Alliant National’s Regional Counsel Jeff Stein was a featured contributor in PropLogix’s Title Industry Insights for 2019.
For the article, title insurance leaders share perspectives on topics that should be top of mind for settlement agents in 2019.
The story explores strategies and practices for title agents, including wire fraud prevention, marketing, e-closings and blockchain.
Jeff advises, “Blockchain, used appropriately appears to have the potential for robust security through the use of security keys and authentications. As we move forward with applications of Blockchain, we will have to be vigilant in vetting the security in each application.”
Read the full story here: Download
ALTA TitleNews Online Archive
November 29, 2018
The Internal Revenue Service and Security Summit partners recently issued a warning about the surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware.
The scam is especially problematic for businesses whose employees might open the malware because the software can spread throughout the network and potentially take months to successfully remove.
Known as Emotet, this malware generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents.
In the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”
These clues can change with each version of the malware. Scores of these malicious Emotet emails were forwarded to email@example.com.
The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment.
If using a personal computer, delete or forward the scam email to firstname.lastname@example.org.
If you see these using an employer’s computer, notify the company’s technology professionals.
Reprinted with permission from the American Land Title Association.
Criminals today have broadened their tools and tactics in their quest to divert escrow funds by tricking us and others in the real estate transaction into accepting falsified wiring instructions.
Remember when wire fraud was just about bogus emails?
Email is no longer their only weapon. We’re hearing about two non-email tactics fraudsters are using.
Many view faxing as more secure than email because “you can’t hack a fax.” (Actually, hackers have apparently figured out how to compromise networks using the fax machine as an entry point ). But criminals don’t need to hack a fax line or a fax machine to interject themselves into the communications chain.
So, how do they do it?
Some businesses use third-party services that allow faxes to be sent and received from an email account. Just like email, these services have login credentials that must be protected. If criminals can obtain the account credentials, then they can monitor, intercept and alter fax transmissions that may contain wiring instructions.
Of course, criminals don’t even need account credentials to send you a bogus fax. They only need the tools and time to create a convincing looking document (as Dwight from NBC’s The Office found when Jim, his arch nemesis, started sending him faxes from himself … from the future ).
There’s nothing magical about thwarting fax scams. We simply need to apply the good information-security principles that we apply to other communications channels.
Just like an email account, a third-party fax account should have a strong password. Of course, it’s harder for the criminals to figure out account passwords if they’re changed regularly and if the same password isn’t used for multiple accounts.
As with emails, it’s best to look over faxes with a critical eye just to make sure everything appears as it should. If a fax has wiring instructions, the safest course is to follow up by telephone using a known number — not a number that appears on the fax.
Relatedly, scammers are figuring out that our industry has become very good at using the telephone to verify wiring instructions, and they have added telephone scamming to their repertoire of fraud tactics.
The phone is definitely a potential attack vector; we know of one instance where a criminal called a title agent and faked a consumer’s accent in an attempt to divert a wire.
Some simple technologies even allow fraudsters to spoof phone numbers. So a criminal could call you, but make it look like the call was coming from someone legitimately involved in the transaction. The American Land Title Association (ALTA) and Thomas Cronkright, chief executive officer of CertifID, discussed this technology and its potential implications in a recent ALTA blog post .
As with the fax, it’s important to remember that the phone is not always a safe communication channel. Anyone can call a title agent pretending to be someone else; and if that scammer happens to have already compromised an email account — for instance, the consumer’s account — they may have sufficient transactional and personal information to spin a very believable tale.
But just like with fax scams, policies and procedures can be a big help to thwart potential phone scams. A best practice is to establish challenge questions or PIN numbers with consumers up front, and let consumers know you’ll be using these and other methods to verify the identities of those involved in the transaction when speaking by phone.
Of course, PIN numbers and challenge question answers should never be sent via email.
The threat from fraudsters is great, and no one policy or technology solution will ensure the safety of escrow funds in all cases. Alliant National has produced a white paper on escrow fraud as part of our ongoing effort to inform agents about the threats we all face.
We’ve also produced a number of infographics with escrow security tips that you can share with your staff, consumers and others.
Click here to view the report.
Alliant National and Cloudstar Announce Strategic Partnership
Partnership provides Alliant National independent title agents access to advanced, efficient cybersecurity technology solutions
LONGMONT, Colo. – Alliant National Title Insurance Company (Alliant National) and Cloudstar recently announced a strategic partnership that allows Alliant National’s independent title agents access to Cloudstar’s cybersecurity advanced technology platform. This platform also includes project management tools designed to increase productivity.
Cloudstar is a multi-national technology platform that provides secure infrastructure, cloud hosting, data center colocation, email encryption and managed information technology services and support to regulated industries in the United States, Canada and South America.
“In a cloud-first world, title agents need easier ways to work while still utilizing their existing settlement services software,” said Gregory McDonald, CEO of Cloudstar. “Cloudstar makes it easy to run existing software in the cloud while accessing it from anywhere. Together, the Alliant National and Cloudstar partnership will provide Alliant National’s independent agents with both the tools they need to be more productive and the cybersecurity products they need to increase security and help prevent wire fraud.”
“We are all very excited about this new partnership and we’re glad to provide this opportunity for our independent agents to work with Cloudstar,” said Mike Rubin, Alliant National’s vice president of business development. “Alliant National Title Insurance Company agents will benefit from this partnership by enjoying a dedicated Cloudstar account manager, access to new products and services before they are released to the public, as well as special offers and pricing incentives.”
Visit alliantnational.com/newsroom for additional information.
Capital City Public Relations
e : email@example.com
p : 303-241-0805
About Alliant National Title Insurance Company
The Independent Underwriter for The Independent Agent®, Alliant National believes in putting other people first. The company protects the dreams of property owners with secure title insurance and partners with 400+ trusted independent title agents as a licensed underwriter in 22 states, with annual revenues exceeding $110 million. Visit joinalliantnational.com for additional information.
Cloudstar is a multi-national provider of virtual desktop hosting, hosted software and applications, custom tailored IT infrastructure design, email encryption, managed services, IT security, and consulting to regulated industries across the United States, Canada, and South America.
Cloudstar started in 2009 as Cloudstar Consulting Corporation and was created to meet the unique needs of the land title industry. As the company grew from a consulting and IT infrastructure design firm, Cloudstar Consulting Corporation re-branded as simply “Cloudstar”, a DBA of the newly formed holdings company, Keystone Management Group, LLC. In 2014, Cloudstar purchased a 50% interest in U.S. Telecommunications firm, Teletonix Communications in addition to adding Diologix, an electronic medical records encryption company and Notary Transfer to its portfolio of brands. As of 2017, Cloudstar has expanded to provide services to the entirety of the United States, Canada and Mexico with offices in three states and privately held infrastructure co-located at five U.S data centers.
Today, Cloudstar services the needs of tens of thousands of end users from small firms to publicly traded companies. For more information, please visit MyCloudstar.com.
Matching the payee name on wire transfer with name on payee’s destination bank account can help prevent wire fraud
Wire fraud is a HUGE problem that only keeps getting bigger and bigger. In fact, U.S. Representative Randy Hultgren (R-III) wrote a letter to Fed Chairman Jerome Powell on June 29th urging the Fed to be more proactive in regard to wire fraud and real estate transactions. The letter referenced the United Kingdom’s system of matching payees’ names as a possible solution to the problem of wire fraud.
However, we don’t have to wait until a federal law is passed that orders banks to match the payee name on the wire transfer payment to name on the payee’s destination bank account (“Beneficiary Bank”). As title and escrow agents, we can be proactive and in partnership with the banks with which we do business.
So what can we do right now? We can know what our Bank Agreement says with our escrow account bank (the “Receiving Bank”).
Does the Bank Agreement say that the Receiving Bank will check the payee’s name with the name on the destination account when a wire fund transfer is initiated?
Or, does it say that the Receiving Bank need only rely upon the account number it was provided in the wiring instructions order? The answers to these questions might lead to an opportunity to have a discussion with your partnering Receiving Bank.
We can send the wire instructions on the payment order, with explicit directions that acceptance be restricted to match the designated payee’s name on the Beneficiary Bank account. If it doesn’t match, then do not send the funds.
Lastly, if something does go wrong despite our best efforts and precautions, then notify both the Beneficiary Bank and the Receiving Bank as soon as possible. Typically, banks require notification of an unauthorized transfer or error within a defined time period such as, for example, 30 or 60 days.
Aside from any contractual or legal requirement for early notification, the sooner the problem is communicated, the greater the odds of the bank being able to halt or pull back the wire funds transfer.
For a great explanation of how a wire fund transfer works behind the scenes, view “Funds Transfer Law and Unauthorized Payment Liability.”