In 2021, IC3 received 847,376 complaints from consumers and businesses – a 7% increase from 2020 – with potential losses exceeding $6.9 billion. Most significantly for the title insurance industry, business email compromise (BEC) schemes resulted in losses of nearly $2.4 billion, up 33% from 2020.
In its report, the IC3 identified Russia as a hot spot for cyberattack actors in 2021. In recent weeks, the risk of those cyberattacks has grown exponentially in retaliation for the many sanctions imposed on Russia following its invasion of Ukraine on Feb. 24.
On March 21, President Biden released a statement highlighting the imminent threat to our nation’s cybersecurity. That same day, Deputy National Security Advisor Anne Neuberger said in a press briefing, “We’ve previously warned about the potential for Russia to conduct cyberattacks against the United States, including as a response to the unprecedented economic costs that the U.S. and allies and partners imposed in response to Russia’s further invasion of Ukraine. Today, we are reiterating those warnings, and we’re doing so based on evolving threat intelligence that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States.”
These imminent threats are a reminder of how important it is to take the necessary steps to protect your agency and your customers.
In addition, the Biden Administration released a Fact Sheet, urging companies to take immediate steps to protect their systems, including:
Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities
Change passwords across your networks so that previously stolen credentials are useless to malicious actors
Back up your data and ensure you have offline backups beyond the reach of malicious actors
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
Encrypt your data so it cannot be used if it is stolen
Educate your employees on common tactics that attackers will use over email or through websites
Encourage employees to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly
Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents
The Biden Administration also encourages IT and security leaders at all companies to visit the websites of CISA and the FBI to access technical information and other useful resources. These heightened threats represent a clear and present danger for all of us. We encourage all of our agents to download the Alliant National Escrow Fraud/Social Engineeringtoday and share this information with your staff and customers.
First published in 2017 and fully updated by Alliant National’s Compliance, Risk and Education teams, the paper provides information, tips and suggestions to help you better understand the current threat environment and create a comprehensive plan that addresses the realities we face in our industry.
Time to assess cyberattack risk in light of Ukraine invasion
The paper’s release comes at a critical time as U.S. businesses brace for potential cyber warfare corresponding with recent violence in Europe. The Department of Homeland Security (DHS) issued a bulletin in January warning of the increased risk of cyberattacks in the U.S. as Russia was poised to invade Ukraine.
“We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” the agency said in the bulletin released to law enforcement partners and obtained by The Hill.
In response, the American Land Title Association warned in a recent blog that the risk of spillover cyberattacks against non-primary targets could become much more widespread.
2022: Growth of BEC/EAC
Against this backdrop of international tension, Alliant National agents continue to report an increase in attempted wire fraud schemes. These attacks are part of a growing fraud threat targeting businesses of all sizes and the general public.
The FBI refers to this threat as Business Email Compromise/Email Account Compromise (BEC/EAC). BEC/EAC fraudsters focus on organizations that perform wire transfers, making real estate especially vulnerable.
According to the FBI Internet Crime Complaint Center’s (IC3) most recent report, the center received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business Email Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million.
Protect Your Agency
Given the increased incidence of BEC/EAC scams and ransomware attacks over the past several years, it is imperative that prevention be addressed at every level. State and federal entities, as well as most of the top tech companies are creating alliances and workgroups to stem the tide.
Title insurance companies and agents also have a role to play. Given the current nationwide threat, we encourage all agents and their staff to remain on high alert for attempted fraud, particularly when it comes to seller proceeds. We also urge agencies to remain vigilant regarding possible attempts to obtain consumer or employee PII.
Here are some immediate steps to consider:
Identify the risks your agency faces and make sure your systems are protected
Maintain strict policies and procedures for verification of wire instructions
Educate your staff and consumers about what to do when they suspect fraud
Establish protocols to quickly detect fraud and recover diverted funds
Obtain appropriate insurance, including Cyber Liability coverage
Cyber Security is Mission Critical
There is nothing more important than protecting our clients’ funds and personal information. It is mission critical for a title company to make security its highest priority in 2022. You can begin today to assess your systems and educate your staff to make sure every possible precaution has been put into place. We hope our Escrow Fraud/Social Engineering White Paper will be helpful in this work.
In addition to the release of the White Paper, Alliant National will provide updated materials throughout the year to help agents understand and respond to the threat environment we face. Of course, we’re always ready to discuss the threats we are seeing, and steps you might consider for your business. Feel free to reach out to your agency representative, or any member of the Alliant National team.
In part two of a three-part series, we continue examining common scenarios agents face when closing real estate transactions.
Previously, we introduced the first of a three-part blog series on the issues agents routinely face during the closing process. The initial entry covered a wide range of issues – from summarizing agents’ fiduciary responsibilities to best practices when dealing with spousal transactions. The second part will continue examining common closing scenarios, including issues related to funding, family transactions and dealing with property and homeowner associations.
Escrow and Funding Issues
When funding a transaction, numerous issues need to be addressed. For instance, clients may want to use foreign currency. These are not “good funds,” and agents should not provide a receipt of funds until they have been sent through their escrow bank’s collection process and credited to its account. What if a party wants the agent to wire funds to a foreign bank? An agent should discuss the matter with management, but typically such a transaction is not recommended.
What about domestic transactions? Automatic Clearing House (ACH) is an electronic network for U.S. financial institutions to process common credits and debits. The ACH is not appropriate for escrow transactions as it lacks the necessary safeguards and reporting mechanisms to meet audit guidelines. Instead, all deposited funds must pass through the agent’s hands via check or authorized wire, or they risk potential scrutiny from state regulators.
Once funded, sale proceeds need to be made payable to the seller in the closing documents. Lender instructions typically include a statement indicating that you are closing and that funding has been carried out following agreed-upon terms. Agents run the risk of violating their duties to the lender if they distribute proceeds to anyone aside from the seller. If the seller is an LLC, proceeds should go to the LLC through a bank. And the LLC may need to set up a bank account if one does not already exist. The same goes for an estate.
Finally, agents may need to address splitting commissions. In Texas for instance, if a broker asks to split the commissions between broker and agent, the agent must have a Commission Disbursement Authorization form, and this form must be disclosed on closing statements or the form T-64.
Family transactions have their own unique complexities. One potential problem is a pretended sale of homestead property, usually based on the assertion of an invalid lien. Frequently triggered by foreclosure or bankruptcy, an assertion is often made that the property is owned by a family member who conveyed the property and not the borrower – invalidating the lien.
A family member sale can qualify as a bona fide sale; however, in a state like Texas, if property is claimable as a homestead, it can be rendered void if the conveyor continues to occupy or intends to use the property for homestead purposes. To be insured, the agent must determine that the property is not the homestead of the selling family member. Of course, it is different if it is a cash sale. There is less concern here and underwriting approval is not needed.
Property Owners’ Association (POA) and Homeowners’ Association (HOA)
Lastly, agents must be attentive when dealing with owner associations such as property owners’ associations (POA) and homeowners’ associations (HOA). Property codes require a POA to provide subdivision information. There can be multiple associations for one subdivision, and fees may have to be charged to get information from all of them. It is a best practice to obtain POA or HOA information on all transactions. Association dues are typically subordinate to purchase money and construction liens; and home equity loans (HELs) may also be subordinate to association dues. Agents must verify this by reviewing the Conditions, Covenants, and Restrictions (CCRs), and may need to obtain a subordination agreement.
When dealing with select lenders, agents may need to get a 60 or 90 letter from the HOA. In Texas, if the dues are not subordinated, the agent cannot provide all the coverage in the T-17 or T-19 endorsements. Agents should also check for violations, and if they exist, collaborate with underwriting if providing T-19 or T-19.1. If an HOA exists but has not been formed, an affidavit may need to be signed indicating its inactivity.
There are many different types of real estate transactions, and title agents need to be well-versed on how the details of a transaction can ultimately affect the closing process. By having a strong foundational understanding, agents can operate more effectively, upholding their fiduciary duties and safeguard their clients’ interests. In the third and final edition of this blog series, we will cover any remaining closing scenarios that agents will likely face throughout their career, including lender-required conveyances, Texas T-47 affidavits and more.
A power of attorney
showing up in the middle of a transaction (or at the end) should be
scrutinized. So should cashier’s checks drawn from geographical areas that
don’t coincide with the seller’s, buyer’s or property’s locale.
Take a look at the
potential red flags below; being aware is half the battle.
Red flags” involving the preliminary title report and title search may include:
by, prepared for, or mailed to a party other than the lender.
seller is not in title (possible purchase disguised as a refinance or improper
owned property for a short time with a cash-out on the sale.
of default is recorded (possible cash-out purchase with a straw buyer or
indicates delinquent property taxes.
indicates modification agreement on existing loan(s).
documents show the borrower or Seller on a purchase is not the owner of record.
For a purchase transaction, the seller
should be the owner of record.
For a refinance transaction, the
borrower on the loan application should match the owner of record on the title
“Red flags” involving escrow
and closing instructions may include:
in the blank” or generic escrow instructions.
of sales prices to “fit” the appraisal.
amounts paid as a deposit/down payment.
or unusual buyer credits or fees.
amendments to the original transaction.
on Closing Disclosure different than seller on preliminary title report.
of “white-outs” or alterations without initials.
to third parties whose lien was not listed on the preliminary title report.
to another escrow.
payment is paid into escrow upon opening.
is paid outside of escrow to property seller.
is “subject to” property seller acquiring title.
acting as the property seller is controlled by, affiliated with, or related to
the applicant or another party to the transaction.
is required to use a specific broker/lender.
of subject property is not subject to inspection.
of attorney used with no explanation.
of attorney is not properly documented/recorded.
After the Exchange of Funds (regardless of the dollar amount of the loss)
Speak with someone who has authority to
reverse or “recall” the wire. This contact may be in your bank’s fraud
department. Note: A best practice is
to identify this contact and establish a relationship with him or her before a
wire fraud incident occurs.
Make sure the bank understands you have been
the victim of a Business Email Compromise (BEC) scheme.
Request a Wire Recall or SWIFT Recall
Ask your bank to fully cooperate with law
local FBI office (https://www.fbi.gov/contact-us/field-offices). The FBI has a number of protocols aimed at
freezing and retrieving funds. They will activate appropriate protocols based
upon the circumstances of the loss. The American Land Title Association has more information on the FBI’s protocol for reversing
fraudulent international wires.
submit a Complaint Referral Form to the FBI’s Internet Crime Complaint Center (IC3). Be prepared to
provide all details related to the transaction including date, amount, the name
of your bank and the beneficiary bank, account numbers, contact information,
Contact the fraud
department at the beneficiary bank to notify them about the wire-recall request
due to the fraud. Provide details and request that the account be frozen.
Alliant National Claims Department by first calling the Claims Manager at (303)
682-9800, ext. 425, and then follow up by emailing applicable information to Claims@alliantnational.com.
When the Money Goes Out, Minutes Count
The 48-hour period following a fraudulent
wire transfer is critical; immediately contacting your bank, the local FBI
office and submitting a complaint to IC3 as described above will increase your
chances of recovering the funds.
Since international wire
fraud has a very low chance of recovery or reversal of the wire, special
precautions are advisable, such as requiring “in-person authorization” from
only those authorized signers on an out-going international wire, and having
such precautionary requirements agreed upon with your bank.
Sales contract “Red flags” indicating potential fraud may include, but
are not limited to:
is dated after the appraisal date.
is subject to an existing lease on an owner-occupied transaction.
includes personal property or prohibited sales concessions.
Sales price is
significantly above or below market value.
contract addenda adjusts the sales price.
not shown as purchaser.
No real estate
agent(s) used, but not paid a fee; or no real estate agent(s) involved at all.
Seller is a
corporation or LLC and the subject property is not new construction.
Seller is an
affiliated real estate agent, trust, relative or employer.
The parties to
the transaction are related by family or commercial enterprise.
is not dated.
deleted from or added to the purchase contract.
is an “option contract.”
was assigned or is assignable.
deposit is an unusually high amount, consists of the entire down payment, or is
an odd amount.
Contract has a
very short inspection period and upon satisfactory inspection, the buyer is to
notify the settlement agent who is then supposed to transfer a large portion or
all of the deposit to the seller (scam is that 10 business days later, it is discovered
that the cashiers’ check is counterfeit after the money has been sent, and the
escrow account suffers a shortage).
Recommendation is to contact the bank or
entity issuing the cashier’s check to confirm that the cashier’s check number
and amount is valid prior to depositing the item in the account. Most banks
will confirm this by telephone. Due to the increasing occurrences of
counterfeit cashier’s checks, most banks have instituted mandatory holds on
cashier’s checks. It is not uncommon for a hold to last up to 10 days (check
with your bank to confirm their policy).
address on earnest-money deposit check is different from that of the buyer.
deposit checks have inconsistent dates, for example:
Check #111 dated November 1
Check #113 dated September 1
Check #114 dated October 1
check is not cashed or is not reflected on the Closing Disclosure.