by TitleTap | Mar 9, 2018 | 7 Website Best Practices, Articles, Case Study, Cyber Security, Pillar 3 Best Practices
With cyber fraud at a record high, most industries are getting more strict with security requirements. This includes the land title industry. And with good reason – according the FBI, almost $1 billion was “diverted or attempted to be diverted” from real estate purchase transactions in 2017 alone. That number jumped from just $19 million in 2016. Here is what one of our customers had to say: “[TitleTap] uniquely represent[s] the title business by offering industry specific web design and other technology products that are sales driven and ensure compliance and security. [Their] team is responsive, thorough and committed to serving their customers and continues to be an amazing company to work with!” Concerned about a hacked website and fraudulent email? You should be! We received a bogus email and decided to dissect it for educational purposes. Here is what to look out for. Disclosure Please note that we are not law enforcement nor attorneys. As such the following is for entertainment and educational purposes only and not legal advice. Please refer to your underwriters, security partners, insurance providers, and the FBI guidelines on how to properly determine and handle wire fraud emails. Example Wire Fraud Email Green Flags – That Might Make This Email Seem Legitimate Subject: New Title Order “Attached is the new title request with contract.” “CD” “E & O Policy” “chain of title” “CPL” (Closing Protection Letter) “Wiring instructions” “Prelim CD” Mentioning of “page 3” and “tax pro-rations, Realtor Commissions, and HOA Dues” “Florida” (which is where I live) Legitimate, Generic Law Firm “Contract is enclosed via encrypted secure OUTLOOK365 PDF format.” Area Code matches Address...
by TitleTap | Sep 25, 2017 | Articles, Cyber Security
Note: The following is for educational purposes only. We are not law enforcement or lawyers and this is not legal advice. You should always consult with law enforcement, your legal counsel, insurance providers, and respective underwriters to make sure you adhere to the policies they have set forth related to wire fraud emails. I was both delighted and horrified to receive an unexpected email in my inbox the other day. I received what appeared to be a fraudulent real estate closing email – complete with wire instructions and all! I realized the email was bogus immediately for two reasons. First, we are not a title company so we cannot receive a “New Title Order” as the subject exclaims. Second, I am not in the process of purchasing any property so by default, the email does not apply to me. However, as I re-read the email, I began to think about all of the people I know who might mistake this as a legitimate email; especially if they are currently in the closing process. This realization was horrifying… Below you’ll find the both the red and green flags that we found while analyzing the email, and best ways to train your staff, partners, buyers and sellers so they don’t become a victim. Green Flags At first blush the email appears it might be legitimate. Especially if you deal with similar emails day in and day out for your law firm, mortgage company, real estate business or title company, or if you are in the process of buying to selling real estate. Subject Line: New Title Order Nothing unusual here if...
by TitleTap | May 31, 2017 | Compliance, Cyber Security, Pillar 3 Best Practices
Real estate transactions are some of the higher value transactions commonly done by individuals and companies. As such, they have become an increasing large target for hackers. The way a typical scam works is first the hacker gains access to the email of one of the involved parties – the buyer, seller, real estate agent, lender, attorney or title agent. Next, they take note of important transaction details such as down payment amounts and closing dates. As the closing date approaches, the scammer poses as one of the other parties and sends new instructions for wiring funds. For example, if the law firm’s domain is www.somelawfirm.com the hacker might register the domain www.s0melawfirm.com and send the email from that domain. Most people wouldn’t notice the “O” in the word “some” is actually the number “0” in the second domain name. The unsuspecting victim then mistakenly sends funds to the scammer and not the correct party. By the time everyone realizes that a mistake has been made, the scammer is long gone. How to help protect yourself, your company, and clients: Use Secure Passwords We usually recommend 10-12 characters minimum with a mixture of capital letters, lower case letters, numbers, and symbols. 6 to 8 characters may not be secure enough anymore. Never Click Links In Email Instruct your staff, partners and clients to never click links or buttons in email, even if they know the sender. Emails can easily be spoofed to appear legitimate. Secure Your Email and Website If your email isn’t secure, your data could be compromised if someone were to hack your email server. Also,...
