Over the weekend, cloud-hosting and data security provider Cloudstar fell victim to a sophisticated ransomware attack. Alliant National was not impacted, however the attack has affected many agents across the country.
As a valued partner of Alliant National please know that we will make every effort to assist you and your agency if you have been impacted by this ransomware attack. During this challenging time, we are being as pro-active as possible by contacting customers and offering assistance.
Major title software vendors including Qualia, RamQuest, and SoftPro are offering hosting services to those affected by the Cloudstar attack, and there are other third-party vendors that may be able to help as well.
We have provided Alliant National forms packages to the major escrow software providers so they can be loaded quickly and easily into your environment if needed. The National Operations Center of Alliant National is on standby should you need assistance issuing individual Closing Protection Letters outside of your operating environment. We have our agency teams standing by to help you find a closing solution should you need a closing done to mitigate your reputational risk. In short, if you have a need, please reach out today to your Alliant National contact.
Please know that Alliant National will do anything possible to assist you and your agency if you are affected by this attack.
Additional information about this industry wide outage can be found here.
The world is awash in data. And business owners must protect their customers.
Anyone who has been paying attention over the last couple of decades knows that data is all around us. We can’t see it. We can’t touch it. But it is everywhere, informing how we work, shop, explore and entertain ourselves. Data is also extremely valuable. Advertisers covet our data. And bad actors often weaponize it for identity theft and illicit financial schemes.
It is imperative that business leaders protect their customers’ data. Not only is it the ethical thing to do, but it is also pragmatic. The way businesses use and protect customer data is rightly coming under increasing scrutiny. Additionally, businesses that mismanage customer data can experience significant consequences to their brand and reputation. With such high stakes, it’s important to be knowledgeable on best practices for data protection. Here are some tips to get you started.
Conduct an Audit
The first step toward a comprehensive and proactive approach to protecting your customer base’s data is to gain a full understanding of the various types of data your business holds. Is it social security numbers? Credit card information? Online account passwords? Real estate and title insurance professionals often deal with large amounts of sensitive data. Conduct an audit to ensure that you have a full accounting for everything you and your employees hold.
Understand the Legal Basics
Data protection laws vary depending on where your business is and the industry in which you work. It is wise to invest the time and resources to gain a full understanding of the basics as required by law and as they apply to your specific enterprise. For instance, most people know about the Health Insurance Portability and Accountability Act (HIPAA), the 1996 federal law that stipulates that healthcare insurance industries must protect customer health information from fraud and theft. However, other state-level laws apply to all industries. Become apprised of what is required of you by law when designing data protection policies for your business. There are ample resources online that can serve as an effective primer.
It’s all well and good if you want to take a proactive and fastidious approach to your customers’ data, but if you have employees, you are going to need their buy-in and compliance as well. If a chain is only as strong as its weakest link, then a business can only take a comprehensive approach to data security if it treats it as an organizational priority rather than a siloed effort.
If Possible, Throw it Out
Only keep data you need. Schedule routine reviews of the customer data you are holding and have a process in place to decide when you can safely dispose of it. Considering that you have an ethical and often legal obligation to safeguard customer data, this can be a great strategy for limiting your company’s exposure.
Do What You Can
Protecting customer data can be an expensive and time-consuming effort. In fact, major corporations often spend millions of dollars to secure this information. You may not have access to such resources. However, there are still practical steps you can take to operate a more data-secure shop.
Consider, for instance, limiting employee access to data, only giving them as much information as they need to effectively do their jobs. Be sure to also have a process in place for properly destroying and disposing of both physical and cyber versions of customer data. Lastly, you could even consider looking into a designated server for your most sensitive data. While using a shared server might be more economical, it carries a security risk.
Go the Extra Mile
We know that running a title agency is no easy matter. Time is always tight, resources thin, and sometimes it can feel as if taking on a new initiative will be the straw that breaks the proverbial camel’s back. Still, it’s important to remember that customers are worth the effort. As title professionals, our customers entrust us with some of their most sensitive data, and we must do our best to protect it.
You just received an unusual email from your boss. Better answer it, right? Not so fast.
As an internet user, you likely have some awareness of cyberattacks, and chances are, you may have already been impacted by a cyberattack in one form or another. This is particularly likely considering some of the massive data breaches that have affected large companies over the past few years.
One cyberattack you may be less familiar with, however, is called CEO fraud. CEO fraud is a targeted type of email attack where the scammer poses as the boss and tricks an employee into taking a detrimental action. CEO fraud can affect any type of business, from a large corporation to a small agency. Essentially, if you have a job or work for a company that is larger than just yourself, you are vulnerable to this type of malicious behavior. Here’s how you can be prepared to stop CEO fraud and avoid jeopardizing your company.
The Internet Weaponized
Let’s say you work for a small title agency. There are only a few employees in addition to you and the CEO. A cyber attacker will use the internet to research who your boss is and then create an email pretending to be them. What makes these types of emails especially dangerous is that they don’t contain any malicious links or infected attachments that your average email filtering software will catch. Instead, they appear like your average, ordinary email.
A Fraudulent Sense of Urgency
One of the most defining features of a fraudulent email is urgency. They will urge you to take a specific action right away. These requests are often fiduciary, like handling an invoice, changing payment information, or instructing you to send documents that contain sensitive information.
Two Different Scams
It’s important to take a more granular look into how these scams often work. The first way is wire fraud, a particularly pertinent subject for anyone working in the field of real estate or title insurance. When a cybercriminal is attempting to pull off a scam like this, they will usually spend time identifying those who handle accounts payable and then send them an email pretending to be their boss. The email will direct them to change something about an upcoming money transfer, typically the account where the money will eventually go.
The second way this scam occurs is in the form of tax fraud. In this instance, a similar process will play out, where the criminal will again send someone within your business or organization a fraudulent email pretending to be a superior. The difference this time, however, is that the email will urgently instruct its recipient to send employee tax documents, sensitive information that could be extremely damaging if it fell into the wrong hands.
Stay Vigilant and Stay Safe
Faced with the possibility of such threats, what can an average worker do to practice due diligence and protect themselves or their company from becoming victimized? Most of the time, exercising common sense will be sufficient. But there are also some common signs that can alert you to an email not being on the up-and-up.
Fraudulent emails will almost always be short, with the message consisting of only a few lines of text. They will also mention that the email was sent from a mobile device. They will include instructions that run contrary to your business’s policies, basically conveying that you should ignore standard procedure for the sake of urgency. The actual email address that the message was sent from will also be a dead giveaway. Be on the lookout for any email ending with a common domain name like “@gmail.com” or “@yahoo.com” instead of your company’s email domain name. If you’re in charge at your organization, encourage your employees to give you a call to double check any emailed request from you that may seem out of the ordinary. Practicing these easy steps will go a long way toward helping avoid any potentially dicey situations. Even better, they will alleviate unnecessary stress and let you focus on far more important professional priorities.
Agents should prepare themselves to handle these routine scenarios.
Real estate closings require a delicate balancing act. Not only is speed of the essence, but closings also require accuracy and professionalism. Often there is no time to correct errors, and customers need to feel confident that their transactions are being carried out correctly.
Many issues can arise during the closing process. The following is the first of a three-part series that will explore some of the most common scenarios agents need to keep in mind.
As escrow officers, title agents have fiduciary responsibilities and must act as neutral third parties, impartial arbitrators of contractual arrangements with conditions agreed to by both the buyer and seller. Escrow officers do not make decisions regarding a transaction and do
not advocate for any one party. Instead, they ensure that written instructions are carried out properly.
Within this purview, there are a variety of common issues that may arise during closings. Issues can and do vary state-to-state. In Texas, for example, one such issue is determining who has authority to act for an entity, with a pertinent example being an LLC. When dealing with this type of entity, agents will need to review operating agreements. In the absence of an agreement, a certificate of authority can be examined. These certificates are helpful when dealing with sole manager and member LLCs.
For corporations, agents should examine bylaws and subsequent amendments, and shareholders may be required to sign an affidavit. Nonprofits and churches conduct business differently. But in each context, the agent only needs to be concerned about authority when money is being borrowed or the entity is the seller.
Another authority question is power of attorney (POA). This is also mandated by state law. In Texas, agents must accept, reject or request a certification when presented with one. In reviewing a statutory durable power of attorney (DPOA), agents need to analyze if the powers have been limited, if it is durable and review the revocation clause. It is advisable to rely on a DPOA until there is a notice of revocation. As a best practice, certification for statutory DPOA should be required. The agent should also call the principal to verify if they are alive, that the POA has not been revoked and that a POA is being used to sell property. With trusts, it is prudent to maintain a full copy, and in its absence, obtain the certification of the trustee.
Given the sheer volume of paperwork in real estate closings, data security is important. When possible, personal customer information should be heavily redacted. And all company policies should also be adhered to when processing this information.
Spouses and Marital Status
First, each state has its own spousal and/or marital law that dictates how agents must address issues. Be sure to familiarize yourself with the laws of your state.
In Texas – again, as one example – agents must be prepared to address transactions where only one spouse is listed in the title. Anyone with an interest in the property should be checked for involuntary liens and sign the deed. The marital status of the parties should be questioned if only one party is given as the seller, buyer or borrower.
With a married couple, both spouses must sign a deed of trust. If an agent is insuring a purchase money lien and one spouse is taking the title, an agent may accept a deed of trust signed only by the purchaser. The warranty deed is also required to include the vendor’s lien language. If the property belongs to one spouse while the other spouse lives in another property, one signature can be accepted and a Homestead Designation and Disclaimer will be executed.
In a sales transaction, agents should investigate the possible homestead character of the property, inquiring if there is an exemption and if the property address is the mailing address of the individual(s). The residency of the individuals should also be established. Sometimes a deed will be accepted signed solely by the spouse in the title, especially if permission is received by underwriting beforehand. It is necessary, though, to discern that the property to be insured is the separate property of one spouse and not the other spouse’s home, and a Homestead Designation and Disclaimer will need to be executed.
When dealing with spouses, it is always important to compare the sellers and buyers on the contract with the grantors and grantees on the deed – and to resolve differences. Some examples are:
- The contract shows the buyer to be Joe Smith, but the grantees on the deed are Joe and Mary Smith.
- The title is vested in and signed by Fred Farmer. The deed of trust is signed by “Fred Farmer and Susan Farmer pro forma to perfect the lien as to her homestead interest only.”
- The title is vested in Harry Jones, but the note and deed of trust are signed by “Harry Jones and Cindy Jones.”
In the first example, the contract should be amended to add Mary Smith if she plans to take title. The case of Fred and Susan Farmer would be acceptable if there is evidence on file that the property is Fred’s separate property – either acquired before his marriage to Susan or inherited. Lastly, there is not much to worry about regarding Harry and Cindy, as this is a preferable way to handle the situation.
Numerous issues can pop up during closings, from entity authority to navigating transactions involving spouses. Agents can do a lot to circumvent any thorny problems. It starts with understanding the most common scenarios that arise during the closing process and then being prepared to take prompt and deliberate action. The next part of this series will continue to explore various challenges agents may face during closings, covering items such as funding and family transactions.
As technology advances, so does the deception
The pandemic has amplified the number of scams and email attacks on individuals, companies and organizations. People are already in vulnerable places emotionally, socially, physically and mentally; Covid has only intensified fright and flight instincts. We are constantly interrupted by additional stressors.
What might have easily caught your attention on an invoice, bill or receipt, can now slip by when the mind is overwhelmed with the stress of daily life. The way people receive goods, bills, invoices and confirmations has changed during the pandemic.
Be proactive and take one worry off the list by preparing yourself and educating your clients, friends and family about current email scams. Here are four ways to identify obvious scams when shopping for company or personal resources.
When opening an email, especially one that is unexpected make sure to check the sender address. This can be the first and last stop when identifying a scam. Do you order from Amazon or Office Depot often for your business? Typically, large companies have a very streamlined and identifiable confirmation process. It might have a logo, a reprint of your order, package tracking information, etc.
Most companies have emails such as a “confirmation@” or “receipt@”, and then the company. If your typical confirmation is now coming from a different sender or source, this is a red flag. Most purchases are automated; therefore, an email about a package and confirmation that is not expected or sent at strange times is also a red flag.
The schoolteachers’ philosophy holds true: If it isn’t written correctly, it’s not correct. Many scams originate from outside of the United States and come from people who have never spoken English, or who might have only slight knowledge of English grammar and mechanics. This lack of familiarity with the language or even cultural communication can be extremely evident from the outset of the email. Unusual forms of personal address or improper labels are a signal of deceit.
Legitimate order confirmation emails should be free of spelling and punctuation errors, or words swapped for one another such as “their” and “there.” If you find such an error, take it as a signal that this email is likely a scam.
Many people are already well versed on email scams that direct you to a link. Most know not to click the link. Use this same strategy when reviewing your confirmation and order. You are usually able to scan over the item or photo and it should direct you back to the home site, whether you were shopping on Home Depot, Office Depot or Amazon. If it directs you to another site, and you can confirm this by hovering your mouse over the link, then it’s a scam. Contact your original purchaser immediately.
Most online retailers have the shopping, shipping and receipt process dialed in. Communications are auto-formatted and the email confirmation arrives in a clear, itemized order. Often items – the exact photo of the item and its link – can be found on an email confirmation.
Order receipts or requests for further action that are formatted in a strange manner should raise your suspicion. Are they asking you for additional shipping payments? Did they add your taxes incorrectly and are trying to collect? Do not fall victim to these scams. Your receipt of purchase should be clean, neat and easy to read and reference. If something is strange, then this is an identifier of a scam. In the end, trust your instincts. If something looks off, it likely is. Don’t be afraid to back out of an email or a link that feels like it might be fake. You know when something looks and behaves unlike the norm. Trust that and help yourself and your business stay safe.