The message below was distributed by the Florida Land Title Association and the president of the New Orleans Metropolitan Association of Title Attorneys.
Please Help—Email Scams and Closing Transactions
DON’T LET IT HAPPEN TO YOU!!!
August 5, 2015
As we are all in the business of handling buyers’ and sellers’ information, including sensitive data (NPPI), and we often forward sensitive data such as names, addresses, bank account information, wire instructions, etc., PLEASE BE AWARE OF AN INDUSTRY PROBLEM WE FACE RIGHT NOW.
Hackers, email phishing, and other cyber related crimes are at an all-time high right now, and HACKERS HAVE TARGETED REAL ESTATE TRANSACTIONS-and real estate AGENTS in particular- in an attempt to defraud lenders, real estate brokers, title companies and law firms.
Several agencies have been the victims of multiple attempts to change wiring instructions and funding authorizations and switching checks to wires last minute and wires to checks. At times, it was not easy to determine that they were communicating with the actual party to the transaction. Email services such as AOL, YAHOO, HOTMAIL, GMAIL, etc. offer LITTLE TO NO PROTECTION in terms of encryption and security measures.
Recently, agents havehad numerous transactions in which a fraudulent email COMES FROM THE REAL ESTATE AGENT’S account, which starts the misdirection process in an attempt to provide changes to wire instructions.
In one instance, the hacker created an email address “firstname.lastname@example.org,” and persistently communicated with the seller during the transaction, trying to extort money, stall, and retrieve sensitive information from that seller. In another, the hacker created a similar email domain of the title company, along the lines of “______@ABCTITLE.com,” which was altered to“____@ABCCTITLE.com” with the email signature line of the actual settlement agent, and used to send the BUYER’S alternate wire instructions or funding procedures in order to misdirect the funds to fraudulent banking accounts.
Another recent occurrence involved a local area agent, who represented the buyer in a cash transaction. The seller chose a smaller, out of area title agency, and the title agency’s email was similarly duplicated, fooling the buyer into wiring to a fraudulent account.
In such situations, there is limited or no coverage, title insurance (as it is not yet bound) or E&O. Cyber theft insurance in some cases does not apply, as it covers only if the ACCOUNT is hacked, and not if a party is fooled into sending.
YOU CAN TAKE (some) ACTION. Some newer insurance products are available. One, called a “Social Engineering Policy,” can cover some or all of your loss, up to the limit of the policies, but is combined with additional coverages from various other policies (Fidelity, E&O, etc). Please consult your professional liability carriers for more details.
In order for our industry, and ALL Settlement Providers to provide good service, timely communication, and timely funding to parties, it is crucial for us to know the information provided is accurate. We have (as an industry) now adopted additional measures, including Best Practices, encrypted emails (logins with user names and passwords), and more verification steps in order to protect our clients and consumers.
We urge you to please make sure you are doing the same, by protecting yourselves, your emails and identities, as well as your clients’, and invest in scanning software, higher levels of security, anti-virus, scanning devices, routers, firewalls, etc. to help our industry deliver the best service possible.
Thank you all so much. You constantly strive to deliver keys to buyers and to distribute funds to sellers. Make sure those transactions are memorable and positive for all, for all the right reasons.
FLORIDA LAND TITLE ASSOCIATION
Promotion. Education. Advocacy.
Supporting the title and settlement services professional for over 100 years.