Phishing: the attempt to acquire personal and/or financial information by impersonating a trustworthy entity in an electronic communication.
Businesses are falling for these schemes daily, turning over data and funds after receiving a malicious phone call or email instruction to do so. The perpetrators are easily able to lure victims in by impersonating other businesses or people that the victim may know or trust.
Phishing in the Title Industry
We have seen a dramatic influx of clients impacted by phishing attacks in 2016 and expect to see the number continue to grow in 2017. A title agent’s escrow account is vulnerable to attack due to the large sums of money that are passing through each day. Most commonly we are seeing hackers getting into the computer systems and email accounts of consumers and real estate professionals, allowing them to have access to information on upcoming real estate transactions. Once they have the closing date, it is easy for them to send an email, posing as the real estate broker, with wiring instructions for a last minute change. The change could be to a different account number or different bank all together. If the bait is taken, the funds are cleared out of the agents account in seconds.
While scammers have become very detailed and tricky in their schemes, there are things you can do to help prevent yourself from falling victim to their attacks.
- Regardless of how legitimate it seems, always call and verify any email instruction received. You should be contacting the company directly using a phone number you have from an account statement, not the number provided in the email.
- Do not click on any links, especially ones that bring you to log in to account information or prompt you to fill in any data fields. Try opening a new browser and type in the address you need to go to, do not copy it directly from the email.
- The links provided in a malicious email or URL will often look identical to a legitimate official website. If you hover your cursor over the URL provided, you can view a text of the real URL being used instead of the shortcut shown. Pay attention to spelling variations or different domain usage (e.g., .com versus .net).
- If you are giving financial information on the web, make sure the site is secure. Look for a URL that begins with https. The “s” stands for secure.
- Do not open attachments unless the source is confirmed. Attachments can be infected with malware that can be downloaded to your machine. Spyware can track your keystrokes to gain information on your passwords, account numbers, social security numbers, etc.
- Review email subject lines and message content carefully for misspelling, odd requests or poor grammar usage.
- Use the security features of your browser, IT and email provider for anti-spam and phishing prevention and keep them up to date.
While these extra steps may take extra time, they are proven to help avoid losses stemming from phishing schemes. All employees should be made aware of these risks and how to prevent them from occurring.