Today’s title professionals face ever-increasing cybersecurity threats, all of which can cause major disruption and economic loss. With October being Cybersecurity Awareness Month, now is the perfect time to review the latest trends affecting our industry and understand how to mitigate some of the top challenges.
I. Wire fraud remains number one
Wire fraud continues to be the number one threat to title agents, their customers and the vitality of their business. According to the latest FBI reports, the average cost per wire fraud incident is nearly $200K, and the total number of incidents recorded this year will likely break records.
Take the following actions to derail some of the most common schemes, including phishing, business email compromise and social engineering:
- Use multi-factor authentication (MFA) for system access.
- Ensure the latest security patches are promptly installed. Read our tips on keeping programs updated consistently.
- Consider upgrading your antivirus protection with endpoint detection and response (EDR), a dynamic tool that leverages AI technology to reinforce your security.
II. Watch out for fraudulent sellers
Seller theft, one of the most significant emerging threats, involves a scheme where the seller’s identity is falsified, leading to a bogus and fraudulent sale. There is no shortage of information online regarding real estate transactions, making it easy for thieves to obtain these details. Here are some of the best strategies for combating these fraudsters:
- Use encryption to protect communications and all identifying information, including emails and data that is “at rest,” that is, data housed physically on a given computer storage device.
- Verify and validate identification through available electronic tools.
- Confirm and reconfirm throughout every step of the transaction. Slow down. Take time to verify.
To reduce fraudulent transactions and lower premiums, Alliant National has initiated a crime watch program, which incentivizes policy-issuing agents to detect and prevent illicit activity. Learn more about the program and get involved.
III. Privacy remains the focus
Ten states have now enacted comprehensive privacy laws. Six have passed laws this year alone, with Texas being just the latest to do so. All 50 states now have data breach reporting laws. Many statutes impose a significant daily fine for late notice or a private right of action for failure to comply and negligence.
What all these legislative moves imply is that privacy and sensitive data protection remains at the forefront of our industry. Title leaders must ask themselves if they are staying current on the latest technologies and techniques to guarantee end-to-end data protection, including:
- Developing a written security plan and devoting the necessary time and resources to ensure employees are trained sufficiently. maintaining complete records is important as well.
- Encrypting sensitive and non-public information, which is essential to protect against unauthorized access and breaches.
- Knowing and abiding by your state-specific breach reporting requirements.
IV. Practice secured electronic document storage
Title agencies routinely deal with electronic documents that contain large quantities of sensitive information and which represent a highly attractive target for today’s criminals. In fact, according to recent research, “88% of organizations worldwide were experiencing spear-phishing attempts in 2019. And 68% of business leaders felt their cybersecurity risks were drastically increasing.”[i]
Here are some principles to help keep these bad actors at bay:
- Ensure you are applying encryption to protect digitally stored documents.
- Perform periodic backup and recovery tests to ensure the availability and integrity of stored records.
- Maintain and test disaster recovery and business continuity plans.
V. Adhere to all regulations
Regulatory compliance requirements have increased and will continue to evolve to address shifting cybersecurity and consumer privacy issues. Stay abreast of some of the most pressing changes to the landscape:
- The current patchwork of complex state privacy and data breach laws is expected to continue growing without any expected federal legislation.
- The Gramm-Leach-Bliley Act (GLBA) has been updated for the first time since the early-aughts to address data security and privacy. Modifications to the law’s security safeguard rules are going into effect in June 2023 and will be enforced by the Federal Trade Commission.
- The National Association of Insurance Commissioners (NAIC) has released a draft of proposed 2023 privacy protection requirements modeled after the California Consumer Privacy Act (CCPA) and the New York State Department of Financial Services (NYDFS).
Taking action can keep you safe
Wire fraud. Seller falsification. Regulatory compliance. It seems like every day there is a new thing for the busy title agent to worry about. Staying apprised of the latest news and best practices, however, can help, as can seeking out the expertise of an experienced technology provider. Taking these steps, along with carrying comprehensive insurance for cybercrime and liability, can reinforce your security posture for maximum protection.
For more tips on building a safe and secure title operation, check out our other blogs focusing on IT.
[i] 2020 State of the Phish: An in-depth look at user awareness, vulnerability and resilience (proofpoint.com)
Fraudsters continue to seek out legitimate businesses they can use as a cover for illegal schemes that attempt to separate people from their money. One of the fraud scams that has reemerged is the check fraud scheme.
The claims team was recently notified of a scenario involving an Alliant National agent. A new purchase agreement and a sizeable earnest money deposit cashier’s check was presented to the agent. The cashier’s check was from a foreign bank and was promptly deposited by the agent into their escrow account. Shortly after depositing the check, the buyer notified the agent that the transaction was cancelled. The buyer demanded the agent promptly return the funds through aggressively worded emails and continuous phone calls. The agent did the right thing by not allowing the purported buyer to usurp the procedures that the agent already had in place. Ultimately, the foreign bank confirmed that the cashier’s check was fraudulent, and the purported buyer ceased any further efforts to communicate with the agent.
A few Red Flags from the transaction included:
- A foreign buyer,
- For sale by owner transaction,
- No real estate agent utilized in the transaction,
- Use of non-standard real estate purchase and sale agreement template,
- Termination of the purchase and sale agreement was quickly sent to the agent after the check was deposited, and
- An aggressive stance is taken by the buyer requesting that the funds be returned.
Appropriately, the agent did not rush the process, notified the purported foreign buyer of their check verification process, independently researched and located contact information for the foreign bank, confirmed the validity (or lack thereof) of the cashier’s check with the bank, and waited for confirmation from the bank on whether or not the funds cleared the account.
For a foreign bank’s check, it is important to remember that it may take several weeks for funds to clear an account. If you act and return funds too quickly, the buyer’s original check may be returned due to insufficient funds. If you attempt to try and recover the funds from the buyer, most likely the buyer will refuse to return the money or the buyer can no longer be located. Then, the agent is left without those funds in their escrow account, which will lead to other issues.
It is critical to stay alert and continue to recognize this and other fraud schemes before fraudsters visit your office. You can learn more about identifying and preventing fraud by downloading Alliant National’s white paper – Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips. This 23-page guide was also referenced in our recent #AllNatAdvantage post titled The #1 Tool For Recovering Diverted Funds: Your Wire Fraud Response Plan.
In addition, here are a few other resources that outline a similar check scam:
If you have questions, please contact the Alliant National claims team.
The cost of fraud to title and settlement services companies far exceeds the actual face value of a fraud incident, according to the 2022 LexisNexis True Cost of Fraud Study released recently.
The 57-page report provides information on current fraud trends in the mortgage, title and settlement industries and details some of struggles companies face in addressing fraud detection, prevention and customer experience.
In terms of the cost of fraud, research indicates that for every $1 lost in an actual fraud incident, the cost to a title company is $4.19 or four times that of the face amount of the loss. The number rises to $5.34 for originators.
According to the research, the additional cost is related to the labor required for fraud detection, plus the expense of investigation, reporting and recovery following an incident.
For title companies, the biggest cost is labor, with the actual breakout of related costs as follows:
- 35% attributed to labor costs
- 21% for detection, investigation and recovery
- 18% related to fines and legal fees
- 13% covering fees during application and processing
- 13% accounting for the face amount of the actual fraud
The actual cost is extraordinary, given that title companies reported a staggering 77% increase in fraud over the past three years. The growth in fraud is attributed in part to COVID, as a substantial portion of both mortgage and settlement services transactions moved to online and mobile-only transactions.
According to the LexisNexis report, although fraud originates largely in online and mobile-only transactions, it often the moves to the call center or phone-based point of interaction, which further adds to the risk, with the growth of remote workers handling these transactions.
For title companies working in the online and mobile transaction world, identity verification is the number one challenge.
“The challenge involves assessing digital identity attributes such as email and phone number,” the report states. “That is contributing to challenges with identifying malicious bots and the ability to determine the source of the transaction. Synthetic identities are a key driver of identity verification challenges, particularly among organizations that do not use fraud solutions that assess digital identities and behaviors.”
LexisNexis noted that the mobile channel especially is contributing to the high volumes in recent years.
“This channel brings device-related risks that are unique from online browser transactions (SIM card swapping, malware, SMS phishing). This allows fraudsters to gain entry through anonymous remote transactions at the very start of the mortgage process.”
Title companies walk a bit of a tightrope, determined to invest in strong fraud prevention, while striving to create a positive customer experience. Customers reportedly get frustrated with the passwords, qualifying questions and multiple identifiers it takes to get through the transaction and have been known to give up and drop out of online and mobile device-related processes out of frustration.
Balancing these two necessities of doing business has been challenging, but title companies that put forth the effort can dramatically reduce their exposure to fraud.
To help our agents assess their efforts, Alliant National released a white paper this year, titled Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips. The white paper provides agents with useful information, risk factors to consider, and practical action steps that will help you partner with consumers, real estate agents and lenders to defend against the fraudsters.
In addition, the LexisNexis report identifies four recommendations agents should consider, including remaining vigilant to increased fraud, increasing the use of technology, creating multi-layered solutions, and integrating cybersecurity and digital customer experience with your fraud processes.
Here are a few highlights from their list of recommendations:
- Accelerated movement to online/mobile transactions will continue to grow; therefore, title/settlement companies should continue to buildout and enhance the digital customer experience while protecting against fraud.
- Best practice fraud detection and prevention includes a multi-layered solutions approach, and the integration of fraud prevention with cybersecurity operations and the digital customer experience.
- Layering in supportive capabilities such as Social Media intelligence and AI/ML further strengthens fraud prevention.
While fraud prevention in the current environment is challenging, the report concludes that “firms which use a multi-layered solutions approach that is integrated with cybersecurity and digital customer experience operations can lower their cost and volume of successful fraud while improving identity verification and fraud detection effectiveness.”
We encourage agents to continue to explore and implement best practices as we all work together to combat fraud. Download our white paper – Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips – today to begin your own internal assessment.
To view the full LexisNexis study, click here.
Whether your customer has owned property for years or just purchased property, you know these property owners are not immune from being a potential victim of real property fraud. With the use of technology and access to real property records, property owners are reporting a number of fraud cases. One type of fraud being reported involves foreign property owners. The typical target owns an unencumbered, vacant parcel of land and has an out-of-country mailing address listed in the county records. Fraudsters are most likely finding these properties by searching the county records to identify a potential victim.
Here’s one recent fraud scenario: Months after a sales transaction closed, the title company was advised by the insured of a potential fraudulent sale of a vacant parcel of land which was owned by a foreign investor. An investigation revealed that the sale of the property was fraudulent. The conveyance deed was allegedly notarized by a notary employed at the U.S. Consulate General office in Johannesburg, South Africa. The Consulate General’s office confirmed that there was no notary by that name employed at their office. The owner of the property, who resided in Columbia, confirmed that the property was not for sale.
A few Red Flags we have identified while administering these types of claims include:
- Vacant land sales;
- Vacant parcels that have been owned by the same owner for several years;
- Non-local owners;
- Low sales price; or
- Real estate agent is contacted by a buyer/seller in a rush to buy/sell the property.
Some tips to help a title company avoid this type of fraud:
- Be extremely careful with emails from out-of-country sellers rushing to close the transaction;
- If you receive a rush sale request from the purported seller or a real estate agent, DO NOT rush; rather take your time and give the file your full attention;
- Ask the real estate agent how or from whom they received the sale listing;
- Contact the prospect seller via Zoom, Skype or another video-enabled meeting platform;
- Ask the seller questions about the property such as when and how they came to acquire it, and what their plans were for the vacant parcel to see if the seller knows the property’s history;
- Request to see the identification that will be used at the closing transaction;
- Check the seller’s foreign identification. Look at the picture (sometimes you can see that a picture was placed on top of another picture), and check for inconsistencies with the font and signs of tampering. Whenever possible, compare to a standard version of the identification, whether using a guidebook, an online resource, or even Googling samples of identification for comparison;
- Check the property appraiser’s website for the current owner’s address, and consider forwarding a letter to that address;
- Check the tax collector’s website, and review the history of tax payments to see if you can determine who the payor has been, and their mailing address;
- Research the notary and contact the Embassy or Consulate to confirm the notary works there. We have learned that many of the foreign officers are aware of this type of fraud; and
- If your gut tells you something is wrong, please follow your gut. That feeling is usually right!
For our agents, remember that you can be rewarded for your efforts through Alliant National’s Crime Watch Program if you prevent a fraudulent transaction from closing. Program details and the nomination form are on our website at alliantnational.com/title-claims/crime-watch-program/.
This blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on this blog.
Every wire fraud defense expert says the number one factor in recovering diverted funds is time. Every minute counts when fraud has been detected, and hesitations or delays can impede efforts to track down and restore lost funds.
That’s why a Wire Fraud Response Plan is imperative for every title agent.
Before you create your plan, or if you are undergoing a review of your current plan, we encourage you to download Alliant National’s recently updated Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips white paper. This 23-page guide provides an in-depth review of the current schemes and offers a wealth of tools and resources for building a strong defense against fraudsters.
Here are some things to consider when creating your response plan.
Elements of a Wire Fraud Response Plan
The first step in preventing wire fraud is to maintain policies and procedures for verification of wire instructions for the protection of everyone involved in the real estate transaction.
But should the unthinkable happen, remember that the most successful response strategies are those established well in advance and communicated to staff members and your bank.
Like a well-trained sports team, every member of your team must know their role and be prepared to leap into action.
- Establish a close relationship with your bank representatives and continually dialogue regarding updated fraud threats.
- Discuss wire retrieval scenarios and establish emergency contacts in the bank’s fraud department, whom you can call at a moment’s notice day or night.
- Download and fill in the Wire Fraud Contacts form in our Escrow Fraud/Social Engineering white paper and provide it to staff members charged with addressing suspected fraud.
- Notify management the moment suspicion arises that a wire may have been misdirected.
- If funds have been transferred to the receiving bank and cannot be recalled, ask your bank (the sending bank) to formally request that the receiving bank freeze the funds.
- Agents may also attempt to directly contact the receiving bank to ask that the funds be frozen.
- Contact local police in your jurisdiction and the jurisdiction of the receiving bank.
- Report the fraud immediately to your local FBI office.
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
- Contact the underwriter involved in the transaction. Alliant National is available to help you evaluate the situation.
- Contact your corporate attorney to let him or her know about the events taking place.
- Depending on the nature of the fraud, contact the appropriate insurance provider (Cyber-Liability, Escrow Security Bond or Errors & Omissions).
Putting all of these resources in motion immediately can be extremely useful, as anyone of these professionals or organizations may have information that could assist you in recovering your funds.
IC3 may be one of your most important contacts. In 2018, IC3 established its Recovery Asset Team (RAT) to streamline communications with financial institutions and FBI field offices to assist freezing of funds for victims.
In 2021, RAT initiated the Financial Fraud Kill Chain (FFKC) on 1,726 Business Email Compromise (BEC) complaints involving domestic to domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, which represents a 74% success rate.
The efficiency of this organization’s work is largely dependent on the speed with which they are advised, so it’s critical that they be an important part of your Wire Fraud Response Plan.
Even the most vigilant companies may fall prey to fraud, but putting protocols in place can greatly reduce your exposure and give you a pathway to recovering lost funds.
As always, call your Alliant National underwriting team if you have any questions or concerns. We are here to help!