Author Archive

Nathan Marinchick

Nathan Marinchick

Alliant National's director of research + educational programming
email threat

Title Industry’s Cyber, Escrow Fraud Preparedness Needs Improvement

A national survey of title agents conducted by the American Land Title Association shows that our industry has farther to go when it comes to formalizing cyber and escrow security plans.

Results of the survey also hint that the threat landscape is becoming increasingly perilous for title agents, consumers and others involved in real estate transactions.

Of the survey’s more than 750 respondents, 63 percent said the number of cybercrime attempts targeting their company increased between 2017 and 2018. Roughly one-third of respondents also observed increases in fraud attempts targeting buyers, sellers and real estate agents over the same period.

Many title agencies have sought to combat the worsening cyber and escrow fraud threat by means of employee awareness.

More than half of respondents said their company reminds employees about the need to remain vigilant on about a weekly basis. More than 25 percent said those employee reminders are made on a monthly basis.

However, more than 20 percent of respondents reported that their company offers no training at all on cybercrime trends or red flags.

More troubling, however, is that despite the apparent increase in fraud attempts, just 62 percent of respondents said their company has a written cybercrime response plan.

Additionally, more than 40 percent of agents were not aware of or have not implemented ALTA’s Rapid Response Plan for Wire Transfer Fraud.

Smaller agencies — those with gross annual income below $1 million — were also somewhat less likely to have formal cyber response plans, wire retrieval plans or training programs than were larger agencies.

Survey results also show that cybercrime insurance coverage among title agents of all sizes is not as prevalent as one might expect given the apparent increase in fraud attempts. More than 27 percent of respondents said their company does not currently have a cybercrime insurance policy.

While most industry participants have made strides when it comes to protecting escrow funds and sensitive information, the survey clearly shows that gaps remain.

The survey also provides an opportunity for all of us to redouble our efforts, particularly when it comes to formalizing cyber response plans.

To help, we’ll be posting a blog series in the coming weeks that will provide simple, actionable tips for improving and formalizing response plans, as well as plans for wire retrieval and staff training.

We’ll also talk about the importance of cyber insurance and provide insight on how to get the right coverages for your business.

In the meantime, check out the growing library of cyber fraud resources on the Alliant National Education page. Alliant National agents can also watch our brand new Texas Continuing Education webinar on information and escrow security.

tax scams

Watch Out for These 3 Tax Scams

According to the IRS, thousands of people have lost millions of dollars and their personal information to tax scams.

These days, when we consider fraud schemes targeting title agents, we usually think about email scams where criminals attempt to interject themselves into specific transactions for the purpose of diverting a wire.

Such scams can be devastating for agents and consumers, and we must guard against this type of email fraud.

However, scams involving real estate transactions are just one small piece of the larger fraud puzzle; and with tax season upon us, it’s important to remember that our industry is not immune to the types of email and other schemes that are common to other businesses.

According to the IRS, thousands of people have lost millions of dollars and their personal information to tax scams.

Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals.

The agency recently released a flurry of alerts warning of various schemes. You can find a full summary on the IRS webpage, but here are just a few highlights.

W-2 scam

The IRS warned that fraudsters are increasingly targeting payroll and human resource departments in an attempt to obtain their Forms W-2, which the criminals then use to file fraudulent tax returns.

To work the scam, the fraudster writes emails that look like they’re from an organization executive. The emails are directed to an internal employee with access to wage and tax information, and they often begin with an innocent greeting, such as: “hi, are you working today.”

Soon, the fraudster asks for all Form W-2 information.

The W-2 phishing scam has victimized hundreds of organizations and thousands of employees in recent years, the IRS said. Employers of all sizes have been affected including public schools, universities, hospitals, tribal governments and charities.

The IRS has established a process allowing businesses and payroll service providers to quickly report any data losses related to the W-2 scam.

Learn more about the process here.

Phone scam

In a recent blog post,”Think Email Fraud is the Only Hack Tactic? Think Again.” , we noted that scammers are increasingly using phone calls to attempt to trick title agents into wiring money to fraudulent accounts.

Some simple technologies even allow fraudsters to spoof phone numbers. So, a criminal could call you, but make it look like the call was coming from someone legitimately involved in the transaction.

As it turns out, tax fraudsters are using this same technology.

The IRS warned that criminals claiming to be IRS employees — using fake names and bogus IRS identification badge numbers — are trying to bully victims into sending them money.

Sometimes the fraudsters claim that the victim has a tax refund coming, and the money can be deposited if the victim provides his or her banking information.

The tax phone scam seems to be targeted toward individuals as opposed to businesses, but it underscores at least two important points: 1.) treat threats and high pressure language as a red flag; and 2.) the telephone isn’t always a “safe” method of communication.

Malware

Malware scams certainly aren’t new. Basically, the fraudster sends an email that looks like it’s from a trusted source, such as a business contact, a reputable company or a government agency.

The email directs the receiver to click a hyperlink or open an attachment.

When clicked, malicious software loads onto the victim’s computer, and the scammer uses that software to gain access to sensitive systems and information.

Fraudsters often attempt to trick title agents and others involved in real estate transactions into clicking malicious links by sending emails purporting to contain “important closing documents.”

By now many agents have seen the “closing documents” scheme, and they know how to avoid it. However, companies need to remain vigilant for other types of malware emails.

In recent weeks, the IRS has seen a surge in malware emails targeting the employees of all types of businesses. The emails, which appear to come from the IRS, carry malicious attachments labeled “Tax Account Transcript” or something similar. The words “tax transcript” often appear in the subject line.

The IRS reminded taxpayers that it does not send unsolicited emails to the public and would never email a sensitive document such as a tax transcript, which is a summary of a tax return.

If using a personal computer, such emails should be deleted or forwarded to phishing@irs.gov, the agency said. Those who receive such emails at work should notify their company’s technology team.

scam alert

Think Email Fraud is the Only Hack Tactic? Think Again.

Remember when wire fraud was just about bogus emails?

Criminals today have broadened their tools and tactics in their quest to divert escrow funds by tricking us and others in the real estate transaction into accepting falsified wiring instructions.

Email is no longer their only weapon. We’re hearing about two non-email tactics fraudsters are using.

Embracing What If: When wire fraud happens

Really, that statement is about getting us to seriously consider the “what if.” For instance, “what if I suffered a data breach;” or, “what if, despite my best efforts, a criminal somehow managed to divert a wire to a fraudulent account?” Thinking about the “what if” is uncomfortable, particularly when it comes to wire fraud. We spend most of our time and effort figuring out how to avoid the “what if” scenario. The thing is, when it comes to attempted wire fraud, experience tells us that title agents who’ve spent time planning for “what if” are the ones who tend to get the money back.
data security

Don’t even hover your cursor over unknown or unverified links to stay safe from wire fraud

The title and settlement industry is blessed with great people, and that makes sense because our industry is built on being helpful.

We all want a smooth, efficient transaction for everyone involved. Unfortunately, our desire to be helpful and to keep things moving makes us a prime target for wire fraud.

So, how careful do we need to be when verifying the legitimacy of an email or even an incoming phone call?

Very careful.

Fraudsters know about us. They know how busy we can be, and they know how to prey on our traits to overcome our data and escrow security training.

They aren’t just looking to trick us. They aren’t practical jokers. They are truly insidious “social engineers.”

This blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on this blog.

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM