Posts Tagged ‘fraud’

Business Email Compromise/Email Account Compromise

Business Email Compromise/Email Account Compromise (BEC/EAC). (part2)

(It’s a lot to say – SupercaliFRAUDulisticexpialidocious)

Email can be sinister. It can encourage changes (not authorized, not legitimate), it can “warn” recipients of dire circumstances if instructions are not followed, it can be shaped and branded to look like an institution all parties are familiar with, and it can assist in fraud that involves any number of untoward outcomes – like clients’ and institutions’ funds being pilfered.

The U.S. Government has a phrase for such criminal action: Business Email Compromise/Email Account Compromise (BEC/EAC). That wordy title speaks to two crimes.

Download Our Fraud Detection Guide for Agents

BEC scams are carried out by compromising legitimate business email accounts. The EAC component of the scam refers to the targeting of consumers and the lenders, real estate professionals, attorneys and others who serve them.

More information on BEC/EAC fraud prevention and recovery can be found on our Education page.

It can be daunting to try to wrap one’s brain around every single possibility and scenario that could trip someone up – and trick someone into giving away information that affords a thief the opportunity to steal funds.

Below is a list that, while not necessarily “completely memorizable” – even if studied, can serve as a red flag for knowing when something is awry.

It can serve as warning to be wary of the many and various paths that crooks can take to defraud legitimate people conducting real estate transactions.

  • Exercise extreme caution when weighing any request to change wire instructions. Encourage all parties to do the same.
  • Be wary of any email, phone call or other communication that involves threats, high pressure language (e.g. markings, assertions, or language designating the transaction request as “Urgent,” “Secret,” or “Confidential,”) or warns of “dire consequences” if immediate action isn’t taken.
  • Be wary of emails with missing or unusual subject lines.
  • Be wary of any request to change wiring instructions, especially any last-minute requests.
  • Be wary of emails that include poor spelling or grammar, are overly formal or that are written in a style uncharacteristic of the purported sender. Also, beware of emails that misuse industry terminology, for instance, references to the “HUD” instead of the “Closing Disclosure”.
  • Be wary of any unexpected emails or requests, including internal requests purportedly from executives or others.
  • Be wary of emails sent at odd hours.
  • Be wary of any communication seeking to confirm information the purported sender should already have.
  • Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via a personal email address, it’s best to verify the legitimacy of the request via other channels.
  • Review monthly escrow statements from the Receiving Bank (the one holding the agent’s escrow account) as soon as available to verify that all expected funds have actually been received.
  • Have a written agreement in place with the Receiving Bank (the agent’s bank which holds the escrow account and receives the agent’s payment order) that the Receiving Bank will match all names, addresses, account numbers, routing number and beneficiary bank name on the payment order with where and to whom the funds are actually sent. Or put instructions on the payment order for the Receiving Bank to verify authorization by matching all of this information.
  • Emailed transaction instructions directing wire transfers to a foreign bank account that has been documented in customer complaints as the destination of fraudulent transactions.
  • Emailed transaction instructions directing payment to a beneficiary with which the customer has no payment history or documented business relationship, and the payment is in an amount similar to or in excess of payments sent to beneficiaries whom the customer has historically paid.
  • Emailed transaction instructions delivered in a way that would give the financial institution limited time or opportunity to confirm the authenticity of the requested transaction.
  • Emailed transaction instructions originating from a customer’s employee who is a newly authorized person on the account or is an authorized person who has not previously sent wire transfer instructions.
  • A customer’s employee or representative emailing financial institution transaction instructions on behalf of the customer that are based exclusively on email communications originating from executives, attorneys, or their designees when the customer’s employee or representative indicates he/she has been unable to verify the transactions with such executives, attorneys, or designees.
  • A customer emailing transaction requests for additional payments immediately following a successful payment to an account not previously used by the customer to pay its suppliers/vendors. Such behavior may be consistent with a criminal attempting to issue additional unauthorized payments upon learning that a fraudulent payment was successful.

Review and revisit this list of tips when handling suspicious wire requests, before the exchange of funds takes place.

  • Verify all wire instructions with an alternate method of communication.
  • Check emails to ensure the sender’s address has not been altered. Fraudsters typically use email addresses that closely resemble a seller’s (or any party’s) actual email address.
  • Do not open unknown or unverified hyperlinks or downloads. Tip: Hovering your mouse over the sender’s email address may reveal a different email address. Caution: Do not hover over unknown links within the body of a suspect email. Security experts formerly recommended hovering as a way to determine the validity of such links. However, newer strains of malware may infect a computer when the user merely hovers over the link.
  • Delete unsolicited emails from unknown sources.
  • In the case of an invoice, verify any changes in vendor payment location and confirm requests for transfer of funds.

Download Our Fraud Detection Guide for Agents

Mortgage Fraud Red Flag

Flagging Fraud (Part I): Know These Indicators of Transaction Fraud

Every year the U.S. government comes out with a growing list of warnings on cyber fraud, real estate fraud, email fraud – the list goes on.

on cyber fraud, real estate fraud, email fraud – the list goes on.

Some warnings are common sense: delete suspicious-looking emails, don’t give away banking information or social security numbers, never wire anyone money without triple checking – and then checking again.

We’re committed to ensuring that all independent agents have every new (and standard) information source available, even as the rules and the threats multiply and expand almost every month.

Download Our Fraud Detection Guide for Agents

In this first installment of a multi-part series on Flagging Fraud, we take a look at some of the red flags involving parties to a real estate transaction.

Red Flags

Learn or at least become familiar with red flags that could well indicate something is awry in any real estate transaction.

Some title fraud may be detected by agents before the transaction closes.

Rather than memorize, regularly reviewing this list will help you and all those involved in your transactions be aware of potential fraudulent components:

  1. Releases of prior mortgages recorded before or independently of the closing of a new loan with no source of payoff funds.
  2. Many recent transactions and/or re-recordings.
  3. Recent change in title, especially one without concurrent financing.
  4. Releases recorded out of sequence.
  5. Sale of property subsequent to or concurrent with a divorce.
  6. Quitclaim deeds with no consideration.
  7. “Intra-family” deeds.
  8. Parties to the transaction are affiliated.
  9. Document not prepared by an attorney or title company.
  10. Document looks non-standard.
  11. Power of attorney with Grantee signing as Attorney-in-Fact.
  12. Prior signatures indicate failing health or physical deterioration followed by a healthy, strong signature.
  13. Bargain purchases—policy amount much higher than purchase price.
  14. New mortgage amount much higher than purchase price.
  15. Property seller is an LLC/entity/corporation.
  16. Appraisal looks questionable (e.g. indicates recent sale/listing activity at significantly lower price; comparable sales are previously flipped properties).

Download Our Fraud Detection Guide for Agents

businessman punching and breaking the word RISK

Increased Risk Means We Need to Increase Training

Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.

A cyberattack is a malicious and deliberate attempt by and individual or an organization to breach the information system of another individual or company, seeking benefit from the disruption, ransom, or theft of data.

This electronic threat is increasing in frequency and complexity and has become very expensive to remediate or to recover from.

Here’s the surprise – almost 90 percent of cyberattacks are caused or allowed by human error from the internal staff of the entity attacked.

This includes failure to follow security rules and protocols, sharing passwords, using weak or default settings, and falling victim to social engineering.

Even the large events such as the hacking at Equifax and Target, were caused by failure to follow the rules regarding administrative password settings, human error.

So whether your business is large or small, you need ongoing, strong training and testing to counter the threats.

Recent survey results of a survey of title insurance professionals by the American Land Title Association show a surprisingly small amount of agents are conducting ongoing staff training, and most do it once when they hire an employee.

This is a recipe for eventually becoming a victim of electronic fraud.

There are simple yet effective steps to take to counter the increasing threats by taking a strong defense, and it starts with regular training and testing to remove or reduce the human error element.

Here is what to do to put a training and test plan into action:

  • Ensure new hires are introduced to and educated on information and data security policies and procedures as well as how to protect nonpublic personal information (NPI) and sensitive information. Emphasize to them the “why” so they fully understand the shared responsibility nature. This should be a core part of their orientation and on-boarding.
  • Set and schedule ongoing training for all employees at every level commensurate with the size of the staff and complexity of your business. This should be monthly, quarterly or semiannually.
  • At a minimum, cover controls over access (passwords; pass phrases; multi-factor authentication), network and data distribution (including never using non-secured networks for conducting business such as those in cafes/hotels/airports), phishing and spear-phishing, and never use a general email service like Yahoo or Gmail when sending NPI or sensitive information; social media and social engineering.
  • Require security measures for smart devices (smart phones, and in particular Androids, account for a large percentage of data breaches).
  • Explain the implications of data loss, which includes reputational hits and potential fines and penalties and law suits.
  • Focus on all media forms – hardcopy as well as electronic – and include proper handling and protection from receipt through handling to secured destruction.  
  • Training may be done with internal documents or you may use a third party to conduct the training (i.e. Data Shield; KnowBe4).

  • After the training, use a quiz to gauge how well your employees understood the material.
  • Develop or use a third party to conduct ongoing, regular internal testing such as phishing or spear phishing testing (i.e. KnowBe4 is one vendor who can provide you this tool). Depending on the results, you may then make appropriate changes and re-focus your training to deal with any weak or weaker topics or areas.
  • Provide a single point of contact the employee may turn to with questions or to report any suspected suspicious attempts to obtain information or data (electronic or by phone).
  • Keep records of the training and attendees and testing results. This will be needed to demonstrate good faith, to meet many state requirements – and it’s a best practice.

Last, keep up-to-date on emerging threats and vulnerabilities and provide updated training to employees to be sure they understand new risks or new controls and why they are important; employees must know how to recognize and report threats to stay vigilant.

This will keep your training and testing current and fresh and serve as a continual reminder to your staff. Remember, this is a marathon, not a sprint. Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.

Alliant National People

PropLogix’s Title Industry Insights for 2019 Features Alliant National’s Jeff Stein

Alliant National’s Regional Counsel Jeff Stein was a featured contributor in PropLogix’s Title Industry Insights for 2019.

For the article, title insurance leaders share perspectives on topics that should be top of mind for settlement agents in 2019.

The story explores strategies and practices for title agents, including wire fraud prevention, marketing, e-closings and blockchain.

Download Report
news analysis gray

IRS Warns of Tax Transcript Email Scam

ALTA TitleNews Online Archive
November 29, 2018

The Internal Revenue Service and Security Summit partners recently issued a warning about the surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware.

The scam is especially problematic for businesses whose employees might open the malware because the software can spread throughout the network and potentially take months to successfully remove.

Known as Emotet, this malware generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents.

In the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”

These clues can change with each version of the malware. Scores of these malicious Emotet emails were forwarded to phishing@irs.gov.
recently.

The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment.

If using a personal computer, delete or forward the scam email to phishing@irs.gov.

If you see these using an employer’s computer, notify the company’s technology professionals.

Reprinted with permission from the American Land Title Association.

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for the Independent Agent®