The Federal Bureau of Investigation (FBI) has labeled business email compromise (BEC)/email account compromise (EAC) as “one of the most financially damaging online crimes” as it is “the top cyber threat.” BEC/EAC is a scam in which fraudsters trick an unsuspecting party, typically by using a variety of social engineering and phishing tactics, into making payments to fraudulent accounts.
Since 2016, over $43 billion has been lost through BEC/EAC attacks. In 2021, U.S. losses attributed to BEC/EAC cybercrimes were reported to be almost $2.4 Billion. This is more than one-third of the total cost of all cybercrimes reported to the IC3 in 2021. In a recent article from Security Magazine, the author noted that email cyberattacks have increased by 48% in just the first half of 2022. It is no surprise that the title insurance industry has been the target of fraud schemes for many years, especially with wire transfers being utilized more often.
Some common schemes we continue to see include:
Seller Spoof – fraudsters impersonate the seller (using an email address that may only be slightly different from the original, or using the actual seller’s email), and provide alternate bank account information for the seller proceeds.
Lender Spoof – in a transaction involving the payoff of a prior lender, fraudsters impersonate the prior lender. They often modify the original payoff provided by the prior lender (or create one) with wiring instructions for a fraudulent account.
Buyer Beware – fraudsters pose as the settlement or real estate agent using a similar email address, and instruct the buyer to wire their down payment funds to a fraudulent bank account.
There are many ways to protect a person or a business from becoming a victim of these costly schemes. A few tips include:
Meticulously examine the email address, URL, and spelling used in any correspondence. Fraudsters use only slight differences hoping you do not critically analyze the spelling.
Be suspicious about opening any email attachments from someone you don’t know and be wary of email attachments forwarded to you as they may include malware or other malicious software.
View all changes to wire instruction with extreme caution.
Always independently verify with the company any payments or wires being sent to a third-party by contacting them at a legitimate number, and be leery of any last-minute changes to account numbers or payment procedures.
Confirm with the intended recipient that the wire was received.
Be extremely suspicious if the requestor is pressuring you to act quickly.
If you do become a victim, do not wait to take the next steps since time is critical in this process. Have a plan in place and be prepared to:
Notify your office management.
Notify your financial institution and the recipient’s financial institution.
Contact local law enforcement.
Contact your local FBI field office.
Contact your cyber-insurance, escrow security bond, and error and omissions provider.
File a complaint with Internet Crime Complaint Center (IC3).
Contact your title underwriter.
With our increased dependency on technology and the pace of our industry, we cannot let down our guard – we must stay vigilant! Heed the warning that fraudsters are not slowing down or giving up on these fraudulent schemes. If you are presented with any of these situations, the key is to be able to recognize the scam and then shut it down before it can infiltrate your transaction and create a web of issues.
October evokes many things: skeletons, ghosts, pumpkins and, of course, Halloween. Yet for anyone wanting their workplace to operate efficiently and safely, October should be known for something else:
#CybersecurityAwarenessMonth!
This 31-day period is a perfect reminder for businesses to review and, if needed, revise their cybersecurity strategy for the year ahead. Let’s learn more about this awareness month and how you can seize the moment to fortify your company’s cyber approach.
Where it All Began
Cybersecurity Awareness Month started in 2004 when the U.S. Congress gave October that official designation. Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative, public-private effort to raise cybersecurity awareness nationally and internationally.
Each year, Cybersecurity Awareness Month initiatives are organized under a different theme, with 2022’s being “See Yourself in Cyber” – an urgently important message. It advocates for people to stop seeing cybersecurity as an inaccessible topic for the select few and instead view it as something in which everyone can play a role.
Four Main Pillars
According to CISA, beginning to “See Yourself in Cyber” involves acting on four key priorities, some of which we’ve already discussed on this blog:
By taking these basic steps to protect your information and privacy, everyone can gain more ownership over their online life and prevent costly incidents.
Become a Cybersecurity Paragon
The silver lining when talking about cybercrime is that more attention is being paid to cybersecurity these days. A trickledown benefit of this enhanced awareness is that more resources are now available that can help even those unfamiliar with cybersecurity improve their firm’s digital defenses.
One such example are the efforts of the CISA. Each year during Cybersecurity Awareness Month, CISA invites interested parties to join them as “cybersecurity partners.” Those that do receive a toolkit with everything they need to audit their own security posture and raise awareness within their company and industry. Elements of the toolkit include cybersecurity 101 presentations, tip sheets, content assets and much more.
Visit CISA’s website for more information and to sign up as a cybersecurity partner.
You Can Prevent Cybercrime
Do you remember seeing those U.S. Forest Service ads where the iconic Smokey the Bear would proclaim, “Only you can prevent forest fires”? You don’t have to be a marketing whiz to see the beauty of that campaign. Simple, direct and powerful, it outlines the essential role we all play in preventing a widespread problem that can carry a terrible cost if it goes unchecked.
The same message holds true for cybercrime. A ubiquitous problem that can lay waste to individuals, businesses and even entire communities, cybercrime is nothing to joke about. If you’re a small business owner, for example, one bad attack can threaten your longevity as an enterprise.
But instead of becoming intimidated and reactive, events like Cybersecurity Awareness Month can inspire us to become empowered and proactive. We can all choose to “See Ourselves in Cyber” and take action to create a safer digital community.
Employ best practices to keep your systems running smoothly.
As someone who has been in the IT game for a while now, trust me when I tell you that “updates” is a word that comes up a lot. From business networks to cybersecurity, technology never stays the same for long.
Software programs frequently require updating to the latest version. Businesses need to have a plan for keeping software current and staff apprised of workflow changes.
A quick note on software updates
I’m willing to bet that you have some experience keeping your devices current. But what really goes on during a software update?
A software update can be viewed as a sort of “patch” for the current iteration of a program. Updates typically include a set of changes designed to fix or improve upon pre-existing software, including:
Removing bugs from code
Fortifying security
Providing new tools or features
Improving effectiveness
As you can see, updating consistently is important to maximizing your software’s value. But perhaps nowhere are updates more essential than for cybersecurity. When an update comes out designed to address security vulnerabilities, time is of the essence for implementing it. If you don’t, the software may become vulnerable to malicious actors, which can jeopardize the overall effectiveness of your business.
Putting it into practice
With so much riding on keeping systems and programs current, what exactly is the best approach for ensuring that each new update is promptly installed?
There are several strategies that can keep you and your team moving forward without creating a lot more work for yourself in the process.
Automatic updates: Whenever possible, enable automatic updates. These will keep your systems running efficiently and safeguard your business from security breaches.
Create an inventory: While it may require some heavy lifting up-front, establishing an inventory of all programs and systems can be incredibly helpful for staying on-top of security updates and software patches.
Stay apprised of update schedules: To avoid surprises, it never hurts to have familiarity with when certain vendors push out updates. Microsoft, for example, consistently puts out updates on the second Tuesday of each month. Adobe follows a similar pattern.
Create a personal schedule: When you are running a small agency, it may be difficult to find time to take care of necessary updates while overseeing everything else that goes into a successful enterprise. One strategy to overcome this is to set aside designated time each week for carrying out this work. Be sure to make it consistent week-to-week, month-to-month, and year-to-year, and don’t waver once it is established.
Communicate clearly: No one is an island in business, and changes to your systems and programs will impact the workflows of others. Clear and consistent information delivered before, during and after an update is critical when performing an update. Employees need to know what types of updates are going on, how long they might take and how it will ultimately impact their day-to-day activities.
A solution for your solutions: There is an old saying that the best laid plans of mice and men often go awry, and that holds true for something like software updates. If that sounds familiar to you, it may be worth considering adopting a technological solution for your software solutions.There are many tools that can make tracking and managing your critical software updates easier. Check out this article for more on getting started.
Hiring help: It is never a bad idea to seek out help from a professional for your IT-related needs, even if you have a small shop and minimal technology requirements. Of course, this can pose challenges for the small business owner, in that you must assess whether to bring on a full-time worker or outsource your needs to a third party like a managed service provider (MSP). Luckily, you don’t need to make this decision alone! Check out Alliant National’s blog about this topic, which you can read here.
Enjoy a secure system
The work of IT never ends, and this poses real challenges when it comes to software updates. Yet like anything else, solutions exist. Carefully planning your updates, staying hip to the latest changes and getting assistance when needed can help you strengthen the IT systems on which your business success relies.
What does it mean to get hacked? And how might we mitigate cybercrime?
Hacking is unfortunately far from uncommon. By some counts, more than 2,200 cyberattacks occur per day, which means that one cyberattack occurs every 39 seconds.[i] These hacks carry a tremendous financial cost, with some estimates putting them as high as $6 trillion per year or $500 billion per month, $115.4 billion per week, $16.4 billion per day, $684.9 million per hour, $11.4 million per minute and $190,000 every, single, second.[ii]
The figures are mind-boggling and scary, which is why it is more important than ever to understand what can occur when a business network is hacked. Without grasping the basics, it becomes more difficult to assess your risk and start proactively protecting your company.
What is the origin of the term “hacking”?
The use of the term “hacking” in a computer science context began all the way back in the 1950s at MIT. In those days, hacking simply meant dealing “with a technical problem in a creative way.”[iii] It wasn’t until the late 1970s that hacking started to refer to illicit activity, a definition it retains to this day.
These days, hacking primarily revolves around the compromising of digital devices and networks. While there is “ethical hacking,” which focuses on improving security systems and keeping data safe, most is “black hat,” which means that it is often motivated by money, such as:
Wanting to sell private network information on the black market.
Obtaining access to sensitive information and then attempting to coerce victims into paying money.
Desiring to obtain confidential data and use it for financial benefit.
Holding data hostage until a payment is made.
How do hacks occur?
Typically, business networks are targeted through the multiple endpoints that are vulnerable to criminal activity. Just think about it. Every day, employees access business networks with numerous devices that may or may not be secure. But that’s not all businesses need to be concerned about. Similarly vulnerable areas include:
Any cloud-related services
Passwords
Unsecured WiFi
Malicious websites
Email accounts
Hacks come in every shape and style
There is no “one way” that hacking occurs, which makes it important to cover the different variations of hacking to gain a more complete understanding of the threat landscape. Here are seven distressingly common strategies that cybercriminals routinely employ:
Phishing: By far, phishing is one of the most popular forms of hacking today – in part because it is so effective. To better understand the prevalence of phishing, look no further than to recent data that shows 1 in 99 emails is a phishing email.[iv] There are several different types of phishing emails, such as:
Malware delivery emails, where malware is unleashed if the email recipient clicks on a malicious link.
There are also credential harvesting emails, where the sender will impersonate someone the recipient knows to get them to hand over sensitive information.
Denial of Service (DoS): DoScyberattacks occur when cybercriminals make an online property or service unavailable by inundating it with requests. This attack will frequently result in your website crashing or becoming unusable.
Spyware: Spyware involves malicious code being embedded to monitor email correspondence or worse. Keying (key-logging) to obtain passwords is just one example.
Malware: You’ve likely heard of malware before – and for good reason. Referring to any computer virus, worm, trojan horse, spyware, ransomware, adware or other malicious software, malware has been sneaking into user devices and business networks since the beginning of the computer age.
Brute Force Password Decoding: In this type of hack, finesse or secrecy go out the window. The cybercriminal simply attempts to force his or her way inside your devices or network through automated tools that seek to decode your network passwords.
DNS Attacks: With Domain Name Server (DNS) attacks, cybercriminals utilize an elaborate strategy where they take domain names and transform them into IP addresses, which often results in the domain name server redirecting web traffic to fake websites controlled by the criminal.
Social Engineering: Social engineering cyberattacks are exceptionally difficult to guard against because they focus on manipulating human attributes like empathy, fear and urgency to gain access to personal information or a corporate network. Phishing is one example of such an attack, but there are many others that fall into this bucket.
Are we powerless against hacking?
With such a wide range of illicit cyber activity, it can feel almost impossible to keep up. However, there are numerous things business owners and employees can do to protect themselves and reduce the possibility of harm or financial loss. From following password best practices, to keeping your systems updated, to deploying new techniques like security awareness training (SAT), even the smallest firm can dramatically increase its security posture. The situation is not hopeless. In fact, by following expert advice and remaining vigilant, we all have the power to reduce our risk profile and stay safe online in both our personal and professional lives.
Every wire fraud defense expert says the number one factor in recovering diverted funds is time. Every minute counts when fraud has been detected, and hesitations or delays can impede efforts to track down and restore lost funds.
That’s why a Wire Fraud Response Plan is imperative for every title agent.
Before you create your plan, or if you are undergoing a review of your current plan, we encourage you to download Alliant National’s recently updated Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tipswhite paper. This 23-page guide provides an in-depth review of the current schemes and offers a wealth of tools and resources for building a strong defense against fraudsters.
Here are some things to consider when creating your response plan.
Elements of a Wire Fraud Response Plan
The first step in preventing wire fraud is to maintain policies and procedures for verification of wire instructions for the protection of everyone involved in the real estate transaction.
But should the unthinkable happen, remember that the most successful response strategies are those established well in advance and communicated to staff members and your bank.
Like a well-trained sports team, every member of your team must know their role and be prepared to leap into action.
General protocols
Establish a close relationship with your bank representatives and continually dialogue regarding updated fraud threats.
Discuss wire retrieval scenarios and establish emergency contacts in the bank’s fraud department, whom you can call at a moment’s notice day or night.
Download and fill in the Wire Fraud Contacts form in our Escrow Fraud/Social Engineeringwhite paper and provide it to staff members charged with addressing suspected fraud.
Action steps
Notify management the moment suspicion arises that a wire may have been misdirected.
If funds have been transferred to the receiving bank and cannot be recalled, ask your bank (the sending bank) to formally request that the receiving bank freeze the funds.
Agents may also attempt to directly contact the receiving bank to ask that the funds be frozen.
Contact local police in your jurisdiction and the jurisdiction of the receiving bank.
Report the fraud immediately to your local FBI office.
File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
Contact the underwriter involved in the transaction. Alliant National is available to help you evaluate the situation.
Contact your corporate attorney to let him or her know about the events taking place.
Depending on the nature of the fraud, contact the appropriate insurance provider (Cyber-Liability, Escrow Security Bond or Errors & Omissions).
Putting all of these resources in motion immediately can be extremely useful, as anyone of these professionals or organizations may have information that could assist you in recovering your funds.
IC3 may be one of your most important contacts. In 2018, IC3 established its Recovery Asset Team (RAT) to streamline communications with financial institutions and FBI field offices to assist freezing of funds for victims.
In 2021, RAT initiated the Financial Fraud Kill Chain (FFKC) on 1,726 Business Email Compromise (BEC) complaints involving domestic to domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, which represents a 74% success rate.
The efficiency of this organization’s work is largely dependent on the speed with which they are advised, so it’s critical that they be an important part of your Wire Fraud Response Plan.
Even the most vigilant companies may fall prey to fraud, but putting protocols in place can greatly reduce your exposure and give you a pathway to recovering lost funds.
As always, call your Alliant National underwriting team if you have any questions or concerns. We are here to help!