If you are in the process of buying a home, you have probably been privy to the rigorous financial probing of getting a mortgage in these post-financial crisis times. Yes, it’s an invasive process and it feels more than a little awkward to offer up every little tidbit of financial data and documentation to your mortgage company. But, by the time you are approved for the mortgage, ready to close and prepping to hand over your entire savings account for that hefty down payment, your guard may be down. Even on the low end, this down payment is a large sum of money, probably one of the largest transactions you’ve ever parted with. This is exactly where this scam comes into play.
According to Krebs on Security, title agents at First American Title got the following alert in April, but this scam can happen with any title company, so we’re sharing it.
“This notice seeks to alert all First American employees and agents of an internet fraud scheme being perpetrated against title agents and causing loss to potential buyers/borrowers.
First American has been notified of a scheme in which potential purchasers/borrowers have received emails allegedly from a title agency providing wire information for use by the purchaser/borrower to transmit earnest money for an upcoming transaction.”
“The messages were actually emails that were intercepted by hackers who then altered the account information in the emails to cause the purchasers’/borrowers’ funds to be sent to the hacker’s own account. The emails appear to be genuine and contain the title agency’s email information and/or logos, etc. When the purchasers /borrowers transferred their funds pursuant to the altered instructions, their money was stolen with little chance of return. This scam appears to be somewhat similar to the email hacking scheme that came to light earlier this year that targeted real estate agents.”
How is Works:
The hackers alter the bank account information in the email sent from the title company agent to the new home-owner. The email looks gets the email. Everything else in the email remains the same and it looks as if it came from the title agency.
How to Ensure This Doesn’t Happen at Your Financial Institution:
More and more email providers are adding multi-factor authentication to help minimize account hacking/compromises.
-
Make sure IT department initiates policy in your organization to add a multi-factor account security to your employee accounts
-
Ensure all public accounts that offer the multi-factor security options have them enabled. Facebook and Twitter have added these options.
-
Force password changes every 30, 60 or 90 days for all employees.
When you buy your next home or anytime you fork over a large sum of money and something in your gut feels funny or you want to be overly cautious, that’s ok. Take an extra moment to call the bank and confirm the bank account number, I am sure they will not mind the extra precaution and so what if they do.
If you are looking to find additional ways to secure your organization’s network, emails and more, BKS Systems can help. Give us a call, let’s talk.
