Cyber fraud is a rampantly growing problem facing the real estate industry – and lenders need to arm themselves to prevent it. It only takes one breach to expose consumers and irrevocably damage a lender’s reputation.
So, how do you protect yourself? Here are three steps real estate lenders can take to avoid being a victim of mortgage wire fraud or other cybersecurity breaches.
1 – Know Your Third-Party Vendors
The best way to assess your risk is to thoroughly vet third-party vendors. Specifically focus on their technology – do they have a technology platform built around the latest security protocols? On the process side, do they have best practice security processes and procedures in place to protect your data and that of your customers?
You should clearly understand how each party involved in a real estate transaction protects sensitive data and your customers’ personally identifiable information (PII). How is data secured, encrypted and stored to prevent access by unauthorized parties? Do your third-party vendors stay current on evolving cyber-breach tactics and take a proactive, defensive approach to preventing a breach – through both technology barriers as well as personnel training?
Add SOC compliance and SOC audits to your list of requirements for third-party vendors. In addition, it is wise to review vendor financials to evaluate stability and longevity. And once again, the strength of their technology platform and systems is critical to deterring a cyber-attack. A burglar is more likely to hit a house with unlocked windows and no alarm system than a well secured property – cyber breaches are no different.
2 – Employ Smart Technology
Although it seems counterintuitive, technology can help prevent fraud during the closing process while also helping banks, mortgage lenders and credit unions compete more effectively with the growing presence of FinTechs.
For example, Accurate Group NotaryWorks® employs two-factor identity authentication. The borrower uploads their driver’s license and enters the last four digits of their social security number. Accurate Group’s systems include state issued photo ID verification technology which confirms the authenticity of domestic and foreign IDs presented at closing.
Next the borrower answers knowledge-based authentication questions along with confirming identity through an online, audio-video session with an Accurate Group remote notary. This step of capturing the borrower on camera during the video conference greatly minimizes risk – who wants to commit a crime on camera?
3 – Educate on Red Flags and Best Practices
Typically, a cyber-criminal hacks or hijacks email accounts of the parties involved on a real estate transaction through social engineering – a phishing attack. Once the home buyer or seller, real estate broker, title company or lender clicks an embedded link, the cyber-criminal gains access to emails and login credentials along with other PII.
As the closing date approaches, the cyber-criminal sends a last minute email from the hacked or fake account with a requested change to the wiring instructions. The email looks legitimate – including specific transaction details, so minor nuances in sender email addresses or websites go unnoticed. The recipient clicks on the fraudulent link connected to an untraceable bank account and wires funds. Once this happens, the money is gone and so is the deal.
So what can you do to prevent fraud when all parties to a real estate transaction have varying methods and levels of security? Make sure all parties are armed with the knowledge needed to identify red flags and intercept these attempts before they cause harm. In the above example, a simple phone call to the buyer or seller to validate the last minute wire request would have saved the day.
Know the Red Flags of Wire Fraud:
- An unsecure email changing wiring instructions and/or multiple emails creating a sense of urgency for last minute changes, and possibly a refusal to discuss changes by phone
- A suspicious looking email address or domain – almost identical to a real party’s email address or domain, usually “off” by one letter
- Poor grammar and incorrect spelling in email
- Requests to keep transaction and/or transaction changes confidential
Utilize Best Practices:
- Only use encrypted email
- Create strong passwords
- Don’t open suspicious emails or click on links
- Wire questions and changes should only be made over the phone with a verified employee
- Do not share personal information over email
Protect yourself and clients by keeping an eye on any suspicious activity on transactions. Slow down and review all information thoroughly, making sure the sending party is legitimate and not using pressure tactics to encourage link clicks. Keep all parties informed of best practice processes and procedures and check frequently to ensure everyone is employing them consistently.
Conclusion
Ensure you’re getting the most out of your third-party vendors by using vendors that are committed to the technology, processes and ongoing audits necessary to safeguard data and improve the consumer experience.
Accurate Group employs the following practices to safeguard our clients:
- Advanced data security solutions in accordance with industry best standards and practices
- Security controls audited annually using SOC2 Type II standards
- Regular network security testing is performed to ensure adequate security controls are in place
- Dedicated Information Security team oversees security governance, risk and compliance
- Robust disaster recovery with continuous data replication to ensure rapid recovery and business continuity
Accurate Group has clear policies and procedures in place to prevent security issues – everything from how to handle a suspicious email to rules on using public Wi-Fi while traveling. Employee training is provided throughout the year on the latest security threats so that we’re always a step ahead.
Our closing department verifies the accuracy and legitimacy of all wiring instructions – calling the account holder directly to verify prior to submitting the request to funding for disbursement. All wires are initiated through secure online banking portals requiring dual control authorization before funds are released.
Stay competitive and safe by working with a national title company that has extensive security controls built into its technology platform and processes – and is committed to helping you minimize both financial and reputational risk.
Back to Blog