Are you ready?
Can you spot when you’re being phished? One of the first steps is fully understanding what phishing is. Unfortunately, it’s not as fun as heading to the stream with your waders. Phishing can take place via phone call, text, or email, but the latter is the most common place. The attacker will pose as a legitimate institution in an attempt to get secure information from their target. Some examples include those spam calls you receive from the “IRS” robot asking for your social security number.
Over email, things can get a little bit more malicious. It’s common sense to know that an unsolicited robotic voice asking for your social security number isn’t legitimate. However, what happens when you receive an email with a link that you wouldn’t usually give a second glance to? Cyber attackers rely on that lack of attention to target vulnerable users. Here are some ways to tell if the email you’ve received is a phishing email:
- Remember that if it seems too good to be true, it probably is. Those flashy designs advertising expensive items for free could (and in all likelihood will) result in identity theft.
- Be mindful of emails from unknown senders insisting that you act urgently. The attacker is trying to pressure you into acting without thinking.
- Watch out for unknown hyperlinks and attachments. They’ve gained popularity over recent years. They avoid giving you all the details in the email to avoid looking immediately suspicious and urge you to click on the link for more information. Never click on a link from an unknown or untrustworthy sender.
All of that might seem like a lot, but knowing what to look out for is the first step in protecting yourself from cyber-attacks. After a while it will all become like second nature. There are also plenty of other preventative steps that you can take to ensure that you and your inbox are protected.
Spam filters can go a long way toward stopping malicious content from getting to your inbox at all, and you can update your browser’s security settings to block fraudulent websites from opening at all. Setting up two-factor authentication with your financial institutions and any website where your bank data may be stored can help protect you as well.
Jigsaw and Google have partnered to keep an up-to-date phishing quiz to see if you’re ready to identify phishing attempts that may come your way. You can take it here.
Be mindful of the potential hazards with an increasingly online-only landscape
As news continues to break, it becomes more and more apparent that the COVID-19 pandemic will have a lasting effect on our industry. While it’s critical that we learn to adapt amidst the crisis, it’s also imperative that we be mindful of the potential hazards that can come with shifting into an increasingly online-only landscape. Here are some of the things to watch out for as we navigate through this difficult time.
Increase in Wire Fraud and Phishing
There is no way to avoid electronic communications throughout this pandemic. Be vigilant against phishing emails, incorrect email addresses, slightly off signature blocks and dated lingo, and emails coming in at odd hours (implying the fraudster may be abroad). Always call a verified telephone number to confirm changes to wire instructions. Click on this link for more information on what to watch out for.
TIP: Have a plan in place – meet with your IT department, and talk to your insurance agent to see how you can protect yourself against these scams.
Fraud & Forgery
Unfortunately, tumultuous times often only embolden fraudsters further. That’s why it’s important now, more than ever, to treat remote closings with the same care and caution as mail-away closings. Here are some red flags common to fraud and forgery claims: (1) the property is a part of a “flip” transaction; (2) the property is vacant land; (3) the deed to the seller is a recently recorded quit claim deed. Click on this link for more red flags.
Powers of Attorney
Powers of Attorney (POA) are ripe for fraud. Carefully examine the powers that are granted in any POA, and confirm that the POA was given freely and purposefully for the intent for which it will be used. Require a fresh POA if the POA presented is more than six months old. If you have reason to question the capacity of the principal, or have questions about the validity of the POA, contact your local Alliant National underwriter for approval before proceeding.
TIP: If your state allows the use of remote online notarization (RON) technology and the county recorder will accept electronically signed instruments for recording, recommend using RON so the principal can sign the required documents instead of appointing an attorney-in-fact.
Undue Influence and Duress on the Elderly
With COVID-19 threatening the elderly more than any other demographic, we have a responsibility to ensure we’re mindful of any potential undue influence or duress from unscrupulous heirs or caregivers. If the person holding title is elderly or is sick, be sure to dig in further before agreeing to conduct the closing.
Hard Money Lenders
Hard money lenders aren’t regulated by state or federal law. Generally, hard money lenders do not collect loan applications or otherwise vet their borrowers. This practice creates a higher potential for fraud by third parties posing as legitimate borrowers. If something feels off, it probably is. For more information on what to look for with these transactions, click on this link.
Note: Seller-financed purchased money loans are not considered hard money lenders.
Crime Watch Program We take the safety of our clientele very seriously. Because of that, Alliant National offers a $1000 reward to any agent who helps identify and prevent a forgery or scam. Be sure to contact the hotline to report anything that may feel like fraudulent activity. To submit a claim for a reward, click here: https://alliantnational.com/title-claims/crime-watch-program/.
Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.
A cyberattack is a malicious and deliberate attempt by and
individual or an organization to breach the information system of another
individual or company, seeking benefit from the disruption, ransom, or theft of
This electronic threat is increasing in frequency and
complexity and has become very expensive to remediate or to recover from.
Here’s the surprise – almost 90 percent of cyberattacks are
caused or allowed by human error from the internal staff of the entity attacked.
This includes failure to follow security rules and
protocols, sharing passwords, using weak or default settings, and falling
victim to social engineering.
Even the large events such as the hacking at Equifax and
Target, were caused by failure to follow the rules regarding administrative
password settings, human error.
So whether your business is large or small, you need ongoing,
strong training and testing to counter the threats.
Recent survey results of a survey of title insurance
professionals by the American Land Title Association show a surprisingly small
amount of agents are conducting ongoing staff training, and most do it once
when they hire an employee.
This is a recipe for eventually becoming a victim of
There are simple yet effective steps to take to counter the
increasing threats by taking a strong defense, and it starts with regular
training and testing to remove or reduce the human error element.
Here is what to do to put a training and test plan into
- Ensure new hires are introduced to and educated on information and data security policies and procedures as well as how to protect nonpublic personal information (NPI) and sensitive information. Emphasize to them the “why” so they fully understand the shared responsibility nature. This should be a core part of their orientation and on-boarding.
- Set and schedule ongoing training for all employees at every level commensurate with the size of the staff and complexity of your business. This should be monthly, quarterly or semiannually.
- At a minimum, cover controls over access (passwords; pass phrases; multi-factor authentication), network and data distribution (including never using non-secured networks for conducting business such as those in cafes/hotels/airports), phishing and spear-phishing, and never use a general email service like Yahoo or Gmail when sending NPI or sensitive information; social media and social engineering.
- Require security measures for smart devices (smart phones, and in particular Androids, account for a large percentage of data breaches).
- Explain the implications of data loss, which includes reputational hits and potential fines and penalties and law suits.
- Focus on all media forms – hardcopy as well as electronic – and include proper handling and protection from receipt through handling to secured destruction.
- Training may be done with internal documents or you may use a third party to conduct the training (i.e. Data Shield; KnowBe4).
- After the training, use a quiz to gauge how well your employees understood the material.
- Develop or use a third party to conduct ongoing, regular internal testing such as phishing or spear phishing testing (i.e. KnowBe4 is one vendor who can provide you this tool). Depending on the results, you may then make appropriate changes and re-focus your training to deal with any weak or weaker topics or areas.
- Provide a single point of contact the employee may turn to with questions or to report any suspected suspicious attempts to obtain information or data (electronic or by phone).
- Keep records of the training and attendees and testing results. This will be needed to demonstrate good faith, to meet many state requirements – and it’s a best practice.
Last, keep up-to-date on emerging threats and vulnerabilities
and provide updated training to employees to be sure they understand new risks
or new controls and why they are important; employees must know how to
recognize and report threats to stay vigilant.
This will keep your training and testing current and fresh
and serve as a continual reminder to your staff.
Remember, this is a
marathon, not a sprint. Threats are constantly evolving and your training and
testing must also evolve to counter these threats and keep your defense robust.
rising threat, recent survey results show a surprisingly small number of agents
are prepared, as most do not have a written cyber security and response plan.
cyberattack is a malicious and deliberate attempt by and individual or an
organization to breach the information system of another individual or company,
seeking benefit from the disruption, ransom, or theft of data – and such
attacks are increasing in numbers and complexity.
rising threat, recent survey results show a surprisingly small number of agents
are prepared, as most do not have a written cyber security and response plan.
cyber security and response plan is essential to be prepared, organized and to
execute appropriate and prompt actions when an attack occurs.
does not need to be complex. To be effective, it should be simple and clear and
present key information. It should also be built commensurate with the size of
elements of the plan must include:
- Perform a risk analysis to mitigate all risks, covering administrative, technical, and physical controls. Simply put, this is what could be vulnerable, what could go wrong and what is or should be done to try to avoid or contain the threat(s).
- The cybersecurity program must protect the security and confidentiality of nonpublic information, protect against threats or hazards to the security or integrity of information, and protect against unauthorized access.
- Define a schedule for the retention of data and a mechanism for its secure destruction when data is no longer required.
- Designate an individual, third party, or affiliate who is responsible for the information security program.
- Be sure existing controls in place – access controls, authentication controls, and physical controls to prevent access to nonpublic information. Encryption (or an alternative, equivalent measure) should be in place to secure data stored on portable electronic devices and for data transmitted over an external network.
- Identify and manage devices that connect to the network – a simple inventory.
- Adopt secure development practices for in-house applications if applicable. Alternatively, obtain this assurance from your service provider that performs the development for you.
- Use multi-factor authentication to prevent unauthorized accessing of nonpublic information.
- Regularly test and monitor systems for actual and attempted attacks, maintain audit trails, and implement measures to prevent the unauthorized destruction or loss of nonpublic information.
- Keep up-to-date on emerging threats and vulnerabilities and provide ongoing training to employees to be sure they understand existing controls and why they are important; employees must know how to recognize and report threats.
response plan must include the following elements to be effective:
- Date of the cybersecurity event.
- A description of how the information
was exposed, lost, stolen, or breached,
including the specific roles and responsibilities of third-party service
providers, if any.
- How the cybersecurity event was
- Whether any lost, stolen, or breached
information has been recovered and if so, how this was done.
- The identity of the source of the
- Whether you filed a police report or
notified any regulatory, governmental or law enforcement agency and, if so,
when such notification was provided and by whom.
- A description of the specific types
of information acquired without authorization, which means particular data
elements including, for example, types of financial information, or types of
information allowing identification of the consumer.
- Time period during which the
information system was compromised by the cybersecurity event.
- The number of total consumers
affected by the cybersecurity event, or a best estimate.
- The results of any internal review
identifying a lapse in either automated controls or internal procedures, or
confirming that all automated controls or internal procedures were followed.
- A description of efforts being
undertaken to remediate the situation which permitted the cybersecurity event
Don’t wait until an event occurs. It’s a chaotic time full of financial
and emotional high stress. Do it now and provide yourself the peace of knowing
you are prepared.
A national survey of title agents conducted by the American Land Title Association shows that our industry has farther to go when it comes to formalizing cyber and escrow security plans.
Results of the survey also hint that the threat landscape is
becoming increasingly perilous for title agents, consumers and others involved in real estate transactions.
Of the survey’s more than 750 respondents, 63 percent said the number of cybercrime attempts targeting their company increased between 2017 and 2018.
Roughly one-third of respondents also observed increases in fraud attempts targeting buyers, sellers and real estate agents over the same period.
Many title agencies have sought to combat the worsening cyber and escrow fraud threat by means of employee awareness.
More than half of respondents said their company reminds employees about the need to remain vigilant on about a weekly basis. More than 25 percent said those employee reminders are made on a monthly basis.
However, more than 20 percent of respondents reported that their company offers no training at all on cybercrime trends or red flags.
More troubling, however, is that despite the apparent increase in fraud attempts, just 62 percent of respondents said their company has a written cybercrime response plan.
Additionally, more than 40 percent of agents were not aware of or have not implemented ALTA’s Rapid Response Plan for Wire Transfer Fraud.
Smaller agencies — those with gross annual income below $1 million — were also somewhat less likely to have formal cyber response plans, wire retrieval plans or training programs than were larger agencies.
Survey results also show that cybercrime insurance coverage among title agents of all sizes is not as prevalent as one might expect given the apparent increase in fraud attempts. More than 27 percent of respondents said their company does not currently have a cybercrime insurance policy.
While most industry participants have made strides when it comes to protecting escrow funds and sensitive information, the survey clearly shows that gaps remain.
The survey also provides an opportunity for all of us to redouble our efforts, particularly when it comes to formalizing cyber response plans.
To help, we’ll be posting a blog series in the coming weeks that will provide simple, actionable tips for improving and formalizing response plans, as well as plans for wire retrieval and staff training.
We’ll also talk about the importance of cyber insurance and provide insight on how to get the right coverages for your business.
In the meantime, check out the growing library of cyber fraud resources on the Alliant National Education page. Alliant National agents can also watch our brand new Texas Continuing Education webinar on information and escrow security.