Information Security and Wire Transfer Fraud are critical topics for the land title insurance and settlement industry. Wire Transfer Fraud is a threat to every title operation regardless of size, location or years in business. ALTA’s priority is helping you protect your systems, plan for a rapid response in case of an incident, and prepare your employees, clients and customers to be aware and vigilant.
Industry Standard Policies and Tools
- ALTA Outgoing Wire Preparation Checklist: Use this checklist as a best practice for verifying outgoing wire information.
- ALTA Rapid Response Plan for Wire Fraud Incidents: Use this tool to customize your action plan when a wire fraud attempt occurs.
- Video: How To Complete an IC3 Report. Watch the video to see how easy it is to help law enforcement gather information.
- ALTA Cybersecurity Incident Response Plan: Use this tool to help your team to establish and maintain secure systems and be prepared to act quickly if an incident occurs. Leverage these resources to implement Step 1: Preparation:
- ALTA Cyber System Overview: Use this narrative to improve your understanding of a Cyber System Inventory, why it is important to Cybersecurity efforts, and how to create and maintain your company's inventory.
- ALTA Cyber System Inventory Workbook: Use this model workbook to create and customize your company's inventory.
- ALTA Business Impact Analysis: Use this guide to examine your software applications, determine which resources are critical to your operation, and discover when to add resources to minimize the business impact of downtime.
Employee Training and Awareness
- Monitor and Improve Employee Skills.
Consider a phishing security test for all of your employees. These companies can help:
- Security Planner: https://securityplanner.org
- PhishMe: https://phishme.com/free
- KnowBe4: https://www.knowbe4.com/resources
- Webinars to Watch:
- Data Security Essentials: Strategies to Protect Non-public Personal Information (Download copy of presentation)
- Fortify Your Business: Lock Down Data and Protect Client Funds (Download copy of presentation)
- Safeguarding Escrow Trust Accounts
- Best Practices: Protecting Non-public Personal Information (Download copy of presentation)
- Fraud and Your Escrow/Trust Accounts (Download copy of presentation)
Resources for Your Clients and Consumers
- Wire Fraud Tips Video: Share this 1-minute video with homebuyers so they know how to protect their money.
- ALTA Wire Fraud Video: This 2-minute video provides four tips on how consumers can protect their money and offers advice on what to do if they have been targeted by a scam. Link to this video from your website, include in your email or share on social media.
- ALTA Wire Fraud Infographic: ALTA has produced this Rack Card explaining Wire Fraud. ALTA Members can brand the infographic with their own information at the ALTAprints website.
- ALTA Wire Fraud PowerPoint for Consumer Education: (Member-only content) Use this presentation to educate consumers about the dangers of phishing emails and wire transfer fraud. The presentation provides information on what to do if you’ve fallen victim to a scam and also highlights 10 tips to prevent wire fraud.
Information Security Articles
An ALTA member could receive a phishing email with a specifically crafted hyperlink in the body of the email that utilizes and takes advantage of this Outlook vulnerability. Clicking on the malicious link bypasses Outlook’s existing security mechanisms and can lead to the leakage of local NTLM credentials (protocol used in networks that require user authentication) and the potential for arbitrary code execution. Microsoft recommends applying the recently released security updates as soon as possible to mitigate this critical vulnerability.
It's important for title and settlement professionals to be aware of the latest phishing schemes. To help with this, ALTA has developed an infographic that highlights different phishing emails, what the fraudsters are attempting to do and how to spot the bait. This "fresh phish" attempts to steal Office 365 credentials to sell them or gain access to your email account. It's important to never approve multi-factor authentication requests that you didn't initiate.
Starting in February, Google and Yahoo started requiring Domain-based Message Authentication, Reporting & Conformance (DMARC) policies to be enabled or they will start rejecting email. It's recommended ALTA members' IT managed service provider (MSP) or internal IT teams start checking their email domain policies to get a head of any potential Google or Yahoo email delivery issues.
A deepfake phishing scam cost a multinational company more than $25 million after an employee was fooled by digital imitations of his colleagues on a conference call.
The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity advisory that highlights the most common cybersecurity misconfigurations in large organizations, and details the tactics, techniques and procedures actors use to exploit these misconfigurations.