Buying a new home is exciting — but it also can be stressful. While you are intensely focused on closing, wrapping up the paperwork and making sure all is in order, you probably aren’t considering whether your transaction might be vulnerable to a cyber scam.
However, new homebuyers are very much vulnerable to a hack that has been gaining ground in recent months.
Cybercriminals have been bilking homebuyers out of thousands of dollars’ worth of deposits. They’ve done so by engineering their way in to the systems of title companies, taking over employees’ terminals and sending illegitimate emails to currently active clients. The homebuyer receives an email with a legitimate address from a representative at the title company, and this email asks the buyer to wire funds. When the buyer does so, the funds transfer to an account the cybercriminal owns, and never make their way to the title company. Deposit money is lost, and the closing process is impeded.
To edge their way in at title companies, cybercriminals are relying not on technical hacks, but social engineering attacks; specifically, phishing scams. Fooling a title agent into opening a bogus email attachment, they are able to download malware to the agent’s workstation, which gives them access to that resource. The attacker is then able to see information about active clients and send communications to them.
In response, realtors are recommending homebuyers revert to paper-based methods and forego digital transactions with titling companies. While this may be good advice for consumers coping with the problem at present, it certainly is not a long-term fix. To protect their customers, title companies need to be sure they have the proper safeguards in place. And when it comes to phishing attacks, education is among the top priorities.
In addition to privacy training programs, title companies can take several measures to shut down phishing scammers. These include penetration tests that account for social engineering attacks, vulnerability scans and continuous monitoring and reporting (which can be handled by a third party).
Lunarline offers a full range of tools and services that can arm title companies — even small ones — against phishing. To learn more, contact us online today.