Email Fraud: ALTA Offers Solutions

A group of us from ATG recently attended the American Land Title Association (ALTA) Business Strategies Conference in Indianapolis. Several of the educational sessions focused on cybersecurity and offered information on the latest attacks being deployed by hackers. The speakers offered strategies on how to protect data and to avoid being victimized by cyber crime.

A topic that hit home was email fraud. Several title agents (including a few ATG agents) have been affected by various types of email fraud, some that contained account-takeover schemes. We have written or shared approximately 25 articles and warnings on such topics. Many pertain to email fraud as it relates to wire transfers. The most recent was in October 2015 when ATG discovered two instances of wire instructions being altered in emails between parties to transactions. Read Fraud in Wire Instructions Alert for the summary plus information about prevention strategies. To read the rest (login required for member-only content), click the following:

According to PricewaterhouseCoopers, the fastest growing email fraud scheme is "phishing," where hackers obtain someone's personal information (e.g., username, password, account number, Social Security number) or impersonate a vendor to gain access to bank accounts or payment systems to make unauthorized transactions. Here are tips that we gave our staff and we recommend you do the same:

  • Don't reply to a suspicious email, text, or pop-up message and don't click any links it contains.
  • Don't reply to a suspicious email, text, or pop-up message that asks for your personal or financial information.
  • If a message asks for personal or financial information and appears to be from an organization you trust, it probably isn't. Legitimate businesses don't ask you to send sensitive information through non-secure channels. Play it safe and go to that organization's website.

In addition, we recommend you train your employees on how to identify a suspicious email that may be part of a scam. Please read the following article from ALTA on this topic.

Training Tips to Help Employees Spot Fraudulent Emails

Reposted with permission from the American Land Title Association

There are many steps title and settlement companies can take to thwart email schemes and potential account takeovers. To help prevent a business email compromise in particular, PricewaterhouseCoopers LLP, encourages companies to train employees to identify suspicious emails that could indicate the email is from a hacked or spoofed account.

Title and settlement companies can combat account takeover attempts by enhancing authentication and payment controls as well as implementing automated fraud monitoring systems, PricewaterhouseCoopers said in a report.

Tips to Train Employees

  • Carefully review email headers, domain names in the "from" field of the email, and the "reply-to" field of emails. For more suspicious emails, employers should review email headers using analyzer software.
  • Scrutinize links contained within emails by hovering over the link with the cursor to expose the associated web address. If a suspicious address is revealed, further authentication must be conducted.
  • Spot behavioral anomalies in payment requests received via email. These anomalies include requests received at odd hours, payments requested to an unusual person, international wires or unusual payment amounts. Many financial services firms are implementing additional controls — such as telephone call backs — to confirm authenticity of higher-risk transactions.

PricewaterhouseCoopers also advises that companies test employees by simulating business email takeover and phishing attacks, and adjust training programs to address identified weaknesses.

For more information, see the Federal Trade Commission article, Phishing. Forward phishing emails to spam@uce.gov and to the company, bank, or organization impersonated in the email. We hope you find this information helpful.

Posted on: Wed, 04/20/2016 - 1:54pm