Posts Tagged ‘cybersecurity’

PropLogix’s Title Industry Insights for 2019 Features Alliant National’s Jeff Stein

Alliant National’s Regional Counsel Jeff Stein was a featured contributor in PropLogix’s Title Industry Insights for 2019.

For the article, title insurance leaders share perspectives on topics that should be top of mind for settlement agents in 2019.

The story explores strategies and practices for title agents, including wire fraud prevention, marketing, e-closings and blockchain.

Jeff advises, “Blockchain, used appropriately appears to have the potential for robust security through the use of security keys and authentications. As we move forward with applications of Blockchain, we will have to be vigilant in vetting the security in each application.”

Read the full story here: Download

IRS Warns of Tax Transcript Email Scam

ALTA TitleNews Online Archive
November 29, 2018

The Internal Revenue Service and Security Summit partners recently issued a warning about the surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware.

The scam is especially problematic for businesses whose employees might open the malware because the software can spread throughout the network and potentially take months to successfully remove.

Known as Emotet, this malware generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents.

In the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”

These clues can change with each version of the malware. Scores of these malicious Emotet emails were forwarded to phishing@irs.gov.
recently.

The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment.

If using a personal computer, delete or forward the scam email to phishing@irs.gov.

If you see these using an employer’s computer, notify the company’s technology professionals.

Reprinted with permission from the American Land Title Association.

Think Email Fraud is the Only Hack Tactic? Think Again.

Criminals today have broadened their tools and tactics in their quest to divert escrow funds by tricking us and others in the real estate transaction into accepting falsified wiring instructions.

Remember when wire fraud was just about bogus emails?

Email is no longer their only weapon. We’re hearing about two non-email tactics fraudsters are using.

Fax Scams

Many view faxing as more secure than email because “you can’t hack a fax.” (Actually, hackers have apparently figured out how to compromise networks using the fax machine as an entry point ). But criminals don’t need to hack a fax line or a fax machine to interject themselves into the communications chain.

So, how do they do it?

Some businesses use third-party services that allow faxes to be sent and received from an email account. Just like email, these services have login credentials that must be protected. If criminals can obtain the account credentials, then they can monitor, intercept and alter fax transmissions that may contain wiring instructions.

Of course, criminals don’t even need account credentials to send you a bogus fax. They only need the tools and time to create a convincing looking document (as Dwight from NBC’s The Office found when Jim, his arch nemesis, started sending him faxes from himself … from the future ).

There’s nothing magical about thwarting fax scams. We simply need to apply the good information-security principles that we apply to other communications channels.

Just like an email account, a third-party fax account should have a strong password. Of course, it’s harder for the criminals to figure out account passwords if they’re changed regularly and if the same password isn’t used for multiple accounts.

As with emails, it’s best to look over faxes with a critical eye just to make sure everything appears as it should. If a fax has wiring instructions, the safest course is to follow up by telephone using a known number — not a number that appears on the fax.

Phone Scams

Relatedly, scammers are figuring out that our industry has become very good at using the telephone to verify wiring instructions, and they have added telephone scamming to their repertoire of fraud tactics.

The phone is definitely a potential attack vector; we know of one instance where a criminal called a title agent and faked a consumer’s accent in an attempt to divert a wire.

Some simple technologies even allow fraudsters to spoof phone numbers. So a criminal could call you, but make it look like the call was coming from someone legitimately involved in the transaction. The American Land Title Association (ALTA) and Thomas Cronkright, chief executive officer of CertifID, discussed this technology and its potential implications in a recent ALTA blog post .

As with the fax, it’s important to remember that the phone is not always a safe communication channel. Anyone can call a title agent pretending to be someone else; and if that scammer happens to have already compromised an email account — for instance, the consumer’s account — they may have sufficient transactional and personal information to spin a very believable tale.

But just like with fax scams, policies and procedures can be a big help to thwart potential phone scams. A best practice is to establish challenge questions or PIN numbers with consumers up front, and let consumers know you’ll be using these and other methods to verify the identities of those involved in the transaction when speaking by phone.

Of course, PIN numbers and challenge question answers should never be sent via email.

The threat from fraudsters is great, and no one policy or technology solution will ensure the safety of escrow funds in all cases. Alliant National has produced a white paper on escrow fraud as part of our ongoing effort to inform agents about the threats we all face.

We’ve also produced a number of infographics with escrow security tips that you can share with your staff, consumers and others.

Click here to view the report.

We’ve partnered with Cloudstar

Alliant National and Cloudstar Announce Strategic Partnership

Partnership provides Alliant National independent title agents access to advanced, efficient cybersecurity technology solutions

LONGMONT, Colo. – Alliant National Title Insurance Company (Alliant National) and Cloudstar recently announced a strategic partnership that allows Alliant National’s independent title agents access to Cloudstar’s cybersecurity advanced technology platform. This platform also includes project management tools designed to increase productivity.

Cloudstar is a multi-national technology platform that provides secure infrastructure, cloud hosting, data center colocation, email encryption and managed information technology services and support to regulated industries in the United States, Canada and South America.

“In a cloud-first world, title agents need easier ways to work while still utilizing their existing settlement services software,” said Gregory McDonald, CEO of Cloudstar. “Cloudstar makes it easy to run existing software in the cloud while accessing it from anywhere. Together, the Alliant National and Cloudstar partnership will provide Alliant National’s independent agents with both the tools they need to be more productive and the cybersecurity products they need to increase security and help prevent wire fraud.”

“We are all very excited about this new partnership and we’re glad to provide this opportunity for our independent agents to work with Cloudstar,” said Mike Rubin, Alliant National’s vice president of business development. “Alliant National Title Insurance Company agents will benefit from this partnership by enjoying a dedicated Cloudstar account manager, access to new products and services before they are released to the public, as well as special offers and pricing incentives.”

Visit alliantnational.com/newsroom for additional information.

###


MEDIA INQUIRIES

Cathie Beck
Capital City Public Relations
e : cathie@capitalcitypr.com
p : 303-241-0805


About Alliant National Title Insurance Company

The Independent Underwriter for The Independent Agent®, Alliant National believes in putting other people first. The company protects the dreams of property owners with secure title insurance and partners with 400+ trusted independent title agents as a licensed underwriter in 22 states, with annual revenues exceeding $110 million. Visit joinalliantnational.com for additional information.

About Cloudstar

Cloudstar is a multi-national provider of virtual desktop hosting, hosted software and applications, custom tailored IT infrastructure design, email encryption, managed services, IT security, and consulting to regulated industries across the United States, Canada, and South America.

Cloudstar started in 2009 as Cloudstar Consulting Corporation and was created to meet the unique needs of the land title industry. As the company grew from a consulting and IT infrastructure design firm, Cloudstar Consulting Corporation re-branded as simply “Cloudstar”, a DBA of the newly formed holdings company, Keystone Management Group, LLC. In 2014, Cloudstar purchased a 50% interest in U.S. Telecommunications firm, Teletonix Communications in addition to adding Diologix, an electronic medical records encryption company and Notary Transfer to its portfolio of brands. As of 2017, Cloudstar has expanded to provide services to the entirety of the United States, Canada and Mexico with offices in three states and privately held infrastructure co-located at five U.S data centers.

Today, Cloudstar services the needs of tens of thousands of end users from small firms to publicly traded companies. For more information, please visit MyCloudstar.com.

Easy step to help prevent wire fraud

Matching the payee name on wire transfer with name on payee’s destination bank account can help prevent wire fraud

Wire fraud is a HUGE problem that only keeps getting bigger and bigger. In fact, U.S. Representative Randy Hultgren (R-III) wrote a letter to Fed Chairman Jerome Powell on June 29th urging the Fed to be more proactive in regard to wire fraud and real estate transactions. The letter referenced the United Kingdom’s system of matching payees’ names as a possible solution to the problem of wire fraud.

However, we don’t have to wait until a federal law is passed that orders banks to match the payee name on the wire transfer payment to name on the payee’s destination bank account (“Beneficiary Bank”). As title and escrow agents, we can be proactive and in partnership with the banks with which we do business.

So what can we do right now? We can know what our Bank Agreement says with our escrow account bank (the “Receiving Bank”).

Does the Bank Agreement say that the Receiving Bank will check the payee’s name with the name on the destination account when a wire fund transfer is initiated?

Or, does it say that the Receiving Bank need only rely upon the account number it was provided in the wiring instructions order? The answers to these questions might lead to an opportunity to have a discussion with your partnering Receiving Bank.

We can send the wire instructions on the payment order, with explicit directions that acceptance be restricted to match the designated payee’s name on the Beneficiary Bank account. If it doesn’t match, then do not send the funds.

Lastly, if something does go wrong despite our best efforts and precautions, then notify both the Beneficiary Bank and the Receiving Bank as soon as possible. Typically, banks require notification of an unauthorized transfer or error within a defined time period such as, for example, 30 or 60 days.

Aside from any contractual or legal requirement for early notification, the sooner the problem is communicated, the greater the odds of the bank being able to halt or pull back the wire funds transfer.

For a great explanation of how a wire fund transfer works behind the scenes, view “Funds Transfer Law and Unauthorized Payment Liability.”

This blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on this blog.

ABOUT US

We have a staff of nearly 80 dedicated professionals now, with diverse skill sets and backgrounds, who share a desire to help people and their businesses thrive.
OUR COMPANY

OUR MISSION

Protect the dreams of property owners with secure title insurance provided through the finest independent agents in a trusted partnership.

CONTACT US

For more information about Alliant National or to get in touch with one of our representatives, please drop us a line.
Contact Us

  • EBOOK

    SHIFT HAPPENS Mitigating Threats to
    your Independent Title Agency

    Download Your Free EBOOK