Title agents need to increase awareness and maybe seek help.

In the midst of all the news around regulatory changes, interest rate hikes, changes in purchase sentiments, a more ominous threat has emerged. i.e. mortgage fraud, especially wire/ identity fraud at closing and it is growing at an alarming rate.

The scam/ wire fraud frequently involves hackers who impersonate the title insurance agency by sending out emails that appear be a company executive’s actual email, leading to money getting wired to the hackers instead of the title agency’s legitimate account or the borrower’s account.

According to the FBI’s Internet Crime Complaint Center, the year 2016 saw fraud scam complaints from real estate title companies spike by 480 percent (Read the entire report here). It seems like the fraudsters are increasingly becoming more successful & sophisticated every day. Business Email Compromise/ Email Account Compromise (BEC / EAC) Scams have been heavily targeting the real estate industry over the recent years.

real estate victims
No. of BEC/ EAC victims

(Source: https://www.ic3.gov/media/2018/180712.aspx)

From 2015 to 2017, there has been an 1100% rise in the number of BEC/ EAC victims with an almost 2200% increase in reported monetary losses.

How do fraudsters play their dirty game?

Step 1 – It all starts with a phishing email via which the hacker tries to access the title company’s database. (Check out 5 ways to spot a phishing email) Companies like SLK Global have helped a Top 20 US bank prevent 100+ phishing attacks and avoid losses & penalties by providing Anti Phishing mailbox support. Know more about SLK Global by clicking here.

Step 2 – By this time, the hacker has already compromised the system by identifying transactions ready for fraud & collecting sensitive data. Many people use the same credentials for their email & system access helping the fraudster gain access to the email account of the title agent.

Step 3 – The hacker may set up an email filter rule so that emails from the client go directly to the hacker. Now the hacker can send emails directly to clients from the title agent’s actual email ID.

Step 4 – At this point, the hacker is completely ready to deceive the client into wire fraud by sending spoofed emails asking that funds be wired into a particular account which they control.

Check out the complete article by Matt Cohen in RIS Media which talks about the evolution of real estate wire fraud.

The entire process of wire transfer fraud can begin with a simple email…

How to avoid wire transfer fraud?

Wire transfer fraud is a major threat to all title insurance companies irrespective of their size, location or years in business. It is critical that these title insurance companies take adequate measures to ensure they are not hit with such fraud. The solution may include increased diligence and deploying multi-layered technology working together with trained professionals. Today, most of the title agents or title agencies prefer to work with third-party vendors for information security practices and for managing their own reputation in the market. Typically, they partner with a trustworthy vendor. Those who have the required certifications like ISO 27001:2013 (for Information Security Management), SSAE – SOC 1 & 2 (financial controls), to name a few, is critical as is the vendor has worked with and experienced the rigorous risk management practices deployed by financial services firms, including banks.

The solution may include deploying multi-layered technology together with trained professionals.

Some preventive measures you can take:

  1. Informing your clients that you will never ask them to send sensitive information via email.
  2. Do not open or click on any links in suspicious emails.
  3. Ensure that username & passwords change frequently.
  4. Double check and verify the information intended for the recipient.

Right from alerting your internal wire fraud response team to filing a complaint with the FBI’s Internet crime complaint center (IC3) check out ALTA’s rapid response plan for wire fraud incidents.

Leave a Reply

Your email address will not be published. Required fields are marked *