom-branded VISA credit card.

1.4 Order Taking PossessionlTermination of Employment. On or About July 31,2012, the

Director issued an Order Taking Possession of Hartman Escrow, Inc. and served a copy of the Order

on Respondent Andrew. In its capacity as the controlling entity for Hartman Escrow, Inc., the

Department has terminated the employment of Respondent Andrew as Designated Escrow Officer,

Escrow Officer, and any other employment capacity for Hartman Escrow, Inc.

II. GROUNDS FOR ENTRY OF ORDER

2 2.1 Requirement to Comply with Director’s Authority. Based on the Factual Allegations set

forth in Section I above, Respondent Andrew is in apparent violation ofRCW 18.44.400(1) and RCW

18.44.420(2) by failing to provide documents and other materials required by the Director.

2.2 Prohibition against Making Material False Statements. Based on the Factual Allegations set

forth in Section I above, Respondent Andrew is in apparent violation ofRCW 18.44.301(7) by making

materially false statements to the Director concerning the affairs of Hartman Escrow, Inc.

2.3 Requirement to Properly Administer Funds held in Trust. Based on the Factual

Allegations set forth in Section I above, Respondent Andrew is in apparent violation of RCW

18.44.301(2) and WAC 208-680-410 by failing to properly administer funds held in trust.

2.4 Status of Escrow Officer License. Based on the Factual Allegations set forth in Section I

above, and pursuant to RCW 18.44.101, Respondent Andrew’s license to conduct business as an

Escrow Officer is no longer in force and must be surrendered to the Department.

III. AUTHORITY TO ISSUE TEMPORARY ORDER TO CEASE AND DESIST

3.1 Authority to Issue Temporary Order to Cease and Desist. Pursuant to RCW 18.44.440, the

Director is authorized to issue a temporary order to cease and desist whenever the Director makes a

finding, in writing, that the public interest will be irreparably harmed by delay in issuing a cease and

desist order.

IV. ORDER

Based on the above Factual Findings, Grounds for Entry of Order, and Authority to Issue

Temporary Order to Cease and Desist, and pursuant to RCW 18.44.440, the Director finds that the

public interest will be irreparably harmed by delay in issuing a cease and desist order. Therefore, the

Director ORDERS that:

Respondent Lori L. Andrew shall immediately cease and desist from engaging in any act or

acts, directly, indirectly, or through any 3rd party, which in any way affects Hartman Escrow, Inc. Such

acts include, but are not limited to, conducting any escrow transaction or any part of any escrow

transaction, conducting any contract collection activity, accessing or attempting to access any account

in the name of Hartman Escrow, Inc. in or at any financial institution of any kind, obtaining or

attempting to obtain credit of any kind on behalf of Hartman Escrow, Inc., incurring any debt on behalf

of Hartman Escrow, Inc., accessing or attempting to access any computer system, telephone messaging

system, or any other business system of Hartman Escrow, Inc., accessing any real or personal property

 owned by or registered in the name of Hartman Escrow, Inc., or any other act having any relationship

to Hartman Escrow, Inc.

4.2 Respondent Lori L. Andrew shall immediately surrender to the Department all escrow files of

Hartman Escrow, Inc. regardless of the status of the file or the current location of the file (other than

those at the Tukwila office), and including any and all copies of said files. Further, Respondent

Andrew shall immediately surrender to the Department any and all other files related to the business

operations of Hartman Escrow, Inc., any and all title and ownership documents for property owned by

Hartman Escrow, Inc., any and all documents and contracts evidencing property or services leased or

rented in the name of Hartman Escrow, Inc., and any and all documents of any nature belonging to

Hartman Escrow, Inc.

4.3 Respondent Lori L. Andrew shall immediately surrender to the Department all business related

equipment owned, leased, or rented by Hartman Escrow, Inc., including, but not limited to: cell

phones, smart phones, computers, and all other business equipment of any nature, regardless of whose

possession such equipment is currently in.

TEMPORARY ORDER TO CEASE AND DESIST

C-12-1020-12-TD02

Lori L. Andrew

5 DEPARTMENT OF FINANCIAL INSTITUTIONS

150 Israel Rd SW

PO Box 41200

Olympia, WA 98504-1200

 

4.4 RESPONDENT LORI L. ANDREW SHALL IMMEDIATELY SURRENDER TO THE DEPARTMENT ALL CREDIT CARDS FOR

any and all accounts in the name of Hartman Escrow, Inc, and all keys to any property owned, rented,

or leased by Hartman Escrow, Inc, including office keys and truck keys, regardless of whose

possession such credit cards and keys are currently in.

4.5 All files, documents, and property which Respondent Andrew has been ordered to immediately

surrender must be surrendered at the Hartman Escrow, Inc. Tukwila office location between 8:00 a.m.

and 5:00 p.m. no later than the first business day following service of this Order on Respondent

Hartman.

4.6 This order shall take effect immediately and shall remain in effect unless set aside, limited, or

suspended in writing by an authorized court.

NOTICE

PURSUANT TO CHAPTER 18.44 RCW, YOU ARE ENTITLED TO A HEARING WITHIN

14 DAYS OF REQUEST TO DETERMINE WHETHER THIS ORDER SHALL BECOME

PERMANENT. IF YOU DESIRE A HEARING, THEN YOU MUST RETURN THE

ACCOMPANYING APPLICATION FOR ADJUDICATIVE HEARING, INCORPORATED HEREIN

BY THIS REFERENCE. FAILURE TO COMPLETE AND RETURN THE APPLICATION FOR

ADJUDICATIVE HEARING FORM SO THAT IT IS RECEIVED BY THE DEPARTMENT OF

FINANCIAL INSTITUTIONS WITHIN 20 DAYS OF THE DATE THAT THIS ORDER WAS

SERVED ON YOU WILL CONSTITUTE A DEFAULT AND WILL RESULT IN THE LOSS OF

YOUR RIGHT TO A HEARING AND THE ENTRY OF A PERMANENT ORDER TO CEASE AND

DESIST ON THE 21ST DAY FOLLOWING SERVICE OF THIS ORDER UPON YOu. SERVICE ON

YOU IS DEFINED AS POSTING IN THE U.S. MAIL. POSTAGE PREP AID, TO YOUR LAST

KNOWN ADDRESS.

WITHIN 10 DAYS AFTER YOU HAVE BEEN SERVED WITH THIS TEMPORARY

ORDER TO CEASE AND DESIST, YOU MAY APPLY TO THE SUPERIOR COURT IN THE

COUNTY OF YOUR PRINCIPAL PLACE OF BUSINESS FOR AN INJUNCTION SETTING

ASIDE, LIMITING, OR SUSPENDING THIS ORDER PENDING THE COMPLETION OF THE

ADMINISTRATIVE PROCEEDINGS PURSUANT TO THIS NOTICE.

DATED this ‘1 ay of August, 2012.

SEVEN C. SHERMAN

Financial Legal Examiner Supervisor

DEB

Director

Division of Consumer Services

Department of Financial Institutions

DEPARTMENT OF FINANCIAL INSTITUTIONS

150 Israel Rd SW

PO Box 41200

Olympia, WA 98504-1200

 

PHISHING SCAM TARGETING HOMEBUYERS IN OREGON AND BEYOND

Updated: Jun 27, 2019 12:37 PM

New home owner almost loses her $45,000 down payment to a real estate phishing scam

Real Estate Wire Fraud Is Rampant. Realtors, Buyers, Sellers, Lenders, and Attorneys Beware!

Onondaga County DA issues warning of increased direct deposit phishing scams

The District Attorney is advising local businesses and individuals to be wary of electronic requests to change deposit accounts for any reason, including direct deposit, real estate transactions, wire transfers.

BREAKING NEWS: EMAIL PHISHING ATTEMPT WITH NAR February 22, 2019 by Taylor Barry

Biglaw Firm Duped Into Wiring Money To Scam Account Loses $2.5 Million In Cyber Breach

Even the biggest of Biglaw behemoths can be victimized by fraudsters without proper precautions.

Back to: 🔥Synchronous Post Broker Course-2020s > Managing Escrow Accounts