New Cyber-Fraud Targets Title Agent’s Settlement Software
|February 7, 2013
An anti-fraud prevention software system thwarted an attempt to steal escrow funds from a Virginia title company.
Last week, a morning report provided by RynohLive alerted the title company to suspicious activity in their escrow account. The company was poised to be victimized by the ZeuS Bot and Zero Access Rootkit Malware that had infiltrated its network. The malware attacked the company’s settlement software and issued checks and moved funds into fictitious files, according to Dick Reass, Rynoh’s chief executive officer. It appears as if the malware was able to gain access through an out-dated version of Java.
“Had the agent not been attentive and carefully reviewed their morning report, their potential loss would have been in excess of $300,000,” Reass said. “They were able to notify the bank before any of the checks cleared.”
The cyber-fraud attempted to circumvent check-security protocols. However, the title company utilizes positive pay and the files sent to the bank contained the fraudulent checks. These checks would have cleared if positive pay wasn’t being used.
To protect their operation, Reass said ALTA members should uninstall all versions of Java, then reinstall the latest version of Java and update it. The latest is Version 7 Update 13. Title professionals should set and enforce strong administrative controls for those with access to the settlement and disbursing software.
- Freeze files after closing so that changes cannot be easily made;
- Limit those who can make changes for disbursed files;
- Limit functions for individuals disbursing funds. E.g.: Remove their ability to delete files or create new files; transfer funds; disburse files with negative balances, etc.
Additionally, title agents, settlement providers and attorneys should ensure that network computers automatically log-off the network after a brief period of inactivity. Agents should consider utilizing biometrics as a replacement for passwords as login credentials and think about placing settlement software in a hosted environment, which utilizes IronKey (Marble Security) cyber-secure access.
IT Security 101 Do’s
- Have a managed antivirus solution.
- If IT professionals are not available, assign updating all machines on the network to a user. This user should update all applications, plugins, Windows updates, and any other software on the machines at least once every other week.
- Software firewalls should be active and updated on all machines within the network.
- Have a "network usage policy" signed by everyone using your network/
- Have security enabled for your Wi-Fi
- Change default passwords (you would be surprised how often they are not)
- If feasible, track the devices that you allow on your network. Known as BYOD from Marble Security.
- Install/scan virus protection on computers before they access your network.
- Use an intrusion detection system if possible, there are good free resources.
- Use groups and the "need-to-know" process for file access; do not give access where it is not needed.
- Use VPN over SSL for external connections.
- Use HTTPS when transferring personal or customer data (Encrypted Email)
- Backups are vital and should be done frequently (at least daily)
IT Security 101 Don’ts
- Don’t use WEP security for Wi-Fi.
- Don’t assume Apple products are secure.
- Don’t assume phones are secure.
- Don’t use office-wide passwords for anything.