Posts Tagged ‘escrow security’

Conceptual graphic showing multi-factor authentication

Use Your IT Stack to Combat Fraud

Some say the only constant in life is change. When it comes to real estate transactions, it seems there is one other constant: the potential for fraud. Given how widespread and persistent this problem is, title agencies can’t leave any stone unturned when it comes to fraud prevention. They must take a hard look at their operations to understand where they might be vulnerable, and that includes their IT stack. Let’s review how you can make sure your technology systems benefit your anti-fraud efforts.

The pros and cons of a connected world

Our ever-digitalizing world has led to unprecedented productivity gains. Yet, it has also paradoxically made key processes like fraud prevention more difficult to manage. Several factors contribute to this. For one thing, modern title agencies have many more attack vectors than they once did. For another, modern criminals have adopted advanced methods to carry out their schemes, such as phishing, e-signature exploitation and synthetic identities. These threats make it more important than ever to ensure your tech stack is built to deter fraud.

Multi-factor authentication  

One of the best ways to prevent fraud with your tech stack is through a simple and straightforward technique: Multi-factor authentication (MFA) is a security mechanism with which you are likely already familiar. In fact, I would be willing to bet you have an entire text chain made up of confirmation codes for various online accounts. MFA offers a critical layer of security by requiring an extra sign-in step for sensitive digital platforms.

When your systems are equipped with MFA, bad actors will be unable to authenticate themselves, even if they have the correct login credentials. New advances like dynamic MFA further harden your security perimeter by verifying that stakeholders are located where they say they are.

Here are some important best practices when using MFA:

  • Implement and require MFA on all systems that deal with client, financial and/or property data.
  • Also, require it for mission-critical transactions or changes to any important system settings.
  • Remember, MFA is not a set-it-and-forget-it scenario. Staff must be continually educated, and new MFA technology updates should be implemented as soon as they become available.

Establish comprehensive encryption

Beyond MFA, there are several other ways to create a more secure tech stack. One of the most important is encryption. Utilizing strong encryption is a proven security method that serves as a protective barrier between your company’s mission-critical data and unauthorized user access. To maximize its benefits, sensitive files should be encrypted when they are both “at rest” and “in transit.” Here’s what that means:

  • Data “at rest”: Data that is “at rest” simply means data that is stored in a single location. This can include both physical locations like hard drives or USBs and digital ones like cloud storage servers or databases.
  • Data “in transit”: Data that is “in transit” refers to data that is moving from one device or storage location to another. Some examples include, but are not limited to, emails, file transfers, instant messages, video calls, online transactions, or VoIP.

Encryption brings significant security benefits in each scenario. When data is at rest, encryption ensures that it remains unreadable even if the physical or digital location is compromised. Similarly, encrypted data in transit cannot be intercepted or used for nefarious purposes without the interceptor possessing the decryption key.

There are several best practices to consider when implementing encryption:

  • Use strong encryption algorithms like the Advanced Encryption Standard (AES).
  • Properly secure your decryption keys.
  • Encrypt both active and backup files.
  • Deploy encrypted communication methods, particularly when communicating with parties outside of your network.
  • Conduct regular audits and training to ensure compliance with industry regulations and standards.

Other security measures you need to know

While MFA and encryption are two important pieces of your security puzzle, they are also just the tip of the iceberg if you want a security stack that can truly keep fraudsters at bay. Creating a “cybersecure culture,” putting together a disaster recovery plan and availing yourself of new security solutions like endpoint threat detection are all important parts of a comprehensive security approach.

Final thoughts Ever-increasing digitalization in the workplace has been both a blessing and a curse. Each new gain in productivity and profitability has also brought new concerns about security and stability. Yet, we are not without options. While it’s impossible to make tech stacks completely immune from fraud, strategies like MFA and encryption can help you enjoy more of technology’s advantages while minimizing its risks.

Cybersecurity & Infrastructure Security Agency Cybersecurity Awareness Month 2023 banner

Top 5 Cybersecurity Issues for Title Professionals

Today’s title professionals face ever-increasing cybersecurity threats, all of which can cause major disruption and economic loss. With October being Cybersecurity Awareness Month, now is the perfect time to review the latest trends affecting our industry and understand how to mitigate some of the top challenges.

I.  Wire fraud remains number one

Wire fraud continues to be the number one threat to title agents, their customers and the vitality of their business. According to the latest FBI reports, the average cost per wire fraud incident is nearly $200K, and the total number of incidents recorded this year will likely break records.

Take the following actions to derail some of the most common schemes, including phishing, business email compromise and social engineering:

  • Use multi-factor authentication (MFA) for system access.
  • Ensure the latest security patches are promptly installed. Read our tips on keeping programs updated consistently.
  • Consider upgrading your antivirus protection with endpoint detection and response (EDR), a dynamic tool that leverages AI technology to reinforce your security.

II. Watch out for fraudulent sellers

Seller theft, one of the most significant emerging threats, involves a scheme where the seller’s identity is falsified, leading to a bogus and fraudulent sale. There is no shortage of information online regarding real estate transactions, making it easy for thieves to obtain these details. Here are some of the best strategies for combating these fraudsters:

  • Use encryption to protect communications and all identifying information, including emails and data that is “at rest,” that is, data housed physically on a given computer storage device.
  • Verify and validate identification through available electronic tools.
  • Confirm and reconfirm throughout every step of the transaction. Slow down. Take time to verify.

To reduce fraudulent transactions and lower premiums, Alliant National has initiated a crime watch program, which incentivizes policy-issuing agents to detect and prevent illicit activity. Learn more about the program and get involved.

III. Privacy remains the focus

Ten states have now enacted comprehensive privacy laws. Six have passed laws this year alone, with Texas being just the latest to do so. All 50 states now have data breach reporting laws. Many statutes impose a significant daily fine for late notice or a private right of action for failure to comply and negligence.

What all these legislative moves imply is that privacy and sensitive data protection remains at the forefront of our industry. Title leaders must ask themselves if they are staying current on the latest technologies and techniques to guarantee end-to-end data protection, including:

  • Developing a written security plan and devoting the necessary time and resources to ensure employees are trained sufficiently. maintaining complete records is important as well.
  • Encrypting sensitive and non-public information, which is essential to protect against unauthorized access and breaches.
  • Knowing and abiding by your state-specific breach reporting requirements.

IV. Practice secured electronic document storage

Title agencies routinely deal with electronic documents that contain large quantities of sensitive information and which represent a highly attractive target for today’s criminals. In fact, according to recent research, “88% of organizations worldwide were experiencing spear-phishing attempts in 2019. And 68% of business leaders felt their cybersecurity risks were drastically increasing.”[i]

Here are some principles to help keep these bad actors at bay:

  • Ensure you are applying encryption to protect digitally stored documents.
  • Perform periodic backup and recovery tests to ensure the availability and integrity of stored records.
  • Maintain and test disaster recovery and business continuity plans.

V. Adhere to all regulations

Regulatory compliance requirements have increased and will continue to evolve to address shifting cybersecurity and consumer privacy issues. Stay abreast of some of the most pressing changes to the landscape:

  • The current patchwork of complex state privacy and data breach laws is expected to continue growing without any expected federal legislation.
  • The Gramm-Leach-Bliley Act (GLBA) has been updated for the first time since the early-aughts to address data security and privacy. Modifications to the law’s security safeguard rules are going into effect in June 2023 and will be enforced by the Federal Trade Commission.
  • The National Association of Insurance Commissioners (NAIC) has released a draft of proposed 2023 privacy protection requirements modeled after the California Consumer Privacy Act (CCPA) and the New York State Department of Financial Services (NYDFS).

Taking action can keep you safe

Wire fraud. Seller falsification. Regulatory compliance. It seems like every day there is a new thing for the busy title agent to worry about. Staying apprised of the latest news and best practices, however, can help, as can seeking out the expertise of an experienced technology provider. Taking these steps, along with carrying comprehensive insurance for cybercrime and liability, can reinforce your security posture for maximum protection.

For more tips on building a safe and secure title operation, check out our other blogs focusing on IT.


[i] 2020 State of the Phish: An in-depth look at user awareness, vulnerability and resilience (proofpoint.com)

Escrow Fraud/Social Engineering cover

The #1 Tool for Recovering Diverted Funds: Your Wire Fraud Response Plan

Every wire fraud defense expert says the number one factor in recovering diverted funds is time. Every minute counts when fraud has been detected, and hesitations or delays can impede efforts to track down and restore lost funds.

That’s why a Wire Fraud Response Plan is imperative for every title agent.

Before you create your plan, or if you are undergoing a review of your current plan, we encourage you to download Alliant National’s recently updated Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips white paper. This 23-page guide provides an in-depth review of the current schemes and offers a wealth of tools and resources for building a strong defense against fraudsters.

Here are some things to consider when creating your response plan.

Elements of a Wire Fraud Response Plan

The first step in preventing wire fraud is to maintain policies and procedures for verification of wire instructions for the protection of everyone involved in the real estate transaction.

But should the unthinkable happen, remember that the most successful response strategies are those established well in advance and communicated to staff members and your bank.

Like a well-trained sports team, every member of your team must know their role and be prepared to leap into action.

General protocols

  • Establish a close relationship with your bank representatives and continually dialogue regarding updated fraud threats.
  • Discuss wire retrieval scenarios and establish emergency contacts in the bank’s fraud department, whom you can call at a moment’s notice day or night.
  • Download and fill in the Wire Fraud Contacts form in our Escrow Fraud/Social Engineering white paper and provide it to staff members charged with addressing suspected fraud.

Action steps

  • Notify management the moment suspicion arises that a wire may have been misdirected.
  • If funds have been transferred to the receiving bank and cannot be recalled, ask your bank (the sending bank) to formally request that the receiving bank freeze the funds.
  • Agents may also attempt to directly contact the receiving bank to ask that the funds be frozen.
  • Contact local police in your jurisdiction and the jurisdiction of the receiving bank.
  • Report the fraud immediately to your local FBI office.
  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
  • Contact the underwriter involved in the transaction. Alliant National is available to help you evaluate the situation.
  • Contact your corporate attorney to let him or her know about the events taking place.
  • Depending on the nature of the fraud, contact the appropriate insurance provider (Cyber-Liability, Escrow Security Bond or Errors & Omissions).

Putting all of these resources in motion immediately can be extremely useful, as anyone of these professionals or organizations may have information that could assist you in recovering your funds.

IC3 may be one of your most important contacts. In 2018, IC3 established its Recovery Asset Team (RAT) to streamline communications with financial institutions and FBI field offices to assist freezing of funds for victims.

In 2021, RAT initiated the Financial Fraud Kill Chain (FFKC) on 1,726 Business Email Compromise (BEC) complaints involving domestic to domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, which represents a 74% success rate.

The efficiency of this organization’s work is largely dependent on the speed with which they are advised, so it’s critical that they be an important part of your Wire Fraud Response Plan.

Even the most vigilant companies may fall prey to fraud, but putting protocols in place can greatly reduce your exposure and give you a pathway to recovering lost funds.

As always, call your Alliant National underwriting team if you have any questions or concerns. We are here to help!

banner of the Alliant National Crime Watch Program flyer

Prevent Fraud and Get Rewarded at the Same Time

Alliant National’s Crime Watch Program creates a formidable partnership to fight fraud.

There is no other way to say it: Real estate fraud is a major problem in the United States. According to the National Association of Realtors, nearly 14,000 people were victimized by real estate fraud in 2020 alone.[i] Combatting this growing threat requires strong partnerships, and Alliant National’s Crime Watch Program seeks to foster such partnerships by rewarding Alliant National agents who prevent fraudulent closings. 

The program has produced real results over the years. In this blog, we will look at a recent detection and prevention of a fraudulent transaction by Siesta Title and Escrow Services LLC.

Alliant National Agents on Crime Watch

Alliant National offers a $1,000 reward to Alliant National agents who help prevent a fraudulent transaction from closing. The company created the program to help raise agents’ awareness of potential fraudulent transactions and to reduce the overall cost of claims.

To qualify for consideration to receive a reward under the Crime Watch Program, an agent must satisfy a few requirements:

  • The reporting agent must be an active Alliant National agent in good standing.
  • The agents must prevent a fraudulent transaction or forgery involving a real estate transaction that was intended to be insured by Alliant National.
  • In the case of forgery, the intended forgery must include the falsification of a signature with an intent to defraud.
  • The Crime Watch Nomination form must be executed by an owner/manager.
  • All available and relevant documentation – including evidence showing that the transaction was to have been insured by Alliant National – must be submitted to the appropriate Alliant National State or Regional Agency Manager along with the Award Nomination form.

The submission form and all relevant documentation will be reviewed by the company and a final determination will be made.

Siesta Title Spots Suspicious Activity 

Siesta Title and Escrow Services LLC, a title agency headquartered in Port Charlotte, Fla., recently submitted a suspected fraud to Alliant National. Their story underscores the importance of Alliant National’s Crime Watch Program and how collaboration between agents and underwriters can help stop fraud.

The property in question was a vacant lot in Port Charlotte that had been owned by a Canadian man for 30 years. Quite quickly there were communication problems and other warning signs that something about the transaction was amiss.  

“The seller was hard to reach from the beginning, did not respond to emails and only called once, but it was a horrible connection,” said Amanda Pertuch, the submitting agent. 

Some of the other indicators that tipped Amanda off to the questionable nature of the transaction included: 

  • The purported seller having suspicious-looking ID 
  • The purported seller’s wiring instructions going to a foreign bank
  • The purported seller’s letterhead having an address associated with a vacant lot
  • The purported seller not having a bank account in the same country where he holds citizenship
  • The notary on the closing documents was already on Siesta’s fraud alert list 
  • The purported seller not showing up in any Google searches  

Following verification by Amanda’s manager and Alliant National, the suspected fraud was confirmed, and the transaction was cancelled. The proposed liability amount for the transaction was $160,000.   

“I’m glad and relieved that we were able to catch this fraud attempt,” said Pertuch. “Anti-fraud programs are important for our industry to keep claim costs under control. I’m happy Alliant National and Siesta Title were able to take care of this quickly and efficiently.”

Important Reminders

If you suspect fraud, notify your manager immediately. Your manager may investigate further and will determine next steps. Under no circumstance should suspicions be communicated to outside parties without prior approval from your manager. 

Fraudsters will often attempt to speed the transaction along; do not let them succeed. If you suspect fraud or forgery, conduct a full investigation before proceeding to close the transaction and issuing the policy.

Managers should contact Alliant National underwriting or claims for further assistance.

Working Together, We Can Limit Fraud

Alliant National is committed to limiting fraud and lowering claim costs. However, we can’t do it alone. Just as our ability to deliver high-quality title insurance hinges on our partnerships with agents, so too does our capability to detect and thwart fraud. And as Siesta Title and Escrow Services’ work shows, when those partnerships work, real results that reward agents and protect transactions are indeed possible.  

  [i] Wire Fraud (nar.realtor)

FBI internet crime report 2021 with dark blue ALERT next to it

FBI IC3 Report, Russian Cyberattacks Put Companies on High Alert

The FBI’s Internet Crime Complaint Center (IC3) 2021 report released in March highlighted an “unprecedented increase in cyberattacks and malicious cyber activity” resulting in a dramatic escalation in financial losses.

In 2021, IC3 received 847,376 complaints from consumers and businesses – a 7% increase from 2020 – with potential losses exceeding $6.9 billion. Most significantly for the title insurance industry, business email compromise (BEC) schemes resulted in losses of nearly $2.4 billion, up 33% from 2020.

In its report, the IC3 identified Russia as a hot spot for cyberattack actors in 2021. In recent weeks, the risk of those cyberattacks has grown exponentially in retaliation for the many sanctions imposed on Russia following its invasion of Ukraine on Feb. 24.

On March 21, President Biden released a statement highlighting the imminent threat to our nation’s cybersecurity. That same day, Deputy National Security Advisor Anne Neuberger said in a press briefing, “We’ve previously warned about the potential for Russia to conduct cyberattacks against the United States, including as a response to the unprecedented economic costs that the U.S. and allies and partners imposed in response to Russia’s further invasion of Ukraine. Today, we are reiterating those warnings, and we’re doing so based on evolving threat intelligence that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States.”

These imminent threats are a reminder of how important it is to take the necessary steps to protect your agency and your customers.

Alliant National has just released a white paper titled Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips to provide our agents with information, risk factors and protocols that will help you partner with consumers, real estate agents and lenders to defend against the fraudsters.

In addition, the Biden Administration released a Fact Sheet, urging companies to take immediate steps to protect their systems, including:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
  • Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities
  • Change passwords across your networks so that previously stolen credentials are useless to malicious actors
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
  • Encrypt your data so it cannot be used if it is stolen
  • Educate your employees on common tactics that attackers will use over email or through websites
  • Encourage employees to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents

The Biden Administration also encourages IT and security leaders at all companies to visit the websites of CISA and the FBI to access technical information and other useful resources. These heightened threats represent a clear and present danger for all of us. We encourage all of our agents to download the Alliant National Escrow Fraud/Social Engineering today and share this information with your staff and customers.

Escrow_Fraud_2022-cover

Download the Alliant National Escrow Fraud/Social Engineering

Let's Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM