Funds Diverted by Hackers

An independent escrow agent recently discovered their trust accounts were compromised by an outside unknown source. Through initial investigations the escrow agent realized they had become victim to unauthorized and fraudulent wire transfers. Once they became aware they immediately notified their bank, regulator and insurance carrier – as well as local and federal law enforcement.

The regulator – the Department of Corporations (DOC) – initiated an internal audit of the independent escrow agent. They discovered on three separate dates, funds totaling $1,558,339 were wired out of two separate trust accounts without authorization. The wires did not appear to be associated with any escrow processed by the company.

“…funds totaling $1,558,339 were wired out of two separate trust accounts without authorization.”

Not Enough Funds to Cover the Shortage

The DOC provided an opportunity for the independent escrow agent to cover the lost funds from their operating account, but ultimately concluded the escrow agent had lost so much money in the theft they could not cover the shortage.

The DOC froze the trust accounts to prevent further loss. The trust bank launched their own investigation and was successful in recovering a portion of the funds; lowering the shortage amount to approximately $1.1 million.

With their accounts frozen, the independent escrow agent had to notify all of its customers and principals in active transactions that they were unable to close any pending transactions.

Customers Allowed to Switch Escrow Companies

The customers were notified they could transfer their transactions to other escrow companies, but they could not access the funds deposited with the agent. They went further to state in the notification, if any funds were to be transferred with the transaction it would have to be with the approval of the DOC who recently appointed a conservator.

The conservator must reconcile the total funds available with the potential claim to determine whether or not funds still on deposit can be released on a pro rata basis. The customers were notified they would not receive all of their funds.

The DOC website has been updated to include information regarding this incident under frequently asked questions (FAQs). Parts of the FAQs include notification that principals will have to replace any funds needed to close prior to the release of funds by the conservator, since the conservator will be performing a time intensive and extensive audit. The FAQs also revealed the freeze on the trust accounts resulted in checks returned by the bank when presented for payment.


Believe it or not our Company has fallen prey to this same sort of crime. We had to replace the stolen funds with money from our operating account. As a result, the Company is quickly deploying a Citrix® environment to those desktops belonging to personnel that have the authorization to initiate and approve outgoing wires using online banking. The Citrix environment eliminates the risk of the mime trick that first captures keystrokes and then delivers them to the hacker.