A record number of title insurance professionals gathered on Coronado Island, just a few miles from downtown San Diego, at the Hotel del Coronado for the American Land Title Association’s annual ALTA One conference on Wednesday.
Opened in 1888 and known for its the intricate wood work and open designs in the main lobby and “Crown Room,” the historic resort is nearly as old at the title industry itself (ALTA was founded founded in 1907 but the first title company was opened in 1876). But one of the hottest topics at this year’s conference is decidedly 21st century.
As consumers demand more of a seamless and digital home-buying process, more of the closing process has migrated online, making home-buying transactions ripe for things like hacking, ransomware attacks and wire fraud.
“This is a threat we are going to have to continue to manage,” Thomas Cronkright, the CEO of Sun Title Agency of Michigan and the cofounder of CertifID, told attendees. “As a large agency owner in Michigan we are having to manage this every single day, every single month.”
In 2021, the Internet Crime Complain Center (IC3) received an average of more than 2,300 cybercrime complaints a day. In addition, the FBI labeled business email compromises (BECs) as the costliest cyber threat in 2020 and 2021, accounting for reported losses of $4.2 billion, with real estate wire fraud becoming one of the most targeted sectors. To top it off, ALTA expects the annual number of BECs to more than double in the next two years.
And while many might believe these attacks are being perpetrated by loan individuals holed up in a dark, dingy basement subsisting on Red Bull, Cronkright said that isn’t the case, as cybercrime has become more organized, structured and thorough.
“Attacks are being done at scale with hundreds of thousands of attacks launched per day,” Cronkright said.
After bad actors obtain the login details of a title agent, lender, real estate agent, homebuyer or seller, they login to the email account once and change the account’s “email rules” to forward all correspondence to the hacker’s account and eliminate all traces of the forwarded emails, preventing the email account owner from discovering the security breach.
The hacker then learns as much as they can about the impending transaction before sending over fraudulent wiring instructions from a nearly identical email address or phone number, spoofing the other party into sending their funds to a fraudulent account. And while much of the attention has been focused on the buyer side of the transaction, 45% of wire fraud exposures involve mortgage payoffs, according to ALTA.
As the awareness of wire fraud and cybercrime in the real estate space has increased, title professionals have developed a variety of ways to help increase the security of home-buying transactions.
Matt McBride, the vice president of risk management and compliance at Shaddock National Holdings, said his two biggest pieces of advice are to register all potential spoof domain names that fraudsters might try to use (e.g. if the firm’s website is ctitle.com, register ct1tle.com and ctltle.com) and never reply to an email, always hit forward and type in the account you want to correspond with.
“If you hit the reply button and that email that came to you was from the fraudster, you are now communicating with the fraudster,” McBride said. “If you hit the forward button, you have to type the email address in of the person you are intending to communicate with. We can stop a lot of fraud with that one simple trick.”
Industry professionals also stress the importance of educating employees, as well as transaction partners, including real estate agents, lenders, and consumers, about the risk of wire fraud and what they can do to help protect themselves and their clients. Common suggestions include making sure to verify phone numbers, email addresses and even the name on the account of where the funds are being wired to.
“There is very little muscle memory for consumers when it comes to buying and selling a home,” Cronkright said. “It is an opaque transaction for these people. They are relying on us, they are relying on their real estate professional, they are relying on the closing attorney to guide them through the process, but we have to stop making the assumption that they are at some state where we think from an awareness standpoint, that they have been fully educated. We have to bring real estate partners, we have to bring in our agent partners and our builder partners because one compromised email and then we are all exposed.”
But once an email has been compromised and wire fraud has occurred, time is money.
“You have minutes to hours to act once you have knowledge that either your company sent money where it wasn’t supposed to go or you’ve got a buyer out there hanging because they sent $50,000 to a fraudster,” McBride said. “If it goes to 24 hours, your likelihood of recovery is 15%. If it goes to 48 hours, you are in the 2% range. If it goes to 72 hours, then it is gone. There is nothing anybody can do at that point.”
According to a 2022 survey by ALTA, of all the reported wire fraud incidents that occur each year, only 17% of victims successfully recovered all of their funds, but 94% of respondents reported some amount of recovery.
In order to help increase the likelihood to fund recovery, Cronkright said that not only should a firm have rapid response and business continuity plans in place, but they should review plans regularly so employees know what to do when disaster strikes,
In addition, McBride stressed that title professionals should report all instances of BEC or wire fraud to the IC3, even if the firm catches it before something can happen, as it may help law enforcement professionals put key puzzle pieces into place as they look to take down these cybercrime rings.
“We are better and stronger as a group,” McBride said.