Posts Tagged ‘email fraud’

Tabletop with a pair of glasses next to a newspaper headline reading: cyber attack in all capital letters

Fraud Surge: Understanding the threat. Protecting your business

Cyber fraud, social engineering and wire fraud attempts are on the rise again. We’re sharing in-depth information to help you protect your business.

Escrow_Fraud_2022-cover


Today, we are releasing the 2022 version of our
Escrow Fraud/Social Engineering White Paper.

First published in 2017 and fully updated by Alliant National’s Compliance, Risk and Education teams, the paper provides information, tips and suggestions to help you better understand the current threat environment and create a comprehensive plan that addresses the realities we face in our industry.

Time to assess cyberattack risk in light of Ukraine invasion

The paper’s release comes at a critical time as U.S. businesses brace for potential cyber warfare corresponding with recent violence in Europe. The Department of Homeland Security (DHS) issued a bulletin in January warning of the increased risk of cyberattacks in the U.S. as Russia was poised to invade Ukraine.

“We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” the agency said in the bulletin released to law enforcement partners and obtained by The Hill.

In response, the American Land Title Association warned in a recent blog that the risk of spillover cyberattacks against non-primary targets could become much more widespread.

2022: Growth of BEC/EAC

Against this backdrop of international tension, Alliant National agents continue to report an increase in attempted wire fraud schemes. These attacks are part of a growing fraud threat targeting businesses of all sizes and the general public.

The FBI refers to this threat as Business Email Compromise/Email Account Compromise (BEC/EAC). BEC/EAC fraudsters focus on organizations that perform wire transfers, making real estate especially vulnerable.

According to the FBI Internet Crime Complaint Center’s (IC3) most recent report, the center received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business Email Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million.

Protect Your Agency

Given the increased incidence of BEC/EAC scams and ransomware attacks over the past several years, it is imperative that prevention be addressed at every level. State and federal entities, as well as most of the top tech companies are creating alliances and workgroups to stem the tide.

Title insurance companies and agents also have a role to play. Given the current nationwide threat, we encourage all agents and their staff to remain on high alert for attempted fraud, particularly when it comes to seller proceeds. We also urge agencies to remain vigilant regarding possible attempts to obtain consumer or employee PII.

Here are some immediate steps to consider:

  • Identify the risks your agency faces and make sure your systems are protected
  • Maintain strict policies and procedures for verification of wire instructions
  • Educate your staff and consumers about what to do when they suspect fraud
  • Establish protocols to quickly detect fraud and recover diverted funds
  • Obtain appropriate insurance, including Cyber Liability coverage

Cyber Security is Mission Critical

There is nothing more important than protecting our clients’ funds and personal information. It is mission critical for a title company to make security its highest priority in 2022. You can begin today to assess your systems and educate your staff to make sure every possible precaution has been put into place. We hope our Escrow Fraud/Social Engineering White Paper will be helpful in this work.

In addition to the release of the White Paper, Alliant National will provide updated materials throughout the year to help agents understand and respond to the threat environment we face. Of course, we’re always ready to discuss the threats we are seeing, and steps you might consider for your business. Feel free to reach out to your agency representative, or any member of the Alliant National team.

Graphic of falling yellow, blue, green and red envelopes with question marks.

4 Tips For Spotting Email Scams

As technology advances, so does the deception

The pandemic has amplified the number of scams and email attacks on individuals, companies and organizations. People are already in vulnerable places emotionally, socially, physically and mentally; Covid has only intensified fright and flight instincts. We are constantly interrupted by additional stressors.

What might have easily caught your attention on an invoice, bill or receipt, can now slip by when the mind is overwhelmed with the stress of daily life. The way people receive goods, bills, invoices and confirmations has changed during the pandemic.

Be proactive and take one worry off the list by preparing yourself and educating your clients, friends and family about current email scams. Here are four ways to identify obvious scams when shopping for company or personal resources.

The Sender

When opening an email, especially one that is unexpected make sure to check the sender address. This can be the first and last stop when identifying a scam. Do you order from Amazon or Office Depot often for your business? Typically, large companies have a very streamlined and identifiable confirmation process. It might have a logo, a reprint of your order, package tracking information, etc.

Most companies have emails such as a “confirmation@” or “receipt@”, and then the company. If your typical confirmation is now coming from a different sender or source, this is a red flag. Most purchases are automated; therefore, an email about a package and confirmation that is not expected or sent at strange times is also a red flag.

Grammar

The schoolteachers’ philosophy holds true: If it isn’t written correctly, it’s not correct. Many scams originate from outside of the United States and come from people who have never spoken English, or who might have only slight knowledge of English grammar and mechanics. This lack of familiarity with the language or even cultural communication can be extremely evident from the outset of the email. Unusual forms of personal address or improper labels are a signal of deceit.

Legitimate order confirmation emails should be free of spelling and punctuation errors, or words swapped for one another such as “their” and “there.” If you find such an error, take it as a signal that this email is likely a scam.

Strange Link     

Many people are already well versed on email scams that direct you to a link. Most know not to click the link. Use this same strategy when reviewing your confirmation and order. You are usually able to scan over the item or photo and it should direct you back to the home site, whether you were shopping on Home Depot, Office Depot or Amazon. If it directs you to another site, and you can confirm this by hovering your mouse over the link, then it’s a scam. Contact your original purchaser immediately.

Format

Most online retailers have the shopping, shipping and receipt process dialed in. Communications are auto-formatted and the email confirmation arrives in a clear, itemized order. Often items – the exact photo of the item and its link – can be found on an email confirmation.

Order receipts or requests for further action that are formatted in a strange manner should raise your suspicion. Are they asking you for additional shipping payments? Did they add your taxes incorrectly and are trying to collect? Do not fall victim to these scams. Your receipt of purchase should be clean, neat and easy to read and reference. If something is strange, then this is an identifier of a scam. In the end, trust your instincts. If something looks off, it likely is. Don’t be afraid to back out of an email or a link that feels like it might be fake. You know when something looks and behaves unlike the norm. Trust that and help yourself and your business stay safe.

smishing-cube-with-letters-and-words-from-the-computer-software-picture

Protect Your Phone From This New Type of Phishing Attack

Now is the time to educate yourself.

In the chaotic economic and physical landscape of 2020, the last thing any individual should have to contend with is being taken advantage of when vulnerable. Nonetheless, scammers are still looking for loopholes to victimize the innocent. Their newest tactic is a scam call “smishing.”

What is smishing? How does one become educated and protected, and how can you be proactive for the next scam?

Smishing is the practice of sending fraudulent text messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers. Smishing is basically a “phishing” scam involving the exchange of text messages or SMS messages.

Common platforms and applications that the hacker might use include a built-in smartphone messenger, iMessage, Facetime, Facebook messenger, WhatsApp, Slack, Skype and other face-to-face mobile vehicles.

Sadly, this is quickly becoming an increasingly popular and successful means of deception. Smishing is especially confusing as people often believe their cell phones are safe from hackers and scammers. Junk text messages were a rarity in years past. Nowadays such texts are common, and many businesses, including doctors, routinely text individuals to confirm appointments or prescription refills.

Due to the newer nature of this scam, and lack of education about its pathway from spam to private information, many consumers, especially those more at risk, such as the elderly, or those without internet access, are prime targets.

In prior years, there was a massive effort to educate the public about not clicking on random links in their email, and that became extremely successful. Nonetheless, criminals are finding a new path, and that is through the technology that is closest to them — cell phones.

Now is the time to educate yourself on how to differentiate spam and phishing text messages from important communication. When receiving a text message from an unknown source, here are four things to think about before responding:

  1. If it seems too good to be true, then it is! If you receive a generous coupon code from a place you have never heard of or an amazing incentive from a popular brand like Target, McDonald’s, Nike or others, don’t respond. Instead, check a website from the company or call the main phone number to see if the offer is legit. Don’t call a number on the text message, and never respond to an offer by texting personal information.  
  2. Time sensitivity. If you receive a text asking for personal information to fulfill a medical or business request, and they need it ASAP, it’s a scam. A reputable company, medical office or organization is going to pick up the phone and call an individual, not text.
  3. Long text messages from unknown sources, including a link, are also a good indication of smishing, or phone phishing schemes. Never, click on a link from an unknown source. The link can immediately allow phishers access to confidential and valuable information from your phone. Be vigilant for text messages asking for personal information, passwords or other sensitive information.
  4. Does the text message have grammatical errors or strange sentence structure? While many people use talk-to-text, it would never be a means of communication for a business to connect with a customer. Another red flag is when the pronoun to your name such as Ms., Mrs., Mr., Dr., etc., is incorrect or even used at all from a stranger. Don’t respond to these messages.

What to do once smished? Delete! And if necessary, block the sender. If you are truly questioning whether a text is legit, try logging onto the internet from a different device to do some investigative work. Bottom line: You do not want to compromise the security of your personal information to anyone via text.

Cyber securiy if something doesn't smell right

If Something Doesn’t Smell Right, It’s Probably Not

It may seem like “Title Insurance 101” – but small mistakes can be signs of fraud or misuse of funds or outright intentional undoing of a clear road to closing on a real estate deal.

It may seem like “Title Insurance 101” – but small mistakes can be signs of fraud or misuse of funds or outright intentional undoing of a clear road to closing on a real estate deal.

Not everyone knows everything all of the time; a thousand items have to fall into place and “add up” in order to make the process smooth and completely unencumbered.

Download Our Fraud Detection Guide for Agents

A power of attorney showing up in the middle of a transaction (or at the end) should be scrutinized. So should cashier’s checks drawn from geographical areas that don’t coincide with the seller’s, buyer’s or property’s locale.

Take a look at the potential red flags below; being aware is half the battle.

Preliminary Title Report/Title Search

Red flags” involving the preliminary title report and title search may include:

  • Ordered by, prepared for, or mailed to a party other than the lender.
  • Property seller is not in title (possible purchase disguised as a refinance or improper property flip).
  • Seller owned property for a short time with a cash-out on the sale.
  • Notice of default is recorded (possible cash-out purchase with a straw buyer or foreclosure rescue).
  • Report indicates delinquent property taxes.
  • Report indicates modification agreement on existing loan(s).
  • Title documents show the borrower or Seller on a purchase is not the owner of record.
    • For a purchase transaction, the seller should be the owner of record.
    • For a refinance transaction, the borrower on the loan application should match the owner of record on the title documents.

Escrow/Closing Instructions

“Red flags” involving escrow and closing instructions may include:

  • “Fill in the blank” or generic escrow instructions.
  • Change of sales prices to “fit” the appraisal.
  • Odd amounts paid as a deposit/down payment.
  • Significant or unusual buyer credits or fees.
  • Unusual amendments to the original transaction.
  • Seller on Closing Disclosure different than seller on preliminary title report.
  • Evidence of “white-outs” or alterations without initials.
  • Payoffs to third parties whose lien was not listed on the preliminary title report.
  • Reference to another escrow.
  • Down payment is paid into escrow upon opening.
  • Cash is paid outside of escrow to property seller.
  • Sale is “subject to” property seller acquiring title.
  • Entity acting as the property seller is controlled by, affiliated with, or related to the applicant or another party to the transaction.
  • Buyer is required to use a specific broker/lender.
  • Sale of subject property is not subject to inspection.
  • Power of attorney used with no explanation.
  • Power of attorney is not properly documented/recorded.

Funds to Close

“Red flags” involving funds to close may include:

  • Remitter on cashier’s check or source of the wire is not the borrower.
  • Cashier’s check issued from a bank that is inconsistent with the depository information on application.
  • Cashier’s check issued from a bank branch that is out of the buyer’s geographic area.
  • Dollar amount is incorrectly encoded on check.
  • Sources of funds are questionable

Closing Disclosure/Settlement Statement

“Red flags” involving the closing disclosure or settlement statement may include:

  • Names and addresses of property seller and buyer vary from other loan documentation.
  • Seller’s mailing address is the same as another party to the transaction.
  • Excessive real estate agent commissions paid.
  • Real estate commission paid, but no realtors listed on the purchase contract.
  • Sales price differs from sales contract.
  • Reference is made to undisclosed secondary financing or double escrow.
  • Rent prorated on owner-occupied transactions.
  • Zero amount due to/from buyer.
  • Closing Disclosure or escrow instructions contain unusual credits, disbursements, related parties, delinquent loans paid off, or multiple mortgages paid off.
  • Payoffs for items not consistent with liens listed on title commitment.
  • Excessive seller paid marketing, administrative, assignment or trust fees.
  • Payouts to unknown parties.
  • Terms of the closed mortgage differ from the terms approved by the underwriter.
  • Date of settlement is delayed without explanation.

Download Our Fraud Detection Guide for Agents

Avoiding Fraud pitfalls

Wire Fraud, Appraisals & Contracts (Oh, My!)

No one wants to learn that fraud or misuse of funds or fraudulent transfers happened once a closing is complete, yet those events can be part of real estate closing worlds.

Appraisals can also prove to be undependable, as parties involved can have less-than-legitimate agendas.

Download Our Fraud Detection Guide for Agents

Who wants to learn of a crooked contract – that’s already been signed, notarized and filed?

No one. Below, we take a look at what agents can do regarding all of the above and how to avoid pitfalls before they happen.

What Agents Should Do If Wire Fraud is Suspected

After the Exchange of Funds (regardless of the dollar amount of the loss)

  • Contact your bank.
    • Speak with someone who has authority to reverse or “recall” the wire. This contact may be in your bank’s fraud department. Note: A best practice is to identify this contact and establish a relationship with him or her before a wire fraud incident occurs. 
    • Make sure the bank understands you have been the victim of a Business Email Compromise (BEC) scheme.
    • Request a Wire Recall or SWIFT Recall Message.
    • Ask your bank to fully cooperate with law enforcement.
  • Contact your local FBI office (https://www.fbi.gov/contact-us/field-offices). The FBI has a number of protocols aimed at freezing and retrieving funds. They will activate appropriate protocols based upon the circumstances of the loss. The American Land Title Association has more information on the FBI’s protocol for reversing fraudulent international wires.
  • Complete and submit a Complaint Referral Form to the FBI’s Internet Crime Complaint Center (IC3). Be prepared to provide all details related to the transaction including date, amount, the name of your bank and the beneficiary bank, account numbers, contact information, etc.
  • Contact the fraud department at the beneficiary bank to notify them about the wire-recall request due to the fraud. Provide details and request that the account be frozen.
  • Contact local law enforcement (https://www.policeone.com/law-enforcement-directory/)
  • Contact your Secret Service field office (https://www.secretservice.gov/contact/field-offices/)
  • Contact the Alliant National Claims Department by first calling the Claims Manager at (303) 682-9800, ext. 425, and then follow up by emailing applicable information to Claims@alliantnational.com.

When the Money Goes Out, Minutes Count

The 48-hour period following a fraudulent wire transfer is critical; immediately contacting your bank, the local FBI office and submitting a complaint to IC3 as described above will increase your chances of recovering the funds. 

Special Handling of International Wires

Since international wire fraud has a very low chance of recovery or reversal of the wire, special precautions are advisable, such as requiring “in-person authorization” from only those authorized signers on an out-going international wire, and having such precautionary requirements agreed upon with your bank.

Appraisals

Appraisals and appraisal reports may contain “red flags” indicating potential fraud. “Red flags” may include, but are not limited to:

  • Owner of record listed is inconsistent with other information disclosed in the loan file.
  • Occupant is identified as a tenant on an owner-occupied refinance application.
  • Owner-occupied refinance transaction, but the property is vacant.
  • Occupant of subject property is listed as “unknown.”
  • Appraiser uses public record, exterior inspections, or property seller/builder as sole data sources.
  • Illegal zoning is checked on first page of the appraisal.
  • “Physical deficiencies or adverse conditions that affect the livability, soundness, or structural integrity box” is checked “Yes” on the first page of the appraisal.
  • Subject property has increased in value in a stable or declining market.
  • Land value is atypically high for the area.
  • Excessive adjustments in urban or suburban area where marketing time is under six months.
  • Timeframe between sales does not allow enough time for reported renovations made to property.
  • Loan file contains a note with a predetermined value.
  • Ineligible Condition (C5, C6) or Quality (Q6) ratings.
  • Blank spaces on the form (borrower, client, occupant, etc.).
  • Missing photos or maps.
  • Photos do not match description of property.
  • House number in photo does not match property address.
  • Photos do not match the floor plan sketch (i.e. location of garage, fireplace, etc.).
  • Photos of subject property taken from odd angles or with no depth of field, or have been cropped or otherwise altered.
  • Photos reveal items not disclosed in appraisal (e.g., commercial property next door, railroad tracks, another structure on premises, etc.).
  • Weather conditions in photo of property are not appropriate for the date of the appraisal (i.e., July photo shows snow on the ground for a property in Illinois).
  • “For rent” or “for sale” sign in photo of subject property on owner-occupant refinance application.
  • Most recent sale(s) and/or listing information on subject property and/or comparable properties are missing.
  • Use of unverified comparable sales (i.e., not verified through traditional data sources such as MLS, sales office, Closing Disclosure, real estate agent, etc.).
  • Use of inappropriate comparable properties (e.g., that are not similar to the subject property when comparable properties are present).
  • Excessive distance between comparable properties and subject property.
  • All comparable properties are from different town(s) than the subject property.
  • Lack of bracketing with comparable sales used (e.g., all sales are significantly larger in living area than the subject).
  • Appraisal is ordered and/or prepared prior to date of sales contract or loan application.

Appraiser is located outside of the county in which the property is located.

Sales Contracts

Sales contract “Red flags” indicating potential fraud may include, but are not limited to:

  • Multiple sales contracts exist.
  • Sales contract is dated after the appraisal date.
  • Sales contract is subject to an existing lease on an owner-occupied transaction.
  • Sales contract includes personal property or prohibited sales concessions.
  • Sales price is significantly above or below market value.
  • Purchase contract addenda adjusts the sales price.
  • Applicant is not shown as purchaser.
  • No real estate professional involved.
  • Real estate agent(s) used, but not paid a fee; or no real estate agent(s) involved at all.
  • Seller is a corporation or LLC and the subject property is not new construction.
  • Seller is an affiliated real estate agent, trust, relative or employer.
  • The parties to the transaction are related by family or commercial enterprise.
  • The contract is not dated.
  • Names are deleted from or added to the purchase contract.
  • The contract is an “option contract.”
  • The contract was assigned or is assignable.
  • Earnest-money deposit is an unusually high amount, consists of the entire down payment, or is an odd amount.
  • Contract has a very short inspection period and upon satisfactory inspection, the buyer is to notify the settlement agent who is then supposed to transfer a large portion or all of the deposit to the seller (scam is that 10 business days later, it is discovered that the cashiers’ check is counterfeit after the money has been sent, and the escrow account suffers a shortage). 
    • Recommendation is to contact the bank or entity issuing the cashier’s check to confirm that the cashier’s check number and amount is valid prior to depositing the item in the account. Most banks will confirm this by telephone. Due to the increasing occurrences of counterfeit cashier’s checks, most banks have instituted mandatory holds on cashier’s checks. It is not uncommon for a hold to last up to 10 days (check with your bank to confirm their policy).
  • Name and address on earnest-money deposit check is different from that of the buyer.
  • Earnest-money deposit checks have inconsistent dates, for example:
    • Check #111 dated November 1
    • Check #113 dated September 1
    • Check #114 dated October 1
  • Earnest-money check is not cashed or is not reflected on the Closing Disclosure.

Download Our Fraud Detection Guide for Agents

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM