Posts Tagged ‘crime’

Head in the technology cloud

Business Network Hacks − What You Need to Know   

What does it mean to get hacked? And how might we mitigate cybercrime?

Hacking is unfortunately far from uncommon. By some counts, more than 2,200 cyberattacks occur per day, which means that one cyberattack occurs every 39 seconds.[i] These hacks carry a tremendous financial cost, with some estimates putting them as high as $6 trillion per year or $500 billion per month, $115.4 billion per week, $16.4 billion per day, $684.9 million per hour, $11.4 million per minute and $190,000 every, single, second.[ii] 

The figures are mind-boggling and scary, which is why it is more important than ever to understand what can occur when a business network is hacked. Without grasping the basics, it becomes more difficult to assess your risk and start proactively protecting your company.

What is the origin of the term “hacking”?

The use of the term “hacking” in a computer science context began all the way back in the 1950s at MIT. In those days, hacking simply meant dealing “with a technical problem in a creative way.”[iii] It wasn’t until the late 1970s that hacking started to refer to illicit activity, a definition it retains to this day. 

These days, hacking primarily revolves around the compromising of digital devices and networks. While there is “ethical hacking,” which focuses on improving security systems and keeping data safe, most is “black hat,” which means that it is often motivated by money, such as: 

  • Wanting to sell private network information on the black market.
  • Obtaining access to sensitive information and then attempting to coerce victims into paying money.
  • Desiring to obtain confidential data and use it for financial benefit.
  • Holding data hostage until a payment is made.

How do hacks occur?

Typically, business networks are targeted through the multiple endpoints that are vulnerable to criminal activity. Just think about it. Every day, employees access business networks with numerous devices that may or may not be secure. But that’s not all businesses need to be concerned about. Similarly vulnerable areas include: 

  • Any cloud-related services 
  • Passwords 
  • Unsecured WiFi
  • Malicious websites 
  • Email accounts


Hacks come in every shape and style 

There is no “one way” that hacking occurs, which makes it important to cover the different variations of hacking to gain a more complete understanding of the threat landscape. Here are seven distressingly common strategies that cybercriminals routinely employ: 

  • Phishing: By far, phishing is one of the most popular forms of hacking today – in part because it is so effective. To better understand the prevalence of phishing, look no further than to recent data that shows 1 in 99 emails is a phishing email.[iv] There are several different types of phishing emails, such as: 
    • Malware delivery emails, where malware is unleashed if the email recipient clicks on a malicious link.
    • There are also credential harvesting emails, where the sender will impersonate someone the recipient knows to get them to hand over sensitive information.

  • Denial of Service (DoS): DoScyberattacks occur when cybercriminals make an online property or service unavailable by inundating it with requests. This attack will frequently result in your website crashing or becoming unusable. 
  • Spyware: Spyware involves malicious code being embedded to monitor email correspondence or worse. Keying (key-logging) to obtain passwords is just one example.
  • Malware: You’ve likely heard of malware before – and for good reason. Referring to any computer virus, worm, trojan horse, spyware, ransomware, adware or other malicious software, malware has been sneaking into user devices and business networks since the beginning of the computer age. 
  • Brute Force Password Decoding: In this type of hack, finesse or secrecy go out the window. The cybercriminal simply attempts to force his or her way inside your devices or network through automated tools that seek to decode your network passwords. 
  • DNS Attacks: With Domain Name Server (DNS) attacks, cybercriminals utilize an elaborate strategy where they take domain names and transform them into IP addresses, which often results in the domain name server redirecting web traffic to fake websites controlled by the criminal. 
  • Social Engineering: Social engineering cyberattacks are exceptionally difficult to guard against because they focus on manipulating human attributes like empathy, fear and urgency to gain access to personal information or a corporate network. Phishing is one example of such an attack, but there are many others that fall into this bucket. 

Are we powerless against hacking? 

With such a wide range of illicit cyber activity, it can feel almost impossible to keep up. However, there are numerous things business owners and employees can do to protect themselves and reduce the possibility of harm or financial loss. From following password best practices, to keeping your systems updated, to deploying new techniques like security awareness training (SAT), even the smallest firm can dramatically increase its security posture. The situation is not hopeless. In fact, by following expert advice and remaining vigilant, we all have the power to reduce our risk profile and stay safe online in both our personal and professional lives. 

Keep learning! Read more about 2022 cybersecurity trends, the rise of ransomware and how to streamline your password use.  

We also encourage agents to continue to explore and implement best practices to combat cyber fraud. Download Alliant National’s white paper – Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips to begin your own internal assessment.

[i] Clare Stouffer, Norton, “115 cybersecurity statistics and trends you need to know in 2021,” 9 Aug. 2021, 115 cybersecurity statistics and trends you need to know in 2021 | Norton
[ii] Ibid
[iii] ECPI University, “What is Hacking and Cracking in Cybersecurity?”, What is Hacking and Cracking in Cybersecurity? (ecpi.edu)
[iv] Michael Guta, SmallBiz Trends, “1 in 99 Emails is a Phishing Attack, What Can Your Business Do?,” 4 May 2021, Phishing Statistics: What an Attack Costs Your Business [INFOGRAPHIC] – Small Business Trends (smallbiztrends.com)

banner of the Alliant National Crime Watch Program flyer

Prevent Fraud and Get Rewarded at the Same Time

Alliant National’s Crime Watch Program creates a formidable partnership to fight fraud.

There is no other way to say it: Real estate fraud is a major problem in the United States. According to the National Association of Realtors, nearly 14,000 people were victimized by real estate fraud in 2020 alone.[i] Combatting this growing threat requires strong partnerships, and Alliant National’s Crime Watch Program seeks to foster such partnerships by rewarding Alliant National agents who prevent fraudulent closings. 

The program has produced real results over the years. In this blog, we will look at a recent detection and prevention of a fraudulent transaction by Siesta Title and Escrow Services LLC.

Alliant National Agents on Crime Watch

Alliant National offers a $1,000 reward to Alliant National agents who help prevent a fraudulent transaction from closing. The company created the program to help raise agents’ awareness of potential fraudulent transactions and to reduce the overall cost of claims.

To qualify for consideration to receive a reward under the Crime Watch Program, an agent must satisfy a few requirements:

  • The reporting agent must be an active Alliant National agent in good standing.
  • The agents must prevent a fraudulent transaction or forgery involving a real estate transaction that was intended to be insured by Alliant National.
  • In the case of forgery, the intended forgery must include the falsification of a signature with an intent to defraud.
  • The Crime Watch Nomination form must be executed by an owner/manager.
  • All available and relevant documentation – including evidence showing that the transaction was to have been insured by Alliant National – must be submitted to the appropriate Alliant National State or Regional Agency Manager along with the Award Nomination form.

The submission form and all relevant documentation will be reviewed by the company and a final determination will be made.

Siesta Title Spots Suspicious Activity 

Siesta Title and Escrow Services LLC, a title agency headquartered in Port Charlotte, Fla., recently submitted a suspected fraud to Alliant National. Their story underscores the importance of Alliant National’s Crime Watch Program and how collaboration between agents and underwriters can help stop fraud.

The property in question was a vacant lot in Port Charlotte that had been owned by a Canadian man for 30 years. Quite quickly there were communication problems and other warning signs that something about the transaction was amiss.  

“The seller was hard to reach from the beginning, did not respond to emails and only called once, but it was a horrible connection,” said Amanda Pertuch, the submitting agent. 

Some of the other indicators that tipped Amanda off to the questionable nature of the transaction included: 

  • The purported seller having suspicious-looking ID 
  • The purported seller’s wiring instructions going to a foreign bank
  • The purported seller’s letterhead having an address associated with a vacant lot
  • The purported seller not having a bank account in the same country where he holds citizenship
  • The notary on the closing documents was already on Siesta’s fraud alert list 
  • The purported seller not showing up in any Google searches  

Following verification by Amanda’s manager and Alliant National, the suspected fraud was confirmed, and the transaction was cancelled. The proposed liability amount for the transaction was $160,000.   

“I’m glad and relieved that we were able to catch this fraud attempt,” said Pertuch. “Anti-fraud programs are important for our industry to keep claim costs under control. I’m happy Alliant National and Siesta Title were able to take care of this quickly and efficiently.”

Important Reminders

If you suspect fraud, notify your manager immediately. Your manager may investigate further and will determine next steps. Under no circumstance should suspicions be communicated to outside parties without prior approval from your manager. 

Fraudsters will often attempt to speed the transaction along; do not let them succeed. If you suspect fraud or forgery, conduct a full investigation before proceeding to close the transaction and issuing the policy.

Managers should contact Alliant National underwriting or claims for further assistance.

Working Together, We Can Limit Fraud

Alliant National is committed to limiting fraud and lowering claim costs. However, we can’t do it alone. Just as our ability to deliver high-quality title insurance hinges on our partnerships with agents, so too does our capability to detect and thwart fraud. And as Siesta Title and Escrow Services’ work shows, when those partnerships work, real results that reward agents and protect transactions are indeed possible.  

  [i] Wire Fraud (nar.realtor)

FBI internet crime report 2021 with dark blue ALERT next to it

FBI IC3 Report, Russian Cyberattacks Put Companies on High Alert

The FBI’s Internet Crime Complaint Center (IC3) 2021 report released in March highlighted an “unprecedented increase in cyberattacks and malicious cyber activity” resulting in a dramatic escalation in financial losses.

In 2021, IC3 received 847,376 complaints from consumers and businesses – a 7% increase from 2020 – with potential losses exceeding $6.9 billion. Most significantly for the title insurance industry, business email compromise (BEC) schemes resulted in losses of nearly $2.4 billion, up 33% from 2020.

In its report, the IC3 identified Russia as a hot spot for cyberattack actors in 2021. In recent weeks, the risk of those cyberattacks has grown exponentially in retaliation for the many sanctions imposed on Russia following its invasion of Ukraine on Feb. 24.

On March 21, President Biden released a statement highlighting the imminent threat to our nation’s cybersecurity. That same day, Deputy National Security Advisor Anne Neuberger said in a press briefing, “We’ve previously warned about the potential for Russia to conduct cyberattacks against the United States, including as a response to the unprecedented economic costs that the U.S. and allies and partners imposed in response to Russia’s further invasion of Ukraine. Today, we are reiterating those warnings, and we’re doing so based on evolving threat intelligence that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States.”

These imminent threats are a reminder of how important it is to take the necessary steps to protect your agency and your customers.

Alliant National has just released a white paper titled Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips to provide our agents with information, risk factors and protocols that will help you partner with consumers, real estate agents and lenders to defend against the fraudsters.

In addition, the Biden Administration released a Fact Sheet, urging companies to take immediate steps to protect their systems, including:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
  • Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities
  • Change passwords across your networks so that previously stolen credentials are useless to malicious actors
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
  • Encrypt your data so it cannot be used if it is stolen
  • Educate your employees on common tactics that attackers will use over email or through websites
  • Encourage employees to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents

The Biden Administration also encourages IT and security leaders at all companies to visit the websites of CISA and the FBI to access technical information and other useful resources. These heightened threats represent a clear and present danger for all of us. We encourage all of our agents to download the Alliant National Escrow Fraud/Social Engineering today and share this information with your staff and customers.

Escrow_Fraud_2022-cover

Download the Alliant National Escrow Fraud/Social Engineering

conceptual-cartoon-of-businessman-facing-crisis-vector-id906812996

Fraud & Forgery Amidst Claims

Be mindful of the potential hazards with an increasingly online-only landscape

As news continues to break, it becomes more and more apparent that the COVID-19 pandemic will have a lasting effect on our industry. While it’s critical that we learn to adapt amidst the crisis, it’s also imperative that we be mindful of the potential hazards that can come with shifting into an increasingly online-only landscape. Here are some of the things to watch out for as we navigate through this difficult time.

Increase in Wire Fraud and Phishing

There is no way to avoid electronic communications throughout this pandemic. Be vigilant against phishing emails, incorrect email addresses, slightly off signature blocks and dated lingo, and emails coming in at odd hours (implying the fraudster may be abroad). Always call a verified telephone number to confirm changes to wire instructions. Click on this link for more information on what to watch out for. 

TIP: Have a plan in place – meet with your IT department, and talk to your insurance agent to see how you can protect yourself against these scams.

Fraud & Forgery

Unfortunately, tumultuous times often only embolden fraudsters further. That’s why it’s important now, more than ever, to treat remote closings with the same care and caution as mail-away closings. Here are some red flags common to fraud and forgery claims: (1) the property is a part of a “flip” transaction; (2) the property is vacant land; (3) the deed to the seller is a recently recorded quit claim deed. Click on this link for more red flags.

Powers of Attorney

Powers of Attorney (POA) are ripe for fraud. Carefully examine the powers that are granted in any POA, and confirm that the POA was given freely and purposefully for the intent for which it will be used. Require a fresh POA if the POA presented is more than six months old. If you have reason to question the capacity of the principal, or have questions about the validity of the POA, contact your local Alliant National underwriter for approval before proceeding.

TIP: If your state allows the use of remote online notarization (RON) technology and the county recorder will accept electronically signed instruments for recording, recommend using RON so the principal can sign the required documents instead of appointing an attorney-in-fact. 

Undue Influence and Duress on the Elderly

With COVID-19 threatening the elderly more than any other demographic, we have a responsibility to ensure we’re mindful of any potential undue influence or duress from unscrupulous heirs or caregivers. If the person holding title is elderly or is sick, be sure to dig in further before agreeing to conduct the closing. 

Hard Money Lenders

Hard money lenders aren’t regulated by state or federal law. Generally, hard money lenders do not collect loan applications or otherwise vet their borrowers. This practice creates a higher potential for fraud by third parties posing as legitimate borrowers. If something feels off, it probably is. For more information on what to look for with these transactions, click on this link.

Note: Seller-financed purchased money loans are not considered hard money lenders.

Crime Watch Program We take the safety of our clientele very seriously. Because of that, Alliant National offers a $1000 reward to any agent who helps identify and prevent a forgery or scam. Be sure to contact the hotline to report anything that may feel like fraudulent activity. To submit a claim for a reward, click here:  https://alliantnational.com/title-claims/crime-watch-program/.

news analysis gray

IRS Warns of Tax Transcript Email Scam

ALTA TitleNews Online Archive
November 29, 2018

The Internal Revenue Service and Security Summit partners recently issued a warning about the surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware.

The scam is especially problematic for businesses whose employees might open the malware because the software can spread throughout the network and potentially take months to successfully remove.

Known as Emotet, this malware generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents.

In the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”

These clues can change with each version of the malware. Scores of these malicious Emotet emails were forwarded to phishing@irs.gov.
recently.

The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment.

If using a personal computer, delete or forward the scam email to phishing@irs.gov.

If you see these using an employer’s computer, notify the company’s technology professionals.

Reprinted with permission from the American Land Title Association.

Let's Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM