Cyberattacks, particularly wire fraud through business email compromise, remain a major concern for the title industry. Attempted attacks increased significantly, according to a 2022 survey by the American Land Title Association, with 46% of respondents saying their employees receive at least one email a month attempting to change wire or payoff instructions.
We sat down with ALTA CEO Diane Tomb to talk about ways title insurance companies can help their customers avoid falling prey to such attempts.
This interview has been edited for length and clarity.
Q: What are the most common trends in wire fraud and how can first-time homebuyers avoid it?
A: The process that they [criminals] use is a common social engineering technique called phishing. But their level of sophistication with these emails is just really amazing. And the criminals really start this process way before anyone even knows what’s happening.
The scam can take the form of email, website forms and phone calls. Then they fraudulently obtain private information which they use to gain access to people’s email accounts, then they monitor them to find out if they’re in the process of buying a home.
The scammers might target both the homebuyer and the Realtor. It can come from all different sides — the title, the consumer, the attorney — it could be any of those steps in the process. Once they have this information, they send fraudulent wire transfer instructions.
First-time homebuyers are susceptible because this process is very complicated. There’s a lot of paperwork and timelines that people have to meet.
This was going on pre-pandemic, but during the pandemic people were waiving their inspections, or were buying homes sight unseen. There were so many unusual things that were happening so there was an uptick in this problem.
We worked really hard in a lot of states, particularly during the pandemic, to have access to remote online notarization. Remote online notarization is pretty secure, but gmail and other areas aren’t secure. So that’s one of the things that we teach not only our members, but their customers and real estate agents.
Q: How can title companies help homebuyers avoid wire fraud?
A: Here are tips the title company can share with consumers:
1. Confirm all wiring instructions in person. Always pick up the phone: it’s really important to always confirm by phone with a known number before transferring any funds.
2. Don’t ever email your financial information.
3. If you’re giving your financial information on the web, make sure the site is secure. You can look for a URL that begins with “https.” Instead of clicking on a link in an email to go to an organization’s site, look up the real URL, and type in the web address yourself, because sometimes they have these false URLs.
4. Be cautious about opening attachments, and downloading files from emails, regardless of who sent them, as these files can contain malware and can weaken your computer security.
5. Keep your operating system browser and security software up to date.
If you are a victim, the most important thing you can do is act quickly. Contact the financial institution immediately once you realize that’s happened, and then request the financial institution to contact the corresponding financial institution where the transfer was supposed to be sent.
You should also contact your local FBI. They work with the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) and they can work with you to access or freeze the funds. You can also file a complaint with at www.IC3.gov.
Q: How is ALTA helping title professionals avoid wire fraud?
A: One of the things that we have is a consumer-focused education website, homeclosing101.org. It has resources including videos and infographs that our members can use to educate their customers.
We have a committee that put together a checklist. It’s hundreds of hours of industry knowledge coming together to provide our members with what they can do to anticipate what’s happening and make sure they have the best practices in place to avoid that.
We’ve also put together a rapid response plan where they can use this tool, and they can customize it for their own organizations or for others who work with them.
We’ve worked very closely with the FBI, and their Internet Crime Complaint Center, which is also known as IC3. We’ve also worked very closely with the CFPB, to provide them with content on their website, from an awareness standpoint.
And then finally, we have a cybersecurity incident response plan. Members can use this tool to help their company establish and maintain secure systems, so they’re prepared to act quickly if something happens.