TheMReport — News and strategies for the evolving mortgage marketplace.
Issue link: http://digital.themreport.com/i/1108750
26 | TH E M R EP O RT FEATURE using email. Another way criminals operate is by breaking into email accounts. Often, they "spoof" the victim with a faked email message that says "click here" to access an important document. The email will include a link to a spoofed website that is made to look like a legitimate company, perhaps the victim's lender or title company. It may even have the company's logo. The victim is asked to enter their email and password in order to access a document. But instead of retrieving the document, they unwittingly just gave the criminal their email username and password. After getting the victim's email and password, the criminal then goes through the victim's email account and uses it to commit more fraud. The criminal will often use this information to break into the victim's other online accounts, and even the victim's bank account. This is be- cause all too often people use the same usernames and passwords for all their online activity. See the Signs F ortunately, there are several tell- tale signs that someone is trying to commit wire fraud during a closing transaction: An unsuspected change in the transaction, like a new routing number for wiring funds; a sense of urgency tied to the request; and a consequence if the victim doesn't follow through. These three things together should make someone stop and say, "This may not be right." The first thing a loan officer or a borrower should do after receiv- ing a suspicious email is to call the phone number they already have—not any phone number included in the email—and tell their loan officer about the email and to confirm the numbers for the wire transfer. If you suspect that a wire transfer was made fraudulently, the first thing you need to do is order a freeze on the money. Call your bank and say, "That was a fraudulent wire, please stop it." The magic phrase is "fraudulent wire." Once you say it, it kicks everything into gear. If you don't freeze the account, the money is gone. You've probably heard that it's a good idea to regularly change your email password, and that's true. But the second, more secure way of protecting your email is something called second-factor authentication. This type of authentication is exactly what it sounds like. If you are opening up your email, after you enter your password, you can elect to receive a text message to your phone to verify that the person opening up your email is you. When second-factor authenti- cation is turned on, a criminal not only needs your password, but they need your phone, too. While wire transfer information should never be sent by email, simply using second-factor authentication will generally stop wire fraud from happening. Step Up A s an industry, the best thing we can do is spread the word and educate borrowers about how to spot phishing schemes and use email safely. This effort can't be limited to just mortgage lenders, either. It must involve real estate agents, title insurance companies, third-party service providers—ev- erybody involved needs to know about the dangers of online and email fraud, especially during the closing period. The biggest challenge is educat- ing consumers and making sure they understand the gravity and size of this problem. Most have no idea. After all, people do not buy homes very frequently, so they may be completely unaware of the risk until the moment they become victims of a scam. Even when consumers are told about the risk of sending wire fraud in- formation over email, the message doesn't always resonate. The mes- sage needs to be repeated again and again until it sinks in. It's not enough to slip a disclaimer into every email—we need to remind consumers at every turn about the very real danger of phishing expeditions. As industry professionals, we must also demand of each other that we do business more safely and securely. Remember the three things to watch for—an unexpected change, such as an email with instructions to wire money to a such-and-such bank account; a deadline or a sense of urgency attached to the instruction; and a consequence for not following through. When all three factors are present, the chances are high that someone is trying to commit wire fraud. While it's true that cybercrimi- nals will continue to devise ways to steal, it's never too late to raise awareness and educate each other and, most importantly, consum- ers about the growing wire fraud problem. If we don't and phish- ing, as well as other types of cyberfraud, continue to grow, we risk losing the public's trust in our financial system. It's time we step up our game. BRUCE PHILLIPS is SVP and Chief Information Security Officer for WFG National Title Insurance Co., a provider of title, escrow, closing, and settlement services for mortgage lenders. He can be reached at Bruce. Phillips@WillistonFinancial.com. Wire fraud also works because nearly everyone involved in closing transactions— the real estate agent, the loan officer, the title agent, and the consumer—uses email, which is usually the means for all of the communication around where to wire funds after closing. This puts every transaction in the crosshairs of criminals.